Edit tour

Windows Analysis Report
QTmGYKK6SL.exe

Overview

General Information

Sample name:	QTmGYKK6SL.exe renamed because original name is a hash value
Original sample name:	190e4ed7759276e78d16398673996b2b.exe
Analysis ID:	1483438
MD5:	190e4ed7759276e78d16398673996b2b
SHA1:	ce5bb936ab809356d5b0bc29b6be2e0d07d3dc0a
SHA256:	d4e965deaaaa9d84359fbce89a2cb1966bca6bf525df8bbfb1ad9ed08df1daad
Tags:	64exetrojan
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Connects to many ports of the same IP (likely port scanning)

Contains functionality to hide user accounts

Found Tor onion address

Machine Learning detection for dropped file

Sigma detected: Execution from Suspicious Folder

Sigma detected: Suspicious New Service Creation

Sigma detected: Suspicious Program Location with Network Connections

AV process strings found (often used to terminate AV products)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Connects to several IPs in different countries

Contains functionality to create new users

Contains functionality to dynamically determine API calls

Contains functionality to enumerate network shares

Contains functionality to enumerate running services

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query network adapater information

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

QTmGYKK6SL.exe (PID: 6792 cmdline: "C:\Users\user\Desktop\QTmGYKK6SL.exe" MD5: 190E4ED7759276E78D16398673996B2B)

QTmGYKK6SL.exe (PID: 6544 cmdline: C:\Users\user\Desktop\QTmGYKK6SL.exe MD5: 190E4ED7759276E78D16398673996B2B)

o0c2ddmlg7qrbu2xkviy.exe (PID: 5844 cmdline: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe MD5: 1455F96A3552BFFCBD01FB90A2A4447B)

sc.exe (PID: 5000 cmdline: sc.exe stop RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 6312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 4628 cmdline: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 3052 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 932 cmdline: sc.exe failure RDP-Controller reset= 1 actions= restart/10000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 2088 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 6648 cmdline: sc.exe start RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 6016 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

icacls.exe (PID: 3668 cmdline: icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18 MD5: 48C87E3B3003A2413D6399EA77707F5D)

conhost.exe (PID: 1620 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

icacls.exe (PID: 2724 cmdline: icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl MD5: 48C87E3B3003A2413D6399EA77707F5D)

conhost.exe (PID: 5956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

main.exe (PID: 3164 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: CFCBC15615FFC698507D32C0A7D21134)

WerFault.exe (PID: 2300 cmdline: C:\Windows\system32\WerFault.exe -u -p 3164 -s 1156 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

svchost.exe (PID: 792 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

svchost.exe (PID: 2708 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 1804 cmdline: C:\Windows\system32\WerFault.exe -pss -s 432 -p 3164 -ip 3164 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

main.exe (PID: 3672 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: CFCBC15615FFC698507D32C0A7D21134)

cleanup

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, NewProcessName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, OriginalFileName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1804, ProcessCommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ProcessId: 3164, ProcessName: main.exe

Sigma detected: Suspicious New Service Creation

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe, ParentImage: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe, ParentProcessId: 5844, ParentProcessName: o0c2ddmlg7qrbu2xkviy.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 4628, ProcessName: sc.exe

Sigma detected: Suspicious Program Location with Network Connections

Source: Network Connection

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 119.13.124.67, DestinationIsIpv6: false, DestinationPort: 29762, EventID: 3, Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, Initiated: true, ProcessId: 3164, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 63482

Sigma detected: New Service Creation Using Sc.EXE

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe, ParentImage: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe, ParentProcessId: 5844, ParentProcessName: o0c2ddmlg7qrbu2xkviy.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 4628, ProcessName: sc.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, ProcessId: 792, ProcessName: svchost.exe

Snort Signatures

⊘No Snort rule has matched

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 40.68.123.157 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T13:43:00.851979+0200
SID:	2022930
Source Port:	443
Destination Port:	63481
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 40.68.123.157 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T13:42:22.481435+0200
SID:	2022930
Source Port:	443
Destination Port:	49731
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://banana.incognet.io/

Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: https://reseed2.i2p.net/

Virustotal: Detection: 5%

Perma Link

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	ReversingLabs: Detection: 21%
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Virustotal: Detection: 22%			Perma Link

Multi AV Scanner detection for submitted file

Source: QTmGYKK6SL.exe	Virustotal: Detection: 25%			Perma Link
Source: QTmGYKK6SL.exe	ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.2% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe

Unpacked PE file: 0.2.QTmGYKK6SL.exe.3420000.2.unpack

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

File created: C:\Users\user\AppData\Local\Temp\installer.log

Jump to behavior

Source:	Binary string: RfxVmt.pdb source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1913857527.000002BAD3A5A000.00000004.00000020.00020000.00000000.sdmp, JcfQdL0z.14.dr
Source:	Binary string: RfxVmt.pdbGCTL source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1913857527.000002BAD3A5A000.00000004.00000020.00020000.00000000.sdmp, JcfQdL0z.14.dr

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE10246DAF NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,	14_2_00007FFE10246DAF
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE10246DF3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,	14_2_00007FFE10246DF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11716DF3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,	24_2_00007FFE11716DF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11716DAF NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,	24_2_00007FFE11716DAF

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FF7BACD47F3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FF7BACD47F3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1024A0D3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE1024A0D3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11501883 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE11501883
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11EC5BF3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE11EC5BF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE126D5253 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE126D5253
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE13222FE3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE13222FE3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1A455803 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE1A455803
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1171A0D3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE1171A0D3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11741883 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE11741883
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11775BF3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE11775BF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11EC5253 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE11EC5253
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE126D2FE3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE126D2FE3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE13205803 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE13205803

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 45.8.98.78 ports 19063,0,1,3,6,9
Source: global traffic	TCP traffic: 204.8.84.94 ports 20578,0,2,5,7,8
Source: global traffic	TCP traffic: 68.148.96.106 ports 12385,1,2,3,5,8
Source: global traffic	TCP traffic: 82.165.57.155 ports 27813,1,2,3,7,8
Source: global traffic	TCP traffic: 24.177.113.51 ports 1,2,4,5,6,15624
Source: global traffic	TCP traffic: 73.62.1.179 ports 17850,0,1,5,7,8
Source: global traffic	TCP traffic: 186.28.6.171 ports 15230,0,1,2,3,5

Found Tor onion address

Source: QTmGYKK6SL.exe, 00000001.00000003.1843557253.0000000004466000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003A2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/
Source: o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/
Source: main.exe	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/
Source: main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/
Source: main.exe, 0000000E.00000002.2482562172.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/
Source: main.exe	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/
Source: main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/
Source: update.pkg.3.dr	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/

Source: unknown

Network traffic detected: IP country count 16

Source: global traffic	TCP traffic: 192.168.2.4:49730 -> 91.92.250.213:1110
Source: global traffic	TCP traffic: 192.168.2.4:63482 -> 119.13.124.67:29762
Source: global traffic	TCP traffic: 192.168.2.4:63483 -> 91.224.234.189:50444
Source: global traffic	TCP traffic: 192.168.2.4:63484 -> 74.80.57.188:24372
Source: global traffic	TCP traffic: 192.168.2.4:63485 -> 45.8.98.78:19063
Source: global traffic	TCP traffic: 192.168.2.4:63486 -> 67.166.47.100:15536
Source: global traffic	TCP traffic: 192.168.2.4:63487 -> 5.64.137.68:11737
Source: global traffic	TCP traffic: 192.168.2.4:63488 -> 186.28.6.171:15230
Source: global traffic	TCP traffic: 192.168.2.4:63489 -> 99.252.52.199:17541
Source: global traffic	TCP traffic: 192.168.2.4:63490 -> 204.8.84.94:20578
Source: global traffic	TCP traffic: 192.168.2.4:63491 -> 68.148.96.106:12385
Source: global traffic	TCP traffic: 192.168.2.4:63492 -> 24.177.113.51:15624
Source: global traffic	TCP traffic: 192.168.2.4:63504 -> 184.185.247.130:9859
Source: global traffic	TCP traffic: 192.168.2.4:63506 -> 91.149.237.69:26412
Source: global traffic	TCP traffic: 192.168.2.4:63509 -> 81.6.45.56:33834
Source: global traffic	TCP traffic: 192.168.2.4:63510 -> 73.62.1.179:17850
Source: global traffic	TCP traffic: 192.168.2.4:63511 -> 70.18.38.5:28737
Source: global traffic	TCP traffic: 192.168.2.4:63512 -> 82.165.57.155:27813
Source: global traffic	TCP traffic: 192.168.2.4:63514 -> 73.38.186.219:20033
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 45.89.55.34:19318
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 216.9.179.60:25750
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 86.5.235.24:18771
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 51.15.242.96:18384
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 79.228.26.155:18701
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 220.240.88.104:20056
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 46.151.24.133:21987
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 91.194.11.174:19248
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 139.59.159.178:44567
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 77.238.224.125:26317
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 194.87.219.156:19047
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 93.95.229.134:25799
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 217.76.54.24:22773
Source: global traffic	UDP traffic: 192.168.2.4:9421 -> 2.177.225.52:16459
Source: global traffic	UDP traffic: 192.168.2.4:10253 -> 173.230.128.232:26930
Source: global traffic	UDP traffic: 192.168.2.4:10253 -> 23.241.223.162:23154
Source: global traffic	UDP traffic: 192.168.2.4:10253 -> 94.103.188.190:28803

Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213
Source: unknown	TCP traffic detected without corresponding DNS query: 91.92.250.213

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FFE10245F3A recv,WSAGetLastError,

14_2_00007FFE10245F3A

Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1915940712.000002BAD4B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1916098850.000002BAD4B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000018.00000003.2586491287.00000156D4C77000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000018.00000003.2586378729.00000156D4C71000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: http://127.0.0.1:8118
Source: main.exe, 0000000E.00000003.1915940712.000002BAD4B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1916098850.000002BAD4B97000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:8118C
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: http://identiguy.i2p/hosts.txt
Source: update.pkg.3.dr	String found in binary or memory: http://reg.i2p/hosts.txt
Source: main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.i2p/hosts.txt8x
Source: main.exe, 00000018.00000002.2933918140.00000156D4C9E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.i2p/hosts.txtV
Source: main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.i2p/hosts.txtXn
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: http://rus.i2p/hosts.txt
Source: update.pkg.3.dr	String found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
Source: main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtf
Source: main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtxyz/
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: http://stats.i2p/cgi-bin/newhosts.txt
Source: Amcache.hve.22.dr	String found in binary or memory: http://upx.sf.net
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://banana.incognet.io/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://i2p.ghativega.in/
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: https://i2p.mooo.com/netDb/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://i2p.novg.net/
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://i2pseed.creativecowpat.net:8443/
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: https://legit-website.com/i2pseeds.su3
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: https://netdb.i2p2.no/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://reseed-fr.i2pd.xyz/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://reseed-pl.i2pd.xyz/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://reseed.diva.exchange/
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	String found in binary or memory: https://reseed.i2p-projekt.de/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://reseed.i2pgit.org/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://reseed.memcpy.io/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://reseed.onion.im/
Source: main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://reseed2.i2p.net/
Source: QTmGYKK6SL.exe, 00000001.00000003.1843557253.0000000004466000.00000004.00000020.00020000.00000000.sdmp, QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003A2F000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000002.2482562172.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	String found in binary or memory: https://www2.mk16.de/

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FFE1150F0FE strlen,strcat,strlen,strlen,strlen,strcat,strlen,strlen,strlen,strcat,LogonUserA,GetLastError,CreateProcessAsUserA,GetLastError,CloseHandle,CreateProcessA,GetLastError,

14_2_00007FFE1150F0FE

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

File deleted: C:\Windows\Temp\gJinHgIG

Jump to behavior

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033A7B92	0_2_033A7B92
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033B6BCE	0_2_033B6BCE
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033A4962	0_2_033A4962
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033AC95A	0_2_033AC95A
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033A5956	0_2_033A5956
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033A98AA	0_2_033A98AA
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033B4F9A	0_2_033B4F9A
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033A5EE6	0_2_033A5EE6
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033BCCD2	0_2_033BCCD2
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FF7BACDC490	14_2_00007FF7BACDC490
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE102508D0	14_2_00007FFE102508D0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11512520	14_2_00007FFE11512520
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11ECEFB0	14_2_00007FFE11ECEFB0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE126DEAF0	14_2_00007FFE126DEAF0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1322904C	14_2_00007FFE1322904C
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE13228F5E	14_2_00007FFE13228F5E
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE13228E16	14_2_00007FFE13228E16
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE132304B0	14_2_00007FFE132304B0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE13228D2B	14_2_00007FFE13228D2B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1A45CB60	14_2_00007FFE1A45CB60
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE117208D0	24_2_00007FFE117208D0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11752520	24_2_00007FFE11752520
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1177EFB0	24_2_00007FFE1177EFB0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11ECEAF0	24_2_00007FFE11ECEAF0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE126D904C	24_2_00007FFE126D904C
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE126D8F5E	24_2_00007FFE126D8F5E
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE126E04B0	24_2_00007FFE126E04B0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE126D8D2B	24_2_00007FFE126D8D2B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE126D8E16	24_2_00007FFE126D8E16
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1320CB60	24_2_00007FFE1320CB60

Source: Joe Sandbox View	Dropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll 9BC6EDD286F4DCD83E57B541BC99038F7E902DE943A6FD528BA485DF1187FFA8
Source: Joe Sandbox View	Dropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll 1DA31243257B0EBC79BA57CA98E6A3A1996CC4E2641E96098561CDCB1FA3EE46
Source: Joe Sandbox View	Dropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll 2B5DC45E89700D4B991ADDED1AA097641D60932B7BBE2C12FC8536B9D46F15A6
Source: Joe Sandbox View	Dropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll 154C3DCA584BB1F78C7AE7688D70998F2B62BED8884267E3FCF150BFEFE2C9D8

Source: C:\Windows\System32\icacls.exe

Process token adjusted: Security

Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE117140D2 appears 473 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE132277A2 appears 388 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE1150C852 appears 526 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE11EC9DC2 appears 405 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FF7BACD2EF2 appears 314 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE102440D2 appears 473 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE11779DC2 appears 405 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE1A4520C2 appears 356 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE132020C2 appears 356 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE126D1352 appears 398 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE11EC1352 appears 398 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE126D77A2 appears 388 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE1174C852 appears 526 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 432 -p 3164 -ip 3164

Source: prgmgr.dll.14.dr	Static PE information: Number of sections : 11 > 10
Source: TMCsWjkD.14.dr	Static PE information: Number of sections : 11 > 10
Source: libi2p.dll.14.dr	Static PE information: Number of sections : 11 > 10
Source: WQZiUkLe.14.dr	Static PE information: Number of sections : 11 > 10
Source: 78a0MAty.14.dr	Static PE information: Number of sections : 11 > 10
Source: termsrv32.dll.14.dr	Static PE information: Number of sections : 11 > 10
Source: rJnwiXXd.14.dr	Static PE information: Number of sections : 11 > 10
Source: samctl.dll.14.dr	Static PE information: Number of sections : 11 > 10
Source: to1wcXFh.14.dr	Static PE information: Number of sections : 11 > 10
Source: rdpctl.dll.14.dr	Static PE information: Number of sections : 11 > 10
Source: QTmGYKK6SL.exe	Static PE information: Number of sections : 11 > 10
Source: gJinHgIG.14.dr	Static PE information: Number of sections : 11 > 10
Source: M3Cw7G9m.14.dr	Static PE information: Number of sections : 11 > 10
Source: dwlmgr.dll.14.dr	Static PE information: Number of sections : 11 > 10
Source: evtsrv.dll.14.dr	Static PE information: Number of sections : 11 > 10
Source: cnccli.dll.14.dr	Static PE information: Number of sections : 11 > 10
Source: ViiRS0bs.14.dr	Static PE information: Number of sections : 11 > 10

Source: QTmGYKK6SL.exe, 00000000.00000002.1702392786.0000000002C63000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs QTmGYKK6SL.exe
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamerfxvmt.dllj% vs QTmGYKK6SL.exe
Source: QTmGYKK6SL.exe, 00000001.00000002.2933702042.0000000002CE3000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs QTmGYKK6SL.exe

Source: classification engine

Classification label: mal100.troj.evad.winEXE@32/51@0/37

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACD2029 FindResourceA,LoadResource,GetLastError,GetLastError,GetLastError,GetLastError,

14_2_00007FF7BACD2029

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACD1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,

14_2_00007FF7BACD1DBC

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACD1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,

14_2_00007FF7BACD1DBC

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6016:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1620:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2088:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:1804:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \BaseNamedObjects\Local\WERReportingForProcess3164
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5956:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3052:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6312:120:WilError_03

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe

File created: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

Jump to behavior

Source: QTmGYKK6SL.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

File read: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini

Jump to behavior

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: QTmGYKK6SL.exe	Virustotal: Detection: 25%
Source: QTmGYKK6SL.exe	ReversingLabs: Detection: 23%

Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp
Source: QTmGYKK6SL.exe	String found in binary or memory: NATS-SEFI-ADD
Source: QTmGYKK6SL.exe	String found in binary or memory: NATS-DANO-ADD
Source: QTmGYKK6SL.exe	String found in binary or memory: JIS_C6229-1984-b-add
Source: QTmGYKK6SL.exe	String found in binary or memory: jp-ocr-b-add
Source: QTmGYKK6SL.exe	String found in binary or memory: JIS_C6229-1984-hand-add
Source: QTmGYKK6SL.exe	String found in binary or memory: jp-ocr-hand-add
Source: QTmGYKK6SL.exe	String found in binary or memory: ISO_6937-2-add

Source: unknown	Process created: C:\Users\user\Desktop\QTmGYKK6SL.exe "C:\Users\user\Desktop\QTmGYKK6SL.exe"
Source: unknown	Process created: C:\Users\user\Desktop\QTmGYKK6SL.exe C:\Users\user\Desktop\QTmGYKK6SL.exe
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Process created: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\sc.exe sc.exe start RDP-Controller
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Source: C:\Windows\System32\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl
Source: C:\Windows\System32\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 432 -p 3164 -ip 3164
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3164 -s 1156
Source: unknown	Process created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Process created: C:\Users\user\Desktop\QTmGYKK6SL.exe C:\Users\user\Desktop\QTmGYKK6SL.exe	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Process created: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\sc.exe sc.exe start RDP-Controller	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 432 -p 3164 -ip 3164	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3164 -s 1156	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: d3d9.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: libi2p.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\icacls.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanagersvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: libi2p.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: samlib.dll	Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

File written: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.ini

Jump to behavior

Source: QTmGYKK6SL.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: QTmGYKK6SL.exe

Static file information: File size 12016128 > 1048576

Source: QTmGYKK6SL.exe	Static PE information: Raw size of .text is bigger than: 0x100000 < 0x8bc200
Source: QTmGYKK6SL.exe	Static PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x10e400

Source:	Binary string: RfxVmt.pdb source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1913857527.000002BAD3A5A000.00000004.00000020.00020000.00000000.sdmp, JcfQdL0z.14.dr
Source:	Binary string: RfxVmt.pdbGCTL source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1913857527.000002BAD3A5A000.00000004.00000020.00020000.00000000.sdmp, JcfQdL0z.14.dr

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe

Unpacked PE file: 0.2.QTmGYKK6SL.exe.3420000.2.unpack

Source: rfxvmt.dll.14.dr

Static PE information: 0xE004CD23 [Sat Feb 5 03:04:03 2089 UTC]

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACDDECE GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,

14_2_00007FF7BACDDECE

Source: QTmGYKK6SL.exe	Static PE information: section name: .didata
Source: o0c2ddmlg7qrbu2xkviy.exe.1.dr	Static PE information: section name: .xdata
Source: main.exe.3.dr	Static PE information: section name: .xdata
Source: libi2p.dll.14.dr	Static PE information: section name: .xdata
Source: evtsrv.dll.14.dr	Static PE information: section name: .xdata
Source: cnccli.dll.14.dr	Static PE information: section name: .xdata
Source: termsrv32.dll.14.dr	Static PE information: section name: .xdata
Source: rdpctl.dll.14.dr	Static PE information: section name: .xdata
Source: samctl.dll.14.dr	Static PE information: section name: .xdata
Source: prgmgr.dll.14.dr	Static PE information: section name: .xdata
Source: dwlmgr.dll.14.dr	Static PE information: section name: .xdata
Source: to1wcXFh.14.dr	Static PE information: section name: .xdata
Source: ViiRS0bs.14.dr	Static PE information: section name: .xdata
Source: WQZiUkLe.14.dr	Static PE information: section name: .xdata
Source: gJinHgIG.14.dr	Static PE information: section name: .xdata
Source: TMCsWjkD.14.dr	Static PE information: section name: .xdata
Source: rJnwiXXd.14.dr	Static PE information: section name: .xdata
Source: M3Cw7G9m.14.dr	Static PE information: section name: .xdata
Source: 78a0MAty.14.dr	Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Code function: 0_2_033A6575 push esi; ret	0_2_033A6577
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179B3 push qword ptr [00007FFE47517884h]; retf	14_2_00007FFE115179B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179BB push qword ptr [00007FFE4751788Ch]; retf	14_2_00007FFE115179C1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179FF push qword ptr [00007FFE475178D0h]; retf	14_2_00007FFE11517A05
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11517A07 push qword ptr [00007FFE475178D8h]; retf	14_2_00007FFE11517A0D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11517A0F push qword ptr [00007FFE475178E0h]; retf	14_2_00007FFE11517A15
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11517A17 push qword ptr [00007FFE185178E8h]; retf	14_2_00007FFE11517A1D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179E7 push qword ptr [00007FFE475178B8h]; retf	14_2_00007FFE115179ED
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179EF push qword ptr [00007FFE475178C0h]; retf	14_2_00007FFE115179F5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179F7 push qword ptr [00007FFE475178C8h]; retf	14_2_00007FFE115179FD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179C3 push qword ptr [00007FFE47517894h]; retf	14_2_00007FFE115179C9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179CB push qword ptr [00007FFE4751789Ch]; retf	14_2_00007FFE115179D1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115179D3 push qword ptr [00007FFE475178A4h]; retf	14_2_00007FFE115179D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172B8 push rsp; ret	14_2_00007FFE115172B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172BC push rsp; ret	14_2_00007FFE115172BD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1151726F push qword ptr [rsi]; ret	14_2_00007FFE11517275
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1151727C push rsp; ret	14_2_00007FFE1151727D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172E0 push rsp; ret	14_2_00007FFE115172E1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172E4 push rsp; ret	14_2_00007FFE115172E5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172E8 push rsp; ret	14_2_00007FFE115172E9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172C4 push rsp; ret	14_2_00007FFE115172C5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172CC push rsp; ret	14_2_00007FFE115172CD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172D0 push rsp; ret	14_2_00007FFE115172D1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172D4 push rsp; ret	14_2_00007FFE115172D5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172D8 push rsp; ret	14_2_00007FFE115172D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE115172DC push rsp; ret	14_2_00007FFE115172DD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE132315D7 push rsp; retf 0000h	14_2_00007FFE132315D8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE117579C3 push qword ptr [00007FFE47757894h]; retf	24_2_00007FFE117579C9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE117579CB push qword ptr [00007FFE4775789Ch]; retf	24_2_00007FFE117579D1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE117579D3 push qword ptr [00007FFE477578A4h]; retf	24_2_00007FFE117579D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE117579E7 push qword ptr [00007FFE477578B8h]; retf	24_2_00007FFE117579ED

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FFE1024875B strlen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strlen,NetUserAdd,CreateProfile,

14_2_00007FFE1024875B

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ViiRS0bs	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\gJinHgIG	Jump to dropped file
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	File created: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\to1wcXFh	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\78a0MAty	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\WQZiUkLe	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\rJnwiXXd	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\M3Cw7G9m	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\JcfQdL0z	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\TMCsWjkD	Jump to dropped file

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ViiRS0bs	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\gJinHgIG	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\to1wcXFh	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\78a0MAty	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\WQZiUkLe	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\rJnwiXXd	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\M3Cw7G9m	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\JcfQdL0z	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\TMCsWjkD	Jump to dropped file

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\to1wcXFh	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ViiRS0bs	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\WQZiUkLe	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\gJinHgIG	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\JcfQdL0z	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\TMCsWjkD	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\rJnwiXXd	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\M3Cw7G9m	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\78a0MAty	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

File created: C:\Users\user\AppData\Local\Temp\installer.log

Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACD1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,

14_2_00007FF7BACD1DBC

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

Process created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller

Hooking and other Techniques for Hiding and Protection

Contains functionality to hide user accounts

Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe, 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe, 0000000E.00000003.1914709125.000002BAD3A5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 0000000E.00000003.1914709125.000002BAD3A5A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000018.00000002.2935871980.00007FFE11724000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000018.00000002.2935871980.00007FFE11724000.00000002.00000001.01000000.0000000E.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: samctl.dll.14.dr	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: samctl.dll.14.dr	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetLastError,EnumServicesStatusExA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strcpy,		14_2_00007FFE11507694
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetLastError,EnumServicesStatusExA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strcpy,		24_2_00007FFE11747694

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	14_2_00007FFE102460C8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	14_2_00007FFE1150B648
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	14_2_00007FFE11EC2738
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	14_2_00007FFE126D4978
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	14_2_00007FFE13221D98
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	14_2_00007FFE1A4530A8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	24_2_00007FFE117160C8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	24_2_00007FFE1174B648
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	24_2_00007FFE11772738
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	24_2_00007FFE11EC4978
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	24_2_00007FFE126D1D98
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	24_2_00007FFE132030A8

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\ViiRS0bs	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\gJinHgIG	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\to1wcXFh	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\78a0MAty	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\WQZiUkLe	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\rJnwiXXd	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\M3Cw7G9m	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\JcfQdL0z	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\TMCsWjkD	Jump to dropped file

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_14-60416

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

API coverage: 9.6 %

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe TID: 3288	Thread sleep count: 195 > 30	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe TID: 3288	Thread sleep time: -11700000s >= -30000s	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 6808	Thread sleep count: 63 > 30	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 6808	Thread sleep time: -31500s >= -30000s	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5756	Thread sleep count: 63 > 30	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5756	Thread sleep time: -31500s >= -30000s	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 4136	Thread sleep count: 56 > 30	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 8	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5644	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5448	Thread sleep count: 31 > 30	Jump to behavior

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\Users\user\Desktop\QTmGYKK6SL.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Last function: Thread delayed
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Last function: Thread delayed
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Last function: Thread delayed

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FF7BACD47F3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FF7BACD47F3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1024A0D3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE1024A0D3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11501883 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE11501883
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11EC5BF3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE11EC5BF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE126D5253 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE126D5253
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE13222FE3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE13222FE3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1A455803 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	14_2_00007FFE1A455803
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1171A0D3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE1171A0D3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11741883 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE11741883
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11775BF3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE11775BF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11EC5253 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE11EC5253
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE126D2FE3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE126D2FE3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE13205803 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	24_2_00007FFE13205803

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe

Thread delayed: delay time: 60000

Jump to behavior

Source: Amcache.hve.22.dr	Binary or memory string: VMware
Source: Amcache.hve.22.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.22.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.22.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.22.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.22.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.22.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.22.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.22.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.22.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.22.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.22.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: QTmGYKK6SL.exe, 00000001.00000002.2933221271.00000000010E8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1915621130.000002BAD3A61000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000002.2480258672.000002BAD3A53000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: main.exe, 00000018.00000002.2933664807.00000156D4527000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllGG
Source: o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000002.1970305392.0000023071658000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllMM
Source: Amcache.hve.22.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.22.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.22.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.22.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.22.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.22.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.22.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.22.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.22.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.22.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.22.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.22.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.22.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.22.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.22.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.22.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.22.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

API call chain: ExitProcess graph end node

graph_14-57593

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACDDECE GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,

14_2_00007FF7BACDDECE

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACD3452 GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,strncpy,strncpy,strncpy,

14_2_00007FF7BACD3452

Source: C:\Users\user\Desktop\QTmGYKK6SL.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACD1131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,_malloc_dbg,strlen,_malloc_dbg,_cexit,

14_2_00007FF7BACD1131

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

14_2_00007FFE1150F0FE

Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 432 -p 3164 -ip 3164			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 3164 -s 1156			Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FF7BACD8235 GetSystemTimeAsFileTime,

14_2_00007FF7BACD8235

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 14_2_00007FFE10246DF3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,

14_2_00007FFE10246DF3

Source: C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.22.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.22.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.22.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.22.dr	Binary or memory string: MsMpEng.exe

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1024592A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	14_2_00007FFE1024592A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1150AEAA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	14_2_00007FFE1150AEAA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE11EC1F9A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	14_2_00007FFE11EC1F9A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE126D41DA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	14_2_00007FFE126D41DA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE132215FA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	14_2_00007FFE132215FA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1A45290A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	14_2_00007FFE1A45290A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1A45A751 bind,	14_2_00007FFE1A45A751
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1A46B820 listen,htons,recv,select,	14_2_00007FFE1A46B820
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 14_2_00007FFE1A46B7E8 bind,	14_2_00007FFE1A46B7E8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1171592A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	24_2_00007FFE1171592A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1174AEAA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	24_2_00007FFE1174AEAA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11771F9A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	24_2_00007FFE11771F9A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE11EC41DA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	24_2_00007FFE11EC41DA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE126D15FA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	24_2_00007FFE126D15FA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1320290A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	24_2_00007FFE1320290A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1320A751 bind,	24_2_00007FFE1320A751
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1321B7E8 bind,	24_2_00007FFE1321B7E8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 24_2_00007FFE1321B820 listen,htons,recv,select,	24_2_00007FFE1321B820

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	2 Valid Accounts	2 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Create Account	2 Valid Accounts	2 Obfuscated Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	Data from Removable Media	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	3 Service Execution	2 Valid Accounts	2 Access Token Manipulation	1 Software Packing	Security Account Manager	1 System Service Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	4 Windows Service	4 Windows Service	1 Timestomp	NTDS	3 File and Directory Discovery	Distributed Component Object Model	Input Capture	1 Proxy	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	1 Services File Permissions Weakness	11 Process Injection	1 DLL Side-Loading	LSA Secrets	23 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	1 Services File Permissions Weakness	1 File Deletion	Cached Domain Credentials	1 Network Share Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	21 Masquerading	DCSync	131 Security Software Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	2 Valid Accounts	Proc Filesystem	1 Process Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Access Token Manipulation	/etc/passwd and /etc/shadow	21 Virtualization/Sandbox Evasion	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	21 Virtualization/Sandbox Evasion	Network Sniffing	1 System Owner/User Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	11 Process Injection	Input Capture	1 System Network Configuration Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	1 Hidden Users	Keylogging	Process Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	1 Services File Permissions Weakness	GUI Input Capture	Permission Groups Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
QTmGYKK6SL.exe	25%	Virustotal		Browse
QTmGYKK6SL.exe	24%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	100%	Joe Sandbox ML
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll	0%	Virustotal		Browse
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll	0%	Virustotal		Browse
C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	21%	ReversingLabs	Win64.Trojan.Barys
C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe	23%	Virustotal		Browse
C:\Windows\Temp\JcfQdL0z	0%	ReversingLabs
C:\Windows\Temp\to1wcXFh	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://upx.sf.net	0%	URL Reputation	safe
https://i2pseed.creativecowpat.net:8443/	0%	Avira URL Cloud	safe
https://reseed-fr.i2pd.xyz/	0%	Avira URL Cloud	safe
http://reg.i2p/hosts.txt8x	0%	Avira URL Cloud	safe
https://i2p.novg.net/	0%	Avira URL Cloud	safe
https://reseed.i2p-projekt.de/	0%	Avira URL Cloud	safe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtf	0%	Avira URL Cloud	safe
https://netdb.i2p2.no/	0%	Avira URL Cloud	safe
https://reseed.memcpy.io/	0%	Avira URL Cloud	safe
https://reseed-fr.i2pd.xyz/	4%	Virustotal		Browse
https://reseed.i2p-projekt.de/	4%	Virustotal		Browse
https://i2p.ghativega.in/	0%	Avira URL Cloud	safe
https://netdb.i2p2.no/	0%	Virustotal		Browse
https://reseed.i2pgit.org/	0%	Avira URL Cloud	safe
https://www2.mk16.de/	0%	Avira URL Cloud	safe
http://reg.i2p/hosts.txt	0%	Avira URL Cloud	safe
https://i2p.ghativega.in/	0%	Virustotal		Browse
https://reseed-pl.i2pd.xyz/	0%	Avira URL Cloud	safe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtxyz/	0%	Avira URL Cloud	safe
https://reseed.memcpy.io/	0%	Virustotal		Browse
https://i2pseed.creativecowpat.net:8443/	0%	Virustotal		Browse
http://stats.i2p/cgi-bin/newhosts.txt	0%	Avira URL Cloud	safe
http://127.0.0.1:8118	0%	Avira URL Cloud	safe
http://identiguy.i2p/hosts.txt	0%	Avira URL Cloud	safe
https://i2p.novg.net/	1%	Virustotal		Browse
http://127.0.0.1:8118	0%	Virustotal		Browse
https://reseed-pl.i2pd.xyz/	0%	Virustotal		Browse
https://reseed.diva.exchange/	0%	Avira URL Cloud	safe
https://reseed.i2pgit.org/	2%	Virustotal		Browse
http://127.0.0.1:8118C	0%	Avira URL Cloud	safe
https://legit-website.com/i2pseeds.su3	0%	Avira URL Cloud	safe
https://reseed.onion.im/	0%	Avira URL Cloud	safe
https://i2p.mooo.com/netDb/	0%	Avira URL Cloud	safe
https://reseed.diva.exchange/	2%	Virustotal		Browse
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/	0%	Avira URL Cloud	safe
https://reseed2.i2p.net/	0%	Avira URL Cloud	safe
https://legit-website.com/i2pseeds.su3	0%	Virustotal		Browse
https://www2.mk16.de/	0%	Virustotal		Browse
http://reg.i2p/hosts.txtV	0%	Avira URL Cloud	safe
https://banana.incognet.io/	100%	Avira URL Cloud	malware
http://reg.i2p/hosts.txtXn	0%	Avira URL Cloud	safe
http://rus.i2p/hosts.txt	0%	Avira URL Cloud	safe
https://reseed.onion.im/	2%	Virustotal		Browse
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt	0%	Avira URL Cloud	safe
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/	0%	Virustotal		Browse
https://reseed2.i2p.net/	5%	Virustotal		Browse
https://i2p.mooo.com/netDb/	2%	Virustotal		Browse
https://banana.incognet.io/	4%	Virustotal		Browse

Name	Source	Malicious	Antivirus Detection	Reputation
https://reseed-fr.i2pd.xyz/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://i2pseed.creativecowpat.net:8443/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://reseed.i2p-projekt.de/	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://reg.i2p/hosts.txt8x	main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://i2p.novg.net/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtf	main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://netdb.i2p2.no/	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://reseed.memcpy.io/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://i2p.ghativega.in/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.22.dr	false	URL Reputation: safe	unknown
https://reseed.i2pgit.org/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www2.mk16.de/	QTmGYKK6SL.exe, 00000001.00000003.1843557253.0000000004466000.00000004.00000020.00020000.00000000.sdmp, QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003A2F000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000002.2482562172.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://reg.i2p/hosts.txt	update.pkg.3.dr	false	Avira URL Cloud: safe	unknown
https://reseed-pl.i2pd.xyz/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtxyz/	main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://stats.i2p/cgi-bin/newhosts.txt	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	Avira URL Cloud: safe	unknown
http://127.0.0.1:8118	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1915940712.000002BAD4B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1916098850.000002BAD4B97000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000018.00000003.2586491287.00000156D4C77000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000018.00000003.2586378729.00000156D4C71000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://identiguy.i2p/hosts.txt	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	Avira URL Cloud: safe	unknown
https://reseed.diva.exchange/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://127.0.0.1:8118C	main.exe, 0000000E.00000003.1915940712.000002BAD4B91000.00000004.00000020.00020000.00000000.sdmp, main.exe, 0000000E.00000003.1916098850.000002BAD4B97000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://legit-website.com/i2pseeds.su3	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://reseed.onion.im/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://i2p.mooo.com/netDb/	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://reseed2.i2p.net/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	5%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://reg.i2p/hosts.txtV	main.exe, 00000018.00000002.2933918140.00000156D4C9E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://banana.incognet.io/	main.exe, main.exe, 00000018.00000002.2935551559.00007FFDFB7E4000.00000002.00000001.01000000.0000000A.sdmp, main.exe, 00000018.00000002.2933918140.00000156D4C3D000.00000004.00000020.00020000.00000000.sdmp, update.pkg.3.dr	true	4%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://reg.i2p/hosts.txtXn	main.exe, 0000000E.00000002.2481168941.000002BAD4B5D000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://rus.i2p/hosts.txt	QTmGYKK6SL.exe, 00000001.00000003.1854237313.0000000003B54000.00000004.00000020.00020000.00000000.sdmp, o0c2ddmlg7qrbu2xkviy.exe, 00000003.00000000.1866831901.00007FF66564E000.00000008.00000001.01000000.00000005.sdmp, main.exe, 0000000E.00000002.2480467750.000002BAD4726000.00000004.00000020.00020000.00000000.sdmp, xuutMjJX.14.dr, update.pkg.3.dr	false	Avira URL Cloud: safe	unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt	update.pkg.3.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
184.185.247.130	unknown	United States	22773	ASN-CXA-ALL-CCI-22773-RDCUS	false
216.9.179.60	unknown	United States	17385	ORBITELUS	false
73.38.186.219	unknown	United States	7922	COMCAST-7922US	false
217.76.54.24	unknown	Sweden	39597	SVNET-SE-ASSverigeNetMedianetworkiHalmstadABSE	false
45.8.98.78	unknown	Russian Federation	395800	GBTCLOUDUS	true
204.8.84.94	unknown	United States	32641	ARBINET-INTERNALUS	true
82.165.57.155	unknown	Germany	8560	ONEANDONE-ASBrauerstrasse48DE	true
173.230.128.232	unknown	United States	63949	LINODE-APLinodeLLCUS	false
51.15.242.96	unknown	France	12876	OnlineSASFR	false
2.177.225.52	unknown	Iran (ISLAMIC Republic Of)	12880	DCI-ASIR	false
220.240.88.104	unknown	Australia	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
91.149.237.69	unknown	Poland	41952	MARTON-ASPL	false
91.92.250.213	unknown	Bulgaria	34368	THEZONEBG	false
86.5.235.24	unknown	United Kingdom	5089	NTLGB	false
81.6.45.56	unknown	Switzerland	13030	INIT7CH	false
74.80.57.188	unknown	United States	25921	LUS-FIBER-LCGUS	false
94.103.188.190	unknown	Russian Federation	197390	RATELE-ASRU	false
194.87.219.156	unknown	Russian Federation	197695	AS-REGRU	false
91.194.11.174	unknown	Russian Federation	42994	HQservCommunicationSolutionsIL	false
79.228.26.155	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	false
67.166.47.100	unknown	United States	7922	COMCAST-7922US	false
68.148.96.106	unknown	Canada	6327	SHAWCA	true
23.241.223.162	unknown	United States	20001	TWC-20001-PACWESTUS	false
70.18.38.5	unknown	United States	701	UUNETUS	false
119.13.124.67	unknown	Australia	9723	ISEEK-AS-APiseekCommunicationsPtyLtdAU	true
5.64.137.68	unknown	United Kingdom	5607	BSKYB-BROADBAND-ASGB	false
24.177.113.51	unknown	United States	20115	CHARTER-20115US	true
139.59.159.178	unknown	Singapore	14061	DIGITALOCEAN-ASNUS	false
45.89.55.34	unknown	Russian Federation	44676	VMAGE-ASRU	false
91.224.234.189	unknown	Russian Federation	56542	PARKTELECOM-ASRU	false
46.151.24.133	unknown	Russian Federation	49608	T4D_RU-ASRU	false
73.62.1.179	unknown	United States	7922	COMCAST-7922US	true
99.252.52.199	unknown	Canada	812	ROGERS-COMMUNICATIONSCA	false
93.95.229.134	unknown	Iceland	44925	THE-1984-ASIS	false
77.238.224.125	unknown	Russian Federation	42429	TELERU-ASRU	false
186.28.6.171	unknown	Colombia	19429	ETB-ColombiaCO	true

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483438
Start date and time:	2024-07-27 13:41:11 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	QTmGYKK6SL.exe renamed because original name is a hash value
Original Sample Name:	190e4ed7759276e78d16398673996b2b.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@32/51@0/37
EGA Information:	Successful, ratio: 40%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 52.168.117.173
Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, ocsp.digicert.com, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target QTmGYKK6SL.exe, PID 6544 because there are no executed function
Execution Graph export aborted for target QTmGYKK6SL.exe, PID 6792 because there are no executed function
Execution Graph export aborted for target o0c2ddmlg7qrbu2xkviy.exe, PID 5844 because it is empty
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.

Simulations

Behavior and APIs

Time	Type	Description
07:42:23	API Interceptor	195x Sleep call for process: QTmGYKK6SL.exe modified
07:42:59	API Interceptor	376x Sleep call for process: main.exe modified
07:43:23	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
184.185.247.130	file.exe	Get hash	malicious	Vidar	Browse
91.92.250.213	IRqsWvBBMc.exe	Get hash	malicious	Amadey, Vidar	Browse
91.92.250.213	file.exe	Get hash	malicious	Vidar	Browse
216.9.179.60	file.exe	Get hash	malicious	Vidar	Browse
81.6.45.56	file.exe	Get hash	malicious	Vidar	Browse
73.38.186.219	file.exe	Get hash	malicious	Vidar	Browse
45.8.98.78	file.exe	Get hash	malicious	Vidar	Browse
204.8.84.94	file.exe	Get hash	malicious	Vidar	Browse
82.165.57.155	file.exe	Get hash	malicious	Vidar	Browse
173.230.128.232	file.exe	Get hash	malicious	Vidar	Browse
91.149.237.69	file.exe	Get hash	malicious	Vidar	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ASN-CXA-ALL-CCI-22773-RDCUS	93g0DCqh1e.elf	Get hash	malicious	Mirai	Browse	68.227.186.53
	xZ2Ha9PYPn.elf	Get hash	malicious	Mirai	Browse	66.210.234.66
	file.exe	Get hash	malicious	Vidar	Browse	184.185.247.130
	mpsl.elf	Get hash	malicious	Mirai	Browse	72.194.198.162
	arm7.elf	Get hash	malicious	Mirai	Browse	68.6.47.11
	nX1oQE2we8.exe	Get hash	malicious	CryptOne, Qbot	Browse	72.209.191.27
	LisectAVT_2403002C_89.exe	Get hash	malicious	FormBook	Browse	98.167.121.228
	94.156.8.9-skid.mips-2024-07-23T17_40_11.elf	Get hash	malicious	Mirai, Moobot	Browse	184.190.153.158
	wAO7F8FbEz.elf	Get hash	malicious	Unknown	Browse	68.96.185.235
	0GJSC4Ua2K.elf	Get hash	malicious	Unknown	Browse	174.79.178.111
SVNET-SE-ASSverigeNetMedianetworkiHalmstadABSE	RFQ24060084#U00b7pdf.exe	Get hash	malicious	Remcos, GuLoader	Browse	217.76.50.73
	IT01879020517_uGIim_xml#U00b7pdf.exe	Get hash	malicious	Remcos	Browse	217.76.50.73
	Cp91KTtA1I.exe	Get hash	malicious	Remcos, GuLoader	Browse	217.76.50.73
	I3AAOUFA1w.exe	Get hash	malicious	Remcos, GuLoader	Browse	217.76.50.73
	Gsi3o47VVe.exe	Get hash	malicious	Remcos, GuLoader	Browse	217.76.50.73
	fKPsJbn9jd.exe	Get hash	malicious	Remcos, GuLoader	Browse	217.76.50.73
	pko_trans_details_20240710_105339#U00b7pdf.exe	Get hash	malicious	Remcos	Browse	217.76.50.73
	OD2J305312A-200805674H-2024090716pdf.exe	Get hash	malicious	Remcos, GuLoader	Browse	217.76.50.73
	Vendor Data Requirements#U00b7pdf.exe	Get hash	malicious	Remcos	Browse	217.76.50.73
	Orange_doklad_CN0413278003_20240705_FR09831200076590#U00b7pdf.exe	Get hash	malicious	Remcos, GuLoader	Browse	217.76.50.73
COMCAST-7922US	205.185.120.123-skid.sh4-2024-07-27T10_33_38.elf	Get hash	malicious	Mirai, Moobot	Browse	184.122.149.149
	205.185.120.123-skid.m68k-2024-07-27T10_33_18.elf	Get hash	malicious	Mirai, Moobot	Browse	76.144.6.176
	205.185.120.123-skid.arm7-2024-07-27T10_33_43.elf	Get hash	malicious	Mirai, Moobot	Browse	25.212.223.48
	93g0DCqh1e.elf	Get hash	malicious	Mirai	Browse	98.54.154.173
	xZ2Ha9PYPn.elf	Get hash	malicious	Mirai	Browse	25.6.129.49
	AKPSrAWl2G.elf	Get hash	malicious	Mirai	Browse	76.27.22.105
	TRn7934M3A.elf	Get hash	malicious	Mirai	Browse	75.67.106.141
	rLog7rmU2e.elf	Get hash	malicious	Mirai	Browse	76.122.78.50
	WIwTo1UTMq.elf	Get hash	malicious	Mirai	Browse	69.254.187.221
	5oXS6HtbzC.elf	Get hash	malicious	Mirai	Browse	73.174.55.28
ORBITELUS	file.exe	Get hash	malicious	Vidar	Browse	216.9.179.60
	1CZlhmRsza.elf	Get hash	malicious	Mirai, Moobot	Browse	208.115.146.132
	3LI2VAvf26.elf	Get hash	malicious	Unknown	Browse	208.115.145.33
	JoaD4Dp71E.elf	Get hash	malicious	Mirai	Browse	208.115.145.97
	VJy4TgKlVo.elf	Get hash	malicious	Mirai	Browse	208.90.178.131
	3LqyRhuLwv.elf	Get hash	malicious	Mirai	Browse	208.115.145.97
	skyljne.mpsl.elf	Get hash	malicious	Mirai	Browse	208.90.178.146
	pf8hBdVOlp.elf	Get hash	malicious	Mirai	Browse	208.115.145.91
	4E2ggD3VyS.elf	Get hash	malicious	Mirai	Browse	208.90.178.178
	botx.arm.elf	Get hash	malicious	Unknown	Browse	208.115.146.130

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll	file.exe	Get hash	malicious	Vidar	Browse
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll	file.exe	Get hash	malicious	Vidar	Browse
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll	file.exe	Get hash	malicious	Vidar	Browse
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll	file.exe	Get hash	malicious	Vidar	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_main.exe_812666da5b2f51c4c16d2b07f719a7c78639de5_61e28721_b69b9da0-b8cd-49e8-a98d-ee4ba4c1be48\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9540509635037503
Encrypted:	false
SSDEEP:	96:VeGFbBzcjsehMX71fwQXIDcQic6EcErcw3U3d+HbHg/opAnQzOqg7ThVMkQrIdUX:1pVcju0MAR436jtIzuiFFZ24lO8lu
MD5:	9FCB1376DF5A2A43B47D9058C3E0887D
SHA1:	D0FF9040623F66FAAB2B611E8ACDCC437D79A5ED
SHA-256:	B266869B1D78CE6CC5FCBABED457875B6DACC82B376F97D3F686A47ABCB52595
SHA-512:	D0F55137AE0A2D272BECA7509BDDC319F4C69457914F24D60D7AC81EB184121AB2203213CA3F6638B38CC13ECB26158AF60B1C42C177AC2907006900FC8D12C7
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.6.5.5.4.1.9.7.1.0.1.0.7.9.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.6.5.5.4.1.9.7.6.4.7.9.4.6.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.6.9.b.9.d.a.0.-.b.8.c.d.-.4.9.e.8.-.a.9.8.d.-.e.e.4.b.a.4.c.1.b.e.4.8.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.4.e.6.9.4.2.b.-.6.6.9.f.-.4.2.5.0.-.b.f.4.2.-.8.c.c.8.8.c.0.c.f.9.3.4.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.m.a.i.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.c.5.c.-.0.0.0.0.-.0.0.1.4.-.4.0.7.2.-.c.e.0.d.1.a.e.0.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.3.1.8.d.4.3.1.0.6.5.7.e.8.3.6.8.5.5.7.f.1.8.3.e.1.5.c.4.7.c.d.0.0.0.0.f.f.f.f.!.0.0.0.0.f.6.d.a.c.c.e.5.9.f.7.8.c.a.4.e.e.6.6.2.2.c.4.a.3.4.0.9.2.3.2.8.2.e.c.3.a.d.d.e.!.m.a.i.n...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.1.9.7.0././.0.1././.0.1.:.0.0.:.0.0.:.0.0.!.1.a.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A20.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Sat Jul 27 11:43:17 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	630612
Entropy (8bit):	0.9954004505190842
Encrypted:	false
SSDEEP:	768:dF/CPw0uUm5s0TTg5PcONad6duMXdjJld1F:d0arZTTUUONaaXFJld1
MD5:	CDFD86DA68A64C90E6B96CBA603552F8
SHA1:	0E049F88F66F0074AAFDD513C640B4C7140AE365
SHA-256:	CD77D9133794BEAE2A2FB4D968890A6EBCBDBF5144CC342FC83587735FEC10C6
SHA-512:	52AE48824532A0840FD4082332BB7D83668E37F777776C4098E3D379BF8F8B709BE3730360B8DFFF311B61F102D9BC0BC7834AF7E9903A4E4336B32CE909742D
Malicious:	false
Preview:	MDMP..a..... .......U.f............$...........x...8.......................N...........`.......8...........T............-...q.......................!..............................................................................eJ......0"......Lw......................T.......\...".f.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B4A.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6726
Entropy (8bit):	3.7167613702482543
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetb6MXBmkWYyZzW5aM4UB89bdxDDFfGKfm:R6l7wVeJ6MXBmNYycprB89bdxlfGKfm
MD5:	8B12A6FF776235A776EA6A9CC661F42C
SHA1:	327DB96CA43470FECFCC7CCCFBBDCC94CDCCCD4E
SHA-256:	5F0A7335ADE207FCA3ED2140846F56D0FC8F26E92FDF6DD362E4FD16775C9A92
SHA-512:	9578E2650A7F402BF25927B8811B503FF35A751F5984AC043735160C94B8801A57CC1CB89C1955DBC4E3171E2A038D27F00D4CF6A3EFBD55C26217D70BEE05A9
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.3.1.6.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B8A.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4603
Entropy (8bit):	4.411212185165714
Encrypted:	false
SSDEEP:	48:cvIwWl8zsQJg771I9vsWpW8VYSYm8M4JD2+SWF4yq85/pCR4X3l1d:uIjfWI7gF7VCJA/iOS3l1d
MD5:	90DD9C71EE656B42D5A0489657EFC0A1
SHA1:	436ADA40DD34BDCB762C233A4E9660F5FA25C6C1
SHA-256:	D648CE73344BBB377510EA21EF64E6DF478BAAD028FDB2EAAA80C2DB59BF6941
SHA-512:	ED92CA94C45B1AE4E3DEAC217946ED6221E6810F455DE2464F9A4824C3AD470B7916B5D6742A1375F4C0514AC9D7DE7D53995B459FF6799FCAE38256C2315B32
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="429285" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4BB6.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	82020
Entropy (8bit):	3.024582262277265
Encrypted:	false
SSDEEP:	1536:VL7SZZChl+Jh8D/9ai7zDpiQuK+swaURXtE:VL7SZZChl+Jh8D/9ai7zDpiQuK+swaUA
MD5:	57BA76B5CF06F5B190A74EB9A981A2AA
SHA1:	720F9BC819CEBCD5C54D383E866CDB80488B5614
SHA-256:	D1E543672CBE8FD845DBD3B120DB9E9191B9176D14B01FE1917D9553D5CBC026
SHA-512:	AAC900F3E1CBEAE93332DE684BA1BC4C74FFEFBBF666042AC8FD9D49924BFE2FD3D3C48F5E47B4CEA1EF8B2BAEDB9AFE62BDA62FF8ABD7C091025F5530485F64
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C06.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.685623798077692
Encrypted:	false
SSDEEP:	96:TiZYWTAavBQfYjEYjcW/H2YEZi5tHiPICFuwv5j3aH03MGnGIeW3:2ZDTzq/U7O1aH03MGnBeW3
MD5:	11087BC1AA84F9B28BA56BFE1DAA0FE4
SHA1:	1ADB9040F0308E8A926681B6239953167A3D910E
SHA-256:	727F945812ECFC73326708E99A6858B5E737F09F11B60CAA0C56A1F883CD0A9B
SHA-512:	6F2514F075E3CF9C033FBF38A27D4FEE04FBFB1522337AA9611E9D58BC099684E36095449D6CB9DD0E4795D3E1729E59D2BB62F0E25387B748BF7AC99673E37E
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl

Download File

Process:	C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
File Type:	data
Category:	dropped
Size (bytes):	456
Entropy (8bit):	3.2341395630162877
Encrypted:	false
SSDEEP:	12:Ml8Pi7t8+d/fQfjfEWNfElsfghFfShFfgmSem4emzYWr:k8APd/oj8i8ls0FSFgID7r
MD5:	40AB00517F4227F2C3C334F1D16B65B4
SHA1:	F8D57AF017E2209B4FB24122647FD7F71B67C87C
SHA-256:	4BAF4B78D05A28AF7DEE7DBBCE2B4EDF6053D9239C1756C932BE9F2FEEE4EF85
SHA-512:	75D74306F043B864295F09A60C19A43494C226664733C99318989CE5C22CB9395BB407FB5C8C0268AD9184A79813304ED5FC943A6B53DB54F5F225CDA31650E3
Malicious:	false
Preview:	C.o.m.p.u.t.e.r...{.2.0.d.0.4.f.e.0.-.3.a.e.a.-.1.0.6.9.-.a.2.d.8.-.0.8.0.0.2.b.3.0.3.0.9.d.}.....D.:.A.I.(.D.;.;.F.A.;.;.;.B.U.).(.A.;.;.F.A.;.;.;.B.A.).(.A.;.O.I.C.I.I.D.;.F.A.;.;.;.B.A.).(.A.;.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.C.O.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.I.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.-.1.-.5.-.3.).....

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115200
Entropy (8bit):	6.220309385007289
Encrypted:	false
SSDEEP:	1536:RQsjbnQsiAEVTEWeFENdEUD1/H6BELpsV4vN8qdnJNXq8Vc3:RQibZibeFENdppW54NdvXq6c3
MD5:	E6CAC6ACD18D0BBAD9C2384B1DBEDE84
SHA1:	63004A83FF18CCE911BC74D27C1A2B7BEA9CF4C3
SHA-256:	9BC6EDD286F4DCD83E57B541BC99038F7E902DE943A6FD528BA485DF1187FFA8
SHA-512:	43C745D49AB82809C24E5EE62E11406B12B695140117EB1012111EEA3B73F9B34B5ADE21A1DB3AA1FEAD982F266B05646A08A4813CBA2EA950C59A73AB069FB3
Malicious:	true
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......Zq....`... .........................................^....................................@..l........................... ...(.......................h............................text...X...........................`..`.data........0......................@....rdata..@d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	2847
Entropy (8bit):	5.56218878604364
Encrypted:	false
SSDEEP:	48:CFdHW54yclDYcm9FL3vU4bcPPE4bcPPTM94bcPPZ4bcPPA4bcPP84bcPPcWIe18m:idH9NYJ9Vf3YPHYPTNYP6YPTYP/YPV3/
MD5:	84DC05C9BB86705E04922F07504B4927
SHA1:	DF1E54ED89D0DF43D3A53A0EB4F963CB9C3AE56A
SHA-256:	700EA53FA8FD4A29D77CFF1C57FD4B456071AD083EC58873238DBB23644E8634
SHA-512:	E874ABC5CDA0AFDC9D0B3D3DB5818597A4669FB410A6A0D83A98344FD70A2194309782D6F21C19D12BA84686C96EBC487122899F7DAD0C17B33EEB26CC976D3C
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=81f395a1)..[I] (sys_init) -> Done(sys_uid=c76a8f0881f395a1,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[D] (ini_get_sec) -> Done(name=cnccli)..[D] (ini_get_var) -> Done(sec=cnccli,name=server_host,value=c

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	Generic INItialization configuration [cnccli]
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.104102844508187
Encrypted:	false
SSDEEP:	6:1EVQLD4o8WnuJO+70X1YIzOD7kXpTRL9gWVUDeLn:Cjo8DJO+70X1YeC7kX9vgpKL
MD5:	91D86E531FECE0D34AD78D947FC7331C
SHA1:	52C9A7C16634637E9DB31A6CE63850DFB170B44D
SHA-256:	A885C71096995389DF3015B194B9AD10AE24C4328F4322932D6455398B2FC653
SHA-512:	1EE4ED0F8045670DBEE2C5C4F8100C362B84C1CCC1A2E7F4FD1E97EC057055F1A8DC75A0CE349CC01DBFFA2B18E7C7C2288845641358CA3A609B0E6FBD9F49B5
Malicious:	false
Preview:	[main]..version=400004957b19a09d..[cnccli]..server_host=c21a876e..server_port=41674..server_timeo=15000..i2p_try_num=10..i2p_sam3_timeo=15000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	104448
Entropy (8bit):	6.25639342609658
Encrypted:	false
SSDEEP:	1536:cTa6mu/WYUIdcVVKwU4k+EFfgvVFc2nx7ehX/DhZB34:cTa6mu5UIdc/KwzrGgw2x7ehX7hP34
MD5:	7D37AB1E97BBC8593665FF365D8C96B7
SHA1:	B42A6717F91A4C538A4979AB1F0A9CC58485061D
SHA-256:	1DA31243257B0EBC79BA57CA98E6A3A1996CC4E2641E96098561CDCB1FA3EE46
SHA-512:	60B3683FA7BCA42932E02AED4615E67264F31D6F85BEBCD3EA7187B9F7A9F79270341496432C07F7E9B10A3172AF22D636206FA5B89514A693405EC9D61F678D
Malicious:	true
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\.........?..............................0.......'....`... .........................................^.......................$............ ..l............................v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............\|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1021
Entropy (8bit):	5.4436306974457125
Encrypted:	false
SSDEEP:	24:CFAGHS+5lGyclY7Gfy6BgT7cRE9FLxJDJt0ERbSXee:CFdHS+54yclDYcm9FL3vU7
MD5:	8BD5B6F80F6407078329F58F97A25B42
SHA1:	1349DE7A5C1235B3C6A2F2331641A31E37A2198C
SHA-256:	B41054EEB3003F4983D2CBAE2448F38BD3CCB393B0AEF17C01AC19F556A20A94
SHA-512:	EBDDB1BE707EC351CA7BE2A81456D09A9224296B0E37A79E89786FB003DF0C55FC6251E42EFF6388D7E51F33CDBB860D34203FF4D118B4A5D375E7182DC709A5
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=81f395a1)..[I] (sys_init) -> Done(sys_uid=c76a8f0881f395a1,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffe11ecb0c0)..[I] (tcp_connect) -> Done(sock=0x1a0,host=7

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	92672
Entropy (8bit):	6.241321016680509
Encrypted:	false
SSDEEP:	1536:uVq4VcOpVJ7Z4LB2gnUYQulkvJp0qn2goggVoOHDE:uVq4VcOph4LB2khdkYq2goggM
MD5:	FB3BDB27D9C479148F3545ED99E65980
SHA1:	A5860563DE81D8B74A1C842647E8F4AC7655842A
SHA-256:	2B5DC45E89700D4B991ADDED1AA097641D60932B7BBE2C12FC8536B9D46F15A6
SHA-512:	A26D4B169C4061FC7A2A5FEFAEB4AAE0E9A28211FA28F42B929EAAC3721DCBDD17A17ED6E77A79C17D93355CF85E4C46118E42D4F527ADF054AB1CC79C8B4D74
Malicious:	true
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....f......\.........Io....................................W.....`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	7685
Entropy (8bit):	5.3887730960177604
Encrypted:	false
SSDEEP:	48:CFdHs54yclDYcm9FL3vzBMrGtUEOYEdHE5QEMcEah8neYMAdtSn2EF:idHrNYJ9VfzBK5EFEJEiEvEy
MD5:	B9C2B3A2DC6A87CDF6E30EBB6D4E5251
SHA1:	DF4212C945A85D02738F6EC974602862D7E20EA3
SHA-256:	088D2AE029308BE8AD8CE0AEA797F6D86CC5457D9C2F9516176B51E5C4F8789F
SHA-512:	47832A15A50F073139A5F51B3F28E61160C6C0A14929D0BF495E824896B36108A7B8037FC702A49A633E5B43B7BD57C3107B6958AAC2C8DEEBA7B55507AFBD43
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=81f395a1)..[I] (sys_init) -> Done(sys_uid=c76a8f0881f395a1,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (server_init) -> CreateThread(routine_gc) done..[I] (server_init) -> CreateThread(routine_accept) done..[I] (server_init)

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8812
Entropy (8bit):	5.004039288486309
Encrypted:	false
SSDEEP:	192:b+FDwgDqM/VN8TWEMX4XpFsn/7BvvFQ6/C5:S3N8KX4pFsnS
MD5:	1256DA672B8F39A275FE17E6C716F822
SHA1:	B156C2186056CC5BFCA84549DD53F796936B2F6D
SHA-256:	44DC1F938213E09A6EF6A64A9F14804530AE53F41E71813EFAF651D9516E246E
SHA-512:	956D431C83ED0DD59D6F1F3101DCBCAD0C6BC1E06031141AAA236F7115A6CDAF95CCEA09E42CF1047D2205E8B37F87EA17BEBAABFB9C85B96D6FA12DE1C7F403
Malicious:	false
Preview:	## Configuration file for a typical i2pd user..## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/..## for more options you can use in this file.....## Lines that begin with "## " try to explain what's going on. Lines..## that begin with just "#" are disabled commands: you can enable them..## by removing the "#" symbol.....## Tunnels config file..## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf..# tunconf = /var/lib/i2pd/tunnels.conf....## Tunnels config files path..## Use that path to store separated tunnels in different config files...## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d..# tunnelsdir = /var/lib/i2pd/tunnels.d....## Path to certificates used for verifying .su3, families..## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates..# certsdir = /var/lib/i2pd/certificates....## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)..# pidfile = /run/i2pd.pid....## Logging configuration section..## By default logs go

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	66138
Entropy (8bit):	7.828263238514239
Encrypted:	false
SSDEEP:	1536:DcfdIJTAe0fhT4Fv/XkiO2ZgYd3218xs3svEykZd:aaTHl33O2u4XOsvQ
MD5:	166C6727028BD4F428E411ED225117C6
SHA1:	D08CB3E69EA6CF633349F990229E87CBA4BCD72A
SHA-256:	63A0993B931DAD9DCCF08EA48A0D8E8BA94652EDA5BC84F787E640CDD0FC800A
SHA-512:	90EDF532080C61E9FEE3B8C884E8894B8A52955410489BBCBA3A53AB7A2E291EC2D382A2CB1F5B304762207CBC1971F4A440281A5653257E7223CE171B3646A0
Malicious:	false
Preview:	I2Psu3..................................1721890600......reseed@cnc.netPK.........3.Xw.H.....a...;...routerInfo-6bL8xvKABpTmmQ-0qofqx9csy9SWPBPDE3hUrYsOrWo=.dat;t....C.>%.6.........Fh........E..e.<..Y..g{...k.W>6.\|......3..~...F...Z..z..+.....I...;U.....X....>..........'..x.....X.B.....X2.Kly..-......L....3m%..+3...R-uC]..s#..}..mm.Y..JlY.,.....muR.C}R}C..+u..}.3.........+..#.K,L..J..\|.+.m...l...9`.`...5b...XPl...l..=:I...~....E..>.!.....&..~.......i.&n%..e.X....\...i`.......o..[.V.....[Q..d..k..h..s#.C2.Y..iA.y.%.) q. +%I/;/.<.'5.858.......Z.I(..$.............+..e.....Y.ZX..N.Z.......<g.~...-}.....f.E!.....G......Q[..e.;.....l....M...PK...........X.r.........;...routerInfo-bfaXwwIiRX4zIAbSubKcynpxGzaHUWg7O6~I62TpPWI=.dat;.......f...$.f..._.>...9~.....-"{Z..Y...M(...)P.Z=......[.F....w...W.gF.B..Ys.[,..*..Oz.v......~V...v f`..xe..3.....8..1..d.....Z...........5c...yVi....i...srq.c^Z]FA...5KA~Q.-......5c...E@.A.yNT.y^QpIX`D..nEi`xe.....eZ.O.A.a.

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\u3cozamv2napan6s563do2h7pnvzklvqd43ogmp2xjqrbfpnktra.dat

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	7.54503657449518
Encrypted:	false
SSDEEP:	6:LTv7HdsQGR0IKV39LmIlsNbJEwDf13Sj8pBeJ5/ufYSQurQBfw4NyvuqBOukTWRX:BsQR9x1lO2eN3lOWeu6wBv7kZT3AjGoB
MD5:	46C0D6C7E1CDFD23468544ED40C2007B
SHA1:	B8862DC7FE9D30CA3BBCF41ED462FD16C40F539D
SHA-256:	347F36159022F246BA983EE0369DE2B658D75AB62B84CF5B931F6EB58C9AC8CA
SHA-512:	40DA50FEFA6491D19A51662CDC2F52032C56548898B48654A13FE75698C8194E2FEC6C64D330B40AD6DA513349343E08622AE7ACCB63A0DF16FBD3061F7E1ADC
Malicious:	false
Preview:	......&..].....q...Wb\|L...>.........b...?&...#.6.j..?4...R.Q.ZH..~.......~fs..`. 6.....BR.^@`....~.......i.p....H..._W..V$.m......X..{.i[3...q.1...U....l...)}..n.... JxM.u..(.!..u...i."l...Sl.&:.).de.R..].v..;.{*...b.v..&.....E;\...0TK...s.....:.z.!..4f.....t.b...$...f.....r....:..!...p..t.$....\.Tb..o.2.k.d....7r%..v+d.ZmEA.....Q...0....C....q.....M.4H....a...!je...........ct.dS...../.......O.&j..+..b.r.XR.B..[.@.X.iZ&....ko.B.YM2.....0..m..$..x.../.....T..3..$1W..1.5...8..

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\i2p.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	35948
Entropy (8bit):	5.732819539542859
Encrypted:	false
SSDEEP:	768:Wm7qbLsUxWm6ABcbH6L00ZI7kX2MFu95eKbMmrqL6U+gsXnc1EZN8xso:xebL76AeH6L00ZI7y1FkeKbLOL6sz1E2
MD5:	2B833954E244E54292022334B2ECBE32
SHA1:	AC6052F7105B4BA10EC52A5C57A8E318CA164666
SHA-256:	252BEE5FC4E082BC6C7DFD10E6B631EE1C1D6CE205B06B24CB53493CBBD56D19
SHA-512:	D98AC5FA5EC4C422E88A33EF33DD8D349E900B58EE3DB505B511B38D321B83D3CDA6615C505EF95056646AA1C5D48F2C44501E9F6ED36D37625472A15A0FE485
Malicious:	false
Preview:	07:42:27@471/info - AESNI enabled..07:42:27@471/info - API: Starting NetDB..07:42:27@471/warn - Family: Can't load family certificates from C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\certificates\family..07:42:27@471/info - NetDb: 0 routers loaded (0 floodfils)..07:42:27@471/warn - Profiling: No profile yet for 6bL8xvKABpTmmQ-0qofqx9csy9SWPBPDE3hUrYsOrWo=..07:42:27@471/info - NetDb: RouterInfo added: 6bL8xvKABpTmmQ-0qofqx9csy9SWPBPDE3hUrYsOrWo=..07:42:27@471/info - NetDb: RouterInfo added: bfaXwwIiRX4zIAbSubKcynpxGzaHUWg7O6~I62TpPWI=..07:42:27@471/info - NetDb: RouterInfo added: DsvYfImUtDCJJtgrbBnvQrAkmeoDKe0r2x83Z2hjhDM=..07:42:27@471/warn - Profiling: No profile yet for E~S2QXf4oG3NCnl1gsCQbfzeFkaqevgyrjNf4Gn~raY=..07:42:27@471/info - NetDb: RouterInfo added: E~S2QXf4oG3NCnl1gsCQbfzeFkaqevgyrjNf4Gn~raY=..07:42:27@471/info - NetDb: RouterInfo added: Yly5nfw26VoRUHZZ4n9sI5UX4qoCFdMy2CVSZfOSXEM=..07:42:27@471/warn - Profiling: No profile yet for RGsysDsWkTToSgU

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ntcp2.keys

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	6.04692809488736
Encrypted:	false
SSDEEP:	3:twkosSJqm4tfNSQmwIJNIvrGnUanyon:twhkdm/Qr0xntn
MD5:	088FD090806D9F30F05D7DDF887B8461
SHA1:	1D30EDE540B1586B0B43A0DF4D3550EFF19C2BDF
SHA-256:	BBD6B1AF38CB7928732A7CFBAC014222A5A8DE5A1C845E213AACF2D7D42D13FA
SHA-512:	C19ED74C85EA79576D57AAF8668FA7C618426BC465FCE3C893D77800008BA2CFA91620070E7C7B0043B3BCB27D1EF680EA7A723918ADBF9F9E2E64C2366ECFB7
Malicious:	false
Preview:	qU.q.JPZS.y....Z......#....6...9..(v..#.......J.........;..Ya..&..b4.4.}B...C

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.info

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	721
Entropy (8bit):	6.555614565086438
Encrypted:	false
SSDEEP:	12:LX/s7/////////FqHxK8JAkkhHkf26oOBTasn:LX/s7/////////YHxEvBkFoO9asn
MD5:	F9174E6B41A6A473158AC1F966914B27
SHA1:	0D830BA98D7DE564AFC2F8F67BAEC7C4C61A7626
SHA-256:	CFB88F9DE843929A22C655D25E222A29624714AB760176AA51081EA9CAEBE8D6
SHA-512:	E196743204C120DB161469C645293F85C5EC8A675A41B7A17099A2395D271383A9E45C5AC987FA777D09198842167D46C432E2BDE6A67C24C18FD6D9B7280D07
Malicious:	false
Preview:	.....t.....>.<...3...z.m...$G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4...h6.u$85zg.VBuy..zN..Z.~...<z.............Gu............NTCP2.@.caps=.4;.s=,cVW~cdVKUFpTDXn49-rcWh7P9b8ctCOGo5gYNoOlxzk=;.v=.2;..........SSU2.q.caps=.4;.i=,BKpOpplv9IdWJmss8ehKutgTbuqppS-EA4g8SXHlz-M=;.s=,0tVzlo-KxQNzHhjpDb3vgoLTBL2u2VM4YkeRvVBsbX4=;.v=.2;..,.caps=.LR;.netId=.2;.router.version=.0.9.60;3.hFy)N..jJ.o..C=CkGd..}.....<c..-.W.`Y....!l...$.BK.-m.Y.D..

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.keys

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	455
Entropy (8bit):	6.1261765648099615
Encrypted:	false
SSDEEP:	6:m6XAAd4UdSfTZXFZXFZXFZXFZXFZXFZXFZXFZXFZXnMr9aeISo+:LX/s7/////////QL
MD5:	3AD796F50EBAAC900603CC60C06246F9
SHA1:	9130FCF951C4DE74C7CA2D18C52EA533D6259921
SHA-256:	40D236A1884062D7B72F9BA5547A46E8091F130646CFC1A0C0C46D927E7142DA
SHA-512:	23C3F2F61DF73AC9189A994ACEAD8FE3EE00A53EFE8258931C0D724362A30FAA0343C9AAD410F8ED35DD99B96EAC76A5C9A3F0B21093191B0211C4C2AE58945E
Malicious:	false
Preview:	...*..t.....>.<...3...z.m...$G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4.G..I.:lo.d3M...#.r..@.....4...h6.u$85zg.VBuy..zN..Z.~...<z............+2...,....'........4..;le6.)s.?!.\..F...I#hEhK....!};..

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ssu2.keys

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	96
Entropy (8bit):	6.256735677759421
Encrypted:	false
SSDEEP:	3:fUjW7uFKnPLdUm1C/gIvlGmNvFz6uDOa9v:ffuFKhUCC9lvFdOG
MD5:	2E83436E40600D923E27A3FE7505BACF
SHA1:	A6FE348694DB4FFF62E59D0FCC1F122E4DAF0B78
SHA-256:	0FFFA8B889AE0034815A7EBA24709739C31D81AC6E7F62B5B1FA8FF6F98FABD4
SHA-512:	0F5494E7238C3B11FE50006E651A8689322815D79AC78E36543A40455DCF31E96285DD9DD02840967D30F9652224BA536524E041F7AE4109E917E5C76445FAF6
Malicious:	false
Preview:	..s.....s...........S8bG..Plm~...i'..f.4.MI.h.T.,.@..;(..(..VM..N..o.V&k,..J...n./...<Iq...

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	9146880
Entropy (8bit):	6.674746222402691
Encrypted:	false
SSDEEP:	196608:k1XYZ4Q+Kt8eiMFbO1CPwDvt3uF8f339CME:k1XgfieiMs1CPwDvt3uFe9CME
MD5:	FE7ED803A7F672FAEE4587732B2C6E0F
SHA1:	DF209D1B055044ABF4C0A6D4DE3EBFCD8D7784E1
SHA-256:	154C3DCA584BB1F78C7AE7688D70998F2B62BED8884267E3FCF150BFEFE2C9D8
SHA-512:	06E185F1689E7B5DFEF6625D99FF14DFCFF6C2203E9BE323FED3B6A9684C5179964969546D42F4639DB878903981BB15E0A8F62A1C5B2B0A47FA3496E05FDD3F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...R.me..........."...).t]......R..0........................................P.......o....`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata.. >...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	89088
Entropy (8bit):	6.223370120951598
Encrypted:	false
SSDEEP:	1536:2IiMbJINPr6fRHJ4PuAyMonJqYcNtnOIkqGYtDtm3:JiMbJINP+fNJF/tJotOIpDtm
MD5:	CFCBC15615FFC698507D32C0A7D21134
SHA1:	F6DACCE59F78CA4EE6622C4A340923282EC3ADDE
SHA-256:	A653F5DBEB0DDECBC16C70B0B8C9471ABB30C66032C2EE951DC36265F899D7D8
SHA-512:	0AE08C2A2D56B976CBD748273A7AB8011F3EB82A22D58EBF44B73602FFA808E9A111A60AE250D441D11196522FD4C1AA6EC79193375EFFDC0207FFE7BBAB61DB
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....X.................@....................................x.....`... .................................................P............`..X...........................................`B..(....................................................text...h...........................`..`.data...............................@....rdata...P.......R..................@..@.pdata..X....`.......0..............@..@.xdata.......p.......:..............@..@.bss....P................................idata..P............D..............@....CRT....`............V..............@....tls.................X..............@....reloc...............Z..............@..B................................................................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4672
Entropy (8bit):	5.344035828155934
Encrypted:	false
SSDEEP:	96:idHwWYJ9VfyHzHH0Hf0HaSHvmHu5SHSGfipmHSm5SHLmHOn5SHHSHvmHX5SHpmHc:AziT6Tn0/06SOO5SkAz5Sic5SnSO35SV
MD5:	71CF5ECF6CEF5D4BB72013249185FFE9
SHA1:	2D4C3F9AC13559041648546C2F2576FDB6F3C9C1
SHA-256:	CEB4CDD83D1266759AA781FC988FD6DC97C236C3CFC8555907E42C8BFBDA65B1
SHA-512:	330F483FFB9649F2C3BFD05A288788433F8BCC9060185DCCCEFEB65D691B83196BC468AB060915CA3C4F57BF187F69C167EFB74DF5102756451BA8A0A9051A63
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=81f395a1)..[I] (sys_init) -> Done(sys_uid=c76a8f0881f395a1,sys_os_ver=10.0.19045.0.0)..[E] (package_install) -> Failed(pkg_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,tgt_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,err=00000003)..[I] (fs_file_read) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	105984
Entropy (8bit):	6.293384667837124
Encrypted:	false
SSDEEP:	1536:ZPwYKFFHK6Qt+mPIg3aQtvv4+kWn+DnP8XprSCYA8CSs8qgu06wCYA8CSs8qgu08:lwf1KpFIg3hvIWmnP8XpD
MD5:	B85FECC5E81D0CFBC3750C06E4A11412
SHA1:	0F57603DB18BFE0A5EE50D618184E9ED4FCAFD7F
SHA-256:	9FD76374C6E19923F99411D6F9BBF6614C94D81CD47630314C2AE21A94DF40A8
SHA-512:	97D553317BB4D276E7F5F3C5808DCB8717319047512DEF6B96DA17D57248FFD5E374833A98F767F14BD8F3059DE464F7829D47C65D969BE868431FAAF6A61C1D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................@......bt....`... .........................................^.......................T............0..h...............................(.......................`............................text...............................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss....@................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1167
Entropy (8bit):	5.50821312859817
Encrypted:	false
SSDEEP:	24:CFAGHr5lGyclY7Gfy6BgT7cRE9FLxJDJt0ERpX3HeAOp:CFdHr54yclDYcm9FL3vNXeD
MD5:	395FE061A21CC810082DBF7FA38C2A2D
SHA1:	03BEFD760DD20181D39F8DD4AB636B5EE1892E9A
SHA-256:	E82885A919E2AB24DABED793E0B747B1DD7BA0551AAD35259C5E31866FE80E09
SHA-512:	593B2739CB930B1AFE537AA7C9E639FC0B79CF6025727634AD013B90E54D050B286B08736E008809283B1221E4CFAF20DF4A971D65F69FA771006393A7AFED70
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=81f395a1)..[I] (sys_init) -> Done(sys_uid=c76a8f0881f395a1,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffe11779d36)..[I] (tcp_connect) -> Done(sock=0x168,host=7

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	129024
Entropy (8bit):	6.3129183036473915
Encrypted:	false
SSDEEP:	3072:7LZ2Dkkvacm5vSs9dHoLDS6o2zhoesVR8sZnv:/RLk9o2zk
MD5:	FEF8651F5F797F30A37D7CD36BEA31AC
SHA1:	8E85D22FB5247A69C1298D703D629DD46BC44C74
SHA-256:	4083F67D11E7DF827BFF6C665B29F39FB197B4BA608D5C39ECFF46EA9A0B61F0
SHA-512:	9C69D66690080A341C25EEB9E258FDE4DD4E94B80AF0085753E758378C1E1790FAEF48C7384AD5171C63BE156C68D0F207ECABF78D8AB5F367E04D5A34828851
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.:..........\.........,.....................................~&....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text...x9.......:..................`..`.data........P.......>..............@....rdata.......`.......@..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1354
Entropy (8bit):	5.503826806085153
Encrypted:	false
SSDEEP:	24:CFAGH75lGyclY7Gfy6BgT7cRE9FLxJDJt0dk1RDoyXegYcRAENmMeAOp:CFdH754yclDYcm9FL3vBycLMMeD
MD5:	9863DDA07140FBEA82332DEECC99BBC8
SHA1:	78E89D75BE3C7FA71F2DDD0C1EE7C496F445DA8F
SHA-256:	603DD9ADC9A869CFBD3B3E3AD0AE8A674F4EC87CF0F09631F3834C2B7DC0755E
SHA-512:	17C55D930BA1D7BC3C9510698612A56870DA08BC74C1ACB5CAC8599782871496DE80B74921D0C5F261DF63ADF106EBAA45074C19E2C7DEA8EC1AB8B3A441F153
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=81f395a1)..[I] (sys_init) -> Done(sys_uid=c76a8f0881f395a1,sys_os_ver=10.0.19045.0.0)..[I] (scm_init) -> Done..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (proxy_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffe1174

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37376
Entropy (8bit):	5.7181012847214445
Encrypted:	false
SSDEEP:	768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
MD5:	E3E4492E2C871F65B5CEA8F1A14164E2
SHA1:	81D4AD81A92177C2116C5589609A9A08A5CCD0F2
SHA-256:	32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
SHA-512:	59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............\|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.2749560583234105
Encrypted:	false
SSDEEP:	1536:9s2Ppklhc1NUWdaC/fHdHqTjhcqiBMAW4LFLvkgTzn6X8Y6ow6S:RIhc1NUWkC9qarBMILNz6X8Y6owz
MD5:	D44FBD8760E79F5D950DB5BC6E86A398
SHA1:	2175264673A9A5B7AF024D8E8F28879B1758ABC8
SHA-256:	AD38977D88E19C24793C6AEE42B6389536B6879FAA50E2438350F140247A9DF2
SHA-512:	9FD106939BF686D53676669755272CB59B2CCB7909BE27B40C7261988264E801CDC94503F3ED70B95CB0980C65153AA0CC66CA764C053846C4626FDE86E122E0
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................P.......K....`... .........................................^....................................@..p...............................(...................X................................text...............................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1926
Entropy (8bit):	5.477443278024766
Encrypted:	false
SSDEEP:	48:CFdHr+54yclDYcm9FL3v6V//5ZR5+sR5HR5ikfP5OKXbeD:idHxNYJ9Vf6mD
MD5:	0902968352608006AF4E59AD64C7AA17
SHA1:	1B9501FE6D0197DDA5DF6BA8DBD88C79E04874CD
SHA-256:	B574AFAC1B71A24313654134086F8574F26EBC8365F3BE18CCAFD181B4345F00
SHA-512:	107F64D20F076F4576B0F0A31C6CA6C3052402E9DB8B74D6468BE8B3133BD4955897310B6E471E9CD60FA8F418F67090B4CFD470590AC150E7A5C51616A3C651
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=81f395a1)..[I] (sys_init) -> Done(sys_uid=c76a8f0881f395a1,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (sam_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffe1171e21c)..[I] (tcp_connect) -

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.229599360032918
Encrypted:	false
SSDEEP:	1536:TP9ubSSddAQnoS8S1XsonSimrEozPyHzCnUbPICBL62:T1ubSSddAQoS8S1XsonGwW6CUbAC962
MD5:	BF5D5BA471AB0266F991095FDCF74140
SHA1:	42E890322966B7F2F9802C9E22269ED339C2969B
SHA-256:	91DB57A2B77AC18B9605B08D7B926F9DC32C7E7D6F4047FBA0270A4403C288BB
SHA-512:	B9F0113802C113F9FF5975989CC6CB9735CBE62D881E009FE853938604837996412332679C7EB7022B734401B2580D116566F7BA51CA62F787CF1D617B9EBC96
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....`......\...............................................B.....`... ..............................................................`..................d............................I..(......................h............................text...X...........................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.ini

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	Generic INItialization configuration [SLPolicy]
Category:	dropped
Size (bytes):	435089
Entropy (8bit):	5.449337416498263
Encrypted:	false
SSDEEP:	768:DUoDQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb8x8Rr/d6gl/+f8jZ0ftlFn4p7V:TG6Gl33L+MOIiG4IvREWddadl/Fy/k8n
MD5:	8CCA461A362EF864BDF35EDDE9F8E7A5
SHA1:	83E7254EAA34C130EA56965E4CF46610AAF69C8F
SHA-256:	785639D13771B021F191EC60E1C8E3E2EFEA164D2005F297A24559AEB0F58CCF
SHA-512:	E01B175FAD5C6F718C9A504B49A516F270A93A277D8CCD11A41713CC337489FA0FBC3176B629A9A368A65D48CC31685F02DB6FDD486B91F31DF9F621E636817F
Malicious:	false
Preview:	; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-06-28..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg

Download File

Process:	C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
File Type:	data
Category:	dropped
Size (bytes):	10448885
Entropy (8bit):	6.7084700728650555
Encrypted:	false
SSDEEP:	196608:D1XYZ4Q+Kt8eiMFbO1CPwDvt3uF8f339CMEv:D1XgfieiMs1CPwDvt3uFe9CMEv
MD5:	B19DD73939F4D3249E87008653BFE5F5
SHA1:	936A1DE5275E0EA2E4BC9BE7B724736B135B5BE4
SHA-256:	7403BF80DA0910E3279FA603AE2D573B06F11D3D72585664965E593DAC92A0B6
SHA-512:	103918920927C6E8BAC17293AB24E2E543B69FE3455E345FAA8A43C0B10F00827F4310552611EC349A1E3B6B02BEA8416A5DB52FB7A86A55D9E3D4DCF5FBF7F3
Malicious:	false
Preview:	.......cnccli.dll.MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......Zq....`... .........................................^....................................@..l........................... ...(.......................h............................text...X...........................`..`.data........0......................@....rdata..@d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B.....................................................................................................................................................

C:\Users\user\AppData\Local\Temp\installer.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3484
Entropy (8bit):	5.491937416555677
Encrypted:	false
SSDEEP:	96:isYJ9VfDT0HU0Hn0H1Zt20H10H+kQHR3fPgRqY0HNVHyHH0HltHV2:DiTLT000H0Xt20V0TQxvPgRqY0tVSn0A
MD5:	0EB6CEE38404B3E023D45F0DA45D6284
SHA1:	46EC942239ADE21AFDE763C33BCA59DE6F2C2D52
SHA-256:	223E00087E3C52617104CD2829A346952AC345EAB8080EE3190F0C1845995EF0
SHA-512:	C593B32DA7284397244452C452841DCD20EAF35C013FB6A212D8AC75F5A600765054D2048112EDC736A5F1F4A5E00CEA7EDC3C03B7BDA824E6FBC28F3E69F1C8
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\user\AppData\Local\Temp\installer.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=81f395a1)..[I] (sys_init) -> Done(sys_uid=c76a8f0881f395a1,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (fs_path_expand) -> Done(path=%PUBLIC%,xpath=C:\Users\Public,xpath_sz=15)..[I] (fs_dir_create) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,recursive=1)..[D] (fs_attr_get) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-10

C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe

Download File

Process:	C:\Users\user\Desktop\QTmGYKK6SL.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	10636288
Entropy (8bit):	6.704916902027684
Encrypted:	false
SSDEEP:	196608:F1XYZ4Q+Kt8eiMFbO1CPwDvt3uF8f339CME:F1XgfieiMs1CPwDvt3uFe9CME
MD5:	1455F96A3552BFFCBD01FB90A2A4447B
SHA1:	A0BEB097FB0F3FD1A83EF3D01BFF8706A40B32C1
SHA-256:	CE82112E8B4476B65B09FCCD1CFF9F2F088FE4837C9129DE3D82CAEE138E6D7C
SHA-512:	D2D8F7667CC44F136F34C30A8759C38AEE3FFBBDAFD1EB6329BF725F3C5CFCD1A0B2F64F9C12FEEE88680719CB4E3498BFC3D96927EF1F14CA6B4F1C79B52290
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 21% Antivirus: Virustotal, Detection: 23%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....H.................@.....................................@....`... ..............................................p...............0..d........................................... ...(....................u...............................text...............................`..`.data...P.........................@....rdata...^......`..................@..@.pdata..d....0......................@..@.xdata.......@.......&..............@..@.bss....P....P...........................idata.......p.......0..............@....CRT....`............F..............@....tls.................H..............@....reloc...............J..............@..B................................................................................................................................................................................................................

C:\Windows\Temp\78a0MAty

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	104448
Entropy (8bit):	6.25639342609658
Encrypted:	false
SSDEEP:	1536:cTa6mu/WYUIdcVVKwU4k+EFfgvVFc2nx7ehX/DhZB34:cTa6mu5UIdc/KwzrGgw2x7ehX7hP34
MD5:	7D37AB1E97BBC8593665FF365D8C96B7
SHA1:	B42A6717F91A4C538A4979AB1F0A9CC58485061D
SHA-256:	1DA31243257B0EBC79BA57CA98E6A3A1996CC4E2641E96098561CDCB1FA3EE46
SHA-512:	60B3683FA7BCA42932E02AED4615E67264F31D6F85BEBCD3EA7187B9F7A9F79270341496432C07F7E9B10A3172AF22D636206FA5B89514A693405EC9D61F678D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\.........?..............................0.......'....`... .........................................^.......................$............ ..l............................v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............\|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................

C:\Windows\Temp\JcfQdL0z

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37376
Entropy (8bit):	5.7181012847214445
Encrypted:	false
SSDEEP:	768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
MD5:	E3E4492E2C871F65B5CEA8F1A14164E2
SHA1:	81D4AD81A92177C2116C5589609A9A08A5CCD0F2
SHA-256:	32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
SHA-512:	59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............\|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

C:\Windows\Temp\M3Cw7G9m

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	105984
Entropy (8bit):	6.293384667837124
Encrypted:	false
SSDEEP:	1536:ZPwYKFFHK6Qt+mPIg3aQtvv4+kWn+DnP8XprSCYA8CSs8qgu06wCYA8CSs8qgu08:lwf1KpFIg3hvIWmnP8XpD
MD5:	B85FECC5E81D0CFBC3750C06E4A11412
SHA1:	0F57603DB18BFE0A5EE50D618184E9ED4FCAFD7F
SHA-256:	9FD76374C6E19923F99411D6F9BBF6614C94D81CD47630314C2AE21A94DF40A8
SHA-512:	97D553317BB4D276E7F5F3C5808DCB8717319047512DEF6B96DA17D57248FFD5E374833A98F767F14BD8F3059DE464F7829D47C65D969BE868431FAAF6A61C1D
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................@......bt....`... .........................................^.......................T............0..h...............................(.......................`............................text...............................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss....@................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................

C:\Windows\Temp\MOjhfx9e

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	Generic INItialization configuration [SLPolicy]
Category:	dropped
Size (bytes):	435089
Entropy (8bit):	5.449337416498263
Encrypted:	false
SSDEEP:	768:DUoDQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb8x8Rr/d6gl/+f8jZ0ftlFn4p7V:TG6Gl33L+MOIiG4IvREWddadl/Fy/k8n
MD5:	8CCA461A362EF864BDF35EDDE9F8E7A5
SHA1:	83E7254EAA34C130EA56965E4CF46610AAF69C8F
SHA-256:	785639D13771B021F191EC60E1C8E3E2EFEA164D2005F297A24559AEB0F58CCF
SHA-512:	E01B175FAD5C6F718C9A504B49A516F270A93A277D8CCD11A41713CC337489FA0FBC3176B629A9A368A65D48CC31685F02DB6FDD486B91F31DF9F621E636817F
Malicious:	false
Preview:	; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-06-28..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

C:\Windows\Temp\N3xHmQBk

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	66138
Entropy (8bit):	7.828263238514239
Encrypted:	false
SSDEEP:	1536:DcfdIJTAe0fhT4Fv/XkiO2ZgYd3218xs3svEykZd:aaTHl33O2u4XOsvQ
MD5:	166C6727028BD4F428E411ED225117C6
SHA1:	D08CB3E69EA6CF633349F990229E87CBA4BCD72A
SHA-256:	63A0993B931DAD9DCCF08EA48A0D8E8BA94652EDA5BC84F787E640CDD0FC800A
SHA-512:	90EDF532080C61E9FEE3B8C884E8894B8A52955410489BBCBA3A53AB7A2E291EC2D382A2CB1F5B304762207CBC1971F4A440281A5653257E7223CE171B3646A0
Malicious:	false
Preview:	I2Psu3..................................1721890600......reseed@cnc.netPK.........3.Xw.H.....a...;...routerInfo-6bL8xvKABpTmmQ-0qofqx9csy9SWPBPDE3hUrYsOrWo=.dat;t....C.>%.6.........Fh........E..e.<..Y..g{...k.W>6.\|......3..~...F...Z..z..+.....I...;U.....X....>..........'..x.....X.B.....X2.Kly..-......L....3m%..+3...R-uC]..s#..}..mm.Y..JlY.,.....muR.C}R}C..+u..}.3.........+..#.K,L..J..\|.+.m...l...9`.`...5b...XPl...l..=:I...~....E..>.!.....&..~.......i.&n%..e.X....\...i`.......o..[.V.....[Q..d..k..h..s#.C2.Y..iA.y.%.) q. +%I/;/.<.'5.858.......Z.I(..$.............+..e.....Y.ZX..N.Z.......<g.~...-}.....f.E!.....G......Q[..e.;.....l....M...PK...........X.r.........;...routerInfo-bfaXwwIiRX4zIAbSubKcynpxGzaHUWg7O6~I62TpPWI=.dat;.......f...$.f..._.>...9~.....-"{Z..Y...M(...)P.Z=......[.F....w...W.gF.B..Ys.[,..*..Oz.v......~V...v f`..xe..3.....8..1..d.....Z...........5c...yVi....i...srq.c^Z]FA...5KA~Q.-......5c...E@.A.yNT.y^QpIX`D..nEi`xe.....eZ.O.A.a.

C:\Windows\Temp\TMCsWjkD

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	129024
Entropy (8bit):	6.3129183036473915
Encrypted:	false
SSDEEP:	3072:7LZ2Dkkvacm5vSs9dHoLDS6o2zhoesVR8sZnv:/RLk9o2zk
MD5:	FEF8651F5F797F30A37D7CD36BEA31AC
SHA1:	8E85D22FB5247A69C1298D703D629DD46BC44C74
SHA-256:	4083F67D11E7DF827BFF6C665B29F39FB197B4BA608D5C39ECFF46EA9A0B61F0
SHA-512:	9C69D66690080A341C25EEB9E258FDE4DD4E94B80AF0085753E758378C1E1790FAEF48C7384AD5171C63BE156C68D0F207ECABF78D8AB5F367E04D5A34828851
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.:..........\.........,.....................................~&....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text...x9.......:..................`..`.data........P.......>..............@....rdata.......`.......@..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................

C:\Windows\Temp\ViiRS0bs

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	92672
Entropy (8bit):	6.241321016680509
Encrypted:	false
SSDEEP:	1536:uVq4VcOpVJ7Z4LB2gnUYQulkvJp0qn2goggVoOHDE:uVq4VcOph4LB2khdkYq2goggM
MD5:	FB3BDB27D9C479148F3545ED99E65980
SHA1:	A5860563DE81D8B74A1C842647E8F4AC7655842A
SHA-256:	2B5DC45E89700D4B991ADDED1AA097641D60932B7BBE2C12FC8536B9D46F15A6
SHA-512:	A26D4B169C4061FC7A2A5FEFAEB4AAE0E9A28211FA28F42B929EAAC3721DCBDD17A17ED6E77A79C17D93355CF85E4C46118E42D4F527ADF054AB1CC79C8B4D74
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....f......\.........Io....................................W.....`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................

C:\Windows\Temp\WQZiUkLe

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.229599360032918
Encrypted:	false
SSDEEP:	1536:TP9ubSSddAQnoS8S1XsonSimrEozPyHzCnUbPICBL62:T1ubSSddAQoS8S1XsonGwW6CUbAC962
MD5:	BF5D5BA471AB0266F991095FDCF74140
SHA1:	42E890322966B7F2F9802C9E22269ED339C2969B
SHA-256:	91DB57A2B77AC18B9605B08D7B926F9DC32C7E7D6F4047FBA0270A4403C288BB
SHA-512:	B9F0113802C113F9FF5975989CC6CB9735CBE62D881E009FE853938604837996412332679C7EB7022B734401B2580D116566F7BA51CA62F787CF1D617B9EBC96
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....`......\...............................................B.....`... ..............................................................`..................d............................I..(......................h............................text...X...........................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................

C:\Windows\Temp\XSGUtD97

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	Generic INItialization configuration [cnccli]
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.104102844508187
Encrypted:	false
SSDEEP:	6:1EVQLD4o8WnuJO+70X1YIzOD7kXpTRL9gWVUDeLn:Cjo8DJO+70X1YeC7kX9vgpKL
MD5:	91D86E531FECE0D34AD78D947FC7331C
SHA1:	52C9A7C16634637E9DB31A6CE63850DFB170B44D
SHA-256:	A885C71096995389DF3015B194B9AD10AE24C4328F4322932D6455398B2FC653
SHA-512:	1EE4ED0F8045670DBEE2C5C4F8100C362B84C1CCC1A2E7F4FD1E97EC057055F1A8DC75A0CE349CC01DBFFA2B18E7C7C2288845641358CA3A609B0E6FBD9F49B5
Malicious:	false
Preview:	[main]..version=400004957b19a09d..[cnccli]..server_host=c21a876e..server_port=41674..server_timeo=15000..i2p_try_num=10..i2p_sam3_timeo=15000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..

C:\Windows\Temp\gJinHgIG

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115200
Entropy (8bit):	6.220309385007289
Encrypted:	false
SSDEEP:	1536:RQsjbnQsiAEVTEWeFENdEUD1/H6BELpsV4vN8qdnJNXq8Vc3:RQibZibeFENdppW54NdvXq6c3
MD5:	E6CAC6ACD18D0BBAD9C2384B1DBEDE84
SHA1:	63004A83FF18CCE911BC74D27C1A2B7BEA9CF4C3
SHA-256:	9BC6EDD286F4DCD83E57B541BC99038F7E902DE943A6FD528BA485DF1187FFA8
SHA-512:	43C745D49AB82809C24E5EE62E11406B12B695140117EB1012111EEA3B73F9B34B5ADE21A1DB3AA1FEAD982F266B05646A08A4813CBA2EA950C59A73AB069FB3
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......Zq....`... .........................................^....................................@..l........................... ...(.......................h............................text...X...........................`..`.data........0......................@....rdata..@d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................

C:\Windows\Temp\rJnwiXXd

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.2749560583234105
Encrypted:	false
SSDEEP:	1536:9s2Ppklhc1NUWdaC/fHdHqTjhcqiBMAW4LFLvkgTzn6X8Y6ow6S:RIhc1NUWkC9qarBMILNz6X8Y6owz
MD5:	D44FBD8760E79F5D950DB5BC6E86A398
SHA1:	2175264673A9A5B7AF024D8E8F28879B1758ABC8
SHA-256:	AD38977D88E19C24793C6AEE42B6389536B6879FAA50E2438350F140247A9DF2
SHA-512:	9FD106939BF686D53676669755272CB59B2CCB7909BE27B40C7261988264E801CDC94503F3ED70B95CB0980C65153AA0CC66CA764C053846C4626FDE86E122E0
Malicious:	true
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................P.......K....`... .........................................^....................................@..p...............................(...................X................................text...............................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................

C:\Windows\Temp\to1wcXFh

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	9146880
Entropy (8bit):	6.674746222402691
Encrypted:	false
SSDEEP:	196608:k1XYZ4Q+Kt8eiMFbO1CPwDvt3uF8f339CME:k1XgfieiMs1CPwDvt3uFe9CME
MD5:	FE7ED803A7F672FAEE4587732B2C6E0F
SHA1:	DF209D1B055044ABF4C0A6D4DE3EBFCD8D7784E1
SHA-256:	154C3DCA584BB1F78C7AE7688D70998F2B62BED8884267E3FCF150BFEFE2C9D8
SHA-512:	06E185F1689E7B5DFEF6625D99FF14DFCFF6C2203E9BE323FED3B6A9684C5179964969546D42F4639DB878903981BB15E0A8F62A1C5B2B0A47FA3496E05FDD3F
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...R.me..........."...).t]......R..0........................................P.......o....`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata.. >...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

C:\Windows\Temp\xuutMjJX

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	8812
Entropy (8bit):	5.004039288486309
Encrypted:	false
SSDEEP:	192:b+FDwgDqM/VN8TWEMX4XpFsn/7BvvFQ6/C5:S3N8KX4pFsnS
MD5:	1256DA672B8F39A275FE17E6C716F822
SHA1:	B156C2186056CC5BFCA84549DD53F796936B2F6D
SHA-256:	44DC1F938213E09A6EF6A64A9F14804530AE53F41E71813EFAF651D9516E246E
SHA-512:	956D431C83ED0DD59D6F1F3101DCBCAD0C6BC1E06031141AAA236F7115A6CDAF95CCEA09E42CF1047D2205E8B37F87EA17BEBAABFB9C85B96D6FA12DE1C7F403
Malicious:	false
Preview:	## Configuration file for a typical i2pd user..## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/..## for more options you can use in this file.....## Lines that begin with "## " try to explain what's going on. Lines..## that begin with just "#" are disabled commands: you can enable them..## by removing the "#" symbol.....## Tunnels config file..## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf..# tunconf = /var/lib/i2pd/tunnels.conf....## Tunnels config files path..## Use that path to store separated tunnels in different config files...## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d..# tunnelsdir = /var/lib/i2pd/tunnels.d....## Path to certificates used for verifying .su3, families..## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates..# certsdir = /var/lib/i2pd/certificates....## Where to write pidfile (default: /run/i2pd.pid, not used in Windows)..# pidfile = /run/i2pd.pid....## Logging configuration section..## By default logs go

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465588027990527
Encrypted:	false
SSDEEP:	6144:YIXfpi67eLPU9skLmb0b4IWSPKaJG8nAgejZMMhA2gX4WABl0uNXdwBCswSbh:NXD94IWlLZMM6YFHx+h
MD5:	18A7F773AFC64BA71A3174DD874798D8
SHA1:	05D1D7BBA6642DB7831DEEBCD7260D4D077D275F
SHA-256:	64F1953CDEB5A5A7FB9E1FA675A1733EA6AD633D1B98C9FE424F6050BA78D604
SHA-512:	0FC667BC1D50236A2BBA006688771A4B272DE71D79186E1CBFF7198A74F1B6B84E38C727A58B025CB2F1382C8A572DD0479C39FB8790AD912F2E709E0B926FBB
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmj..+............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.075183250085094
TrID:	Win64 Executable GUI (202006/5) 92.64% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% VXD Driver (31/22) 0.01%
File name:	QTmGYKK6SL.exe
File size:	12'016'128 bytes
MD5:	190e4ed7759276e78d16398673996b2b
SHA1:	ce5bb936ab809356d5b0bc29b6be2e0d07d3dc0a
SHA256:	d4e965deaaaa9d84359fbce89a2cb1966bca6bf525df8bbfb1ad9ed08df1daad
SHA512:	99cf79aba0afc528341c3ef474ba4ab71e50faf497536e74f8d985c39e85d5e145fb86262bac3e95e4c7752c3c0294751d4a988c2f4fbe5bcfcd3c6d19ef9c70
SSDEEP:	49152:h3FUhq8uEA5Cu+Ng9hxWpZdESPzNHk8aPu9ipJY0/CcjaChdReYEk8fSj+TBmkOv://CvGkk+8qc8On18iiDoA1PdxGdQI
TLSH:	D0C64A6F76A58578C16EC23BC0A38F05E93370B90733C6E793A402685F669D35E7E624
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7.......................................................................................................................................

File Icon


Icon Hash:	0f3331383933070f

Static PE Info

General

Entrypoint:	0xcbd0a0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:
Time Stamp:	0x66A372C9 [Fri Jul 26 09:56:25 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	1ed353d37eec2351405144927fa2357c

Entrypoint Preview

Instruction
push ebp
dec eax
sub esp, 20h
dec eax
mov ebp, esp
nop
dec eax
lea ecx, dword ptr [FFFE9808h]
call 00007F9363C586B0h
dec eax
mov eax, dword ptr [000B83FCh]
dec eax
mov ecx, dword ptr [eax]
call 00007F9363EF8731h
dec eax
mov eax, dword ptr [000B83EDh]
dec eax
mov ecx, dword ptr [eax]
mov dl, 01h
call 00007F9363EFB3E0h
dec eax
mov eax, dword ptr [000B83DCh]
dec eax
mov ecx, dword ptr [eax]
dec eax
mov edx, dword ptr [FFFE9132h]
dec esp
mov eax, dword ptr [000B89C3h]
call 00007F9363EF8733h
dec eax
mov eax, dword ptr [000B83BFh]
dec eax
mov ecx, dword ptr [eax]
call 00007F9363EF8944h
call 00007F9363C502EFh
jmp 00007F93644FD87Ah
nop
nop
call 00007F9363C504E6h
nop
dec eax
lea esp, dword ptr [ebp+20h]
pop ebp
ret
dec eax
nop
dec eax
lea eax, dword ptr [00000000h+eax]
dec eax
sub esp, 28h
call 00007F9363C4FA7Ch
dec eax
add esp, 28h
ret
int3
int3
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x9a6000	0x99	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x996000	0x5022	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa8e000	0x10e400	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0xa21000	0x6c99c	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x9a9000	0x77f9c	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x9a8000	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x9974e0	0x1300	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x99c000	0x910c	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x8bc130	0x8bc200	b3fe9a1ed1931d277bf4a4459132c6ba	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x8be000	0xb7da8	0xb7e00	17c3e6330ad28b0333381e0e682fcf1f	False	0.23081662134602313	data	4.9678713931139304	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x976000	0x1f12c	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x996000	0x5022	0x5200	b6c50884b06d185b3e0e5adccdbdc8ec	False	0.24213986280487804	data	4.309027972544423	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0x99c000	0x910c	0x9200	90ae02de82fa4c16bc78cc167eadf4ea	False	0.17069777397260275	data	3.932333073499333	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x9a6000	0x99	0x200	e2d71a5ffd4f3bef7d6ddffb2d86cc42	False	0.2578125	data	1.9097292504123948	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x9a7000	0x1e4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x9a8000	0x6d	0x200	3b865ba3ff3f216a3dd9f94558a7c19e	False	0.1953125	data	1.3848831201957763	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x9a9000	0x77f9c	0x78000	575f2261b16d059afc06f618f8d1775f	False	0.4357686360677083	data	6.422785322909365	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.pdata	0xa21000	0x6c99c	0x6ca00	8f0acef375d8865e07fbe90ebaae5679	False	0.4971501006904488	data	6.496494357259558	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xa8e000	0x10e400	0x10e400	dfee6991e72429dbebfff72b7f828382	False	0.3487213445305273	data	6.450215863443641	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0xa8ed58	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_CURSOR	0xa8ee8c	0x134	data	English	United States	0.4642857142857143
RT_CURSOR	0xa8efc0	0x134	data	English	United States	0.4805194805194805
RT_CURSOR	0xa8f0f4	0x134	data	English	United States	0.38311688311688313
RT_CURSOR	0xa8f228	0x134	data	English	United States	0.36038961038961037
RT_CURSOR	0xa8f35c	0x134	data	English	United States	0.4090909090909091
RT_CURSOR	0xa8f490	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_ICON	0xa8f5c4	0xaae7	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	English	United States	1.0003199926858815
RT_ICON	0xa9a0ac	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	English	United States	0.40778008298755186
RT_ICON	0xa9c654	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	English	United States	0.5354127579737336
RT_ICON	0xa9d6fc	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	English	United States	0.6524590163934426
RT_ICON	0xa9e084	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	English	United States	0.7393617021276596
RT_STRING	0xa9e4ec	0x228	data			0.483695652173913
RT_STRING	0xa9e714	0x34c	data			0.40165876777251186
RT_STRING	0xa9ea60	0x390	data			0.3355263157894737
RT_STRING	0xa9edf0	0x354	data			0.4307511737089202
RT_STRING	0xa9f144	0x438	data			0.40370370370370373
RT_STRING	0xa9f57c	0x3e4	data			0.3644578313253012
RT_STRING	0xa9f960	0x4e0	data			0.3141025641025641
RT_STRING	0xa9fe40	0x290	data			0.4451219512195122
RT_STRING	0xaa00d0	0x1f0	data			0.5262096774193549
RT_STRING	0xaa02c0	0x1ac	data			0.5584112149532711
RT_STRING	0xaa046c	0x4cc	data			0.3469055374592834
RT_STRING	0xaa0938	0x594	data			0.36554621848739494
RT_STRING	0xaa0ecc	0x508	data			0.3641304347826087
RT_STRING	0xaa13d4	0x398	data			0.28804347826086957
RT_STRING	0xaa176c	0x3a0	data			0.4267241379310345
RT_STRING	0xaa1b0c	0x1d8	data			0.5148305084745762
RT_STRING	0xaa1ce4	0xcc	data			0.6666666666666666
RT_STRING	0xaa1db0	0x1b8	data			0.5318181818181819
RT_STRING	0xaa1f68	0x3e8	data			0.38
RT_STRING	0xaa2350	0x3f0	data			0.3888888888888889
RT_STRING	0xaa2740	0x3e4	data			0.36947791164658633
RT_STRING	0xaa2b24	0x3d4	data			0.2826530612244898
RT_STRING	0xaa2ef8	0x3e0	data			0.4183467741935484
RT_STRING	0xaa32d8	0x434	data			0.3745353159851301
RT_STRING	0xaa370c	0x614	data			0.32005141388174807
RT_STRING	0xaa3d20	0x448	data			0.3302919708029197
RT_STRING	0xaa4168	0x34c	data			0.3933649289099526
RT_STRING	0xaa44b4	0x370	data			0.3568181818181818
RT_STRING	0xaa4824	0x438	data			0.3907407407407407
RT_STRING	0xaa4c5c	0x17c	data			0.4631578947368421
RT_STRING	0xaa4dd8	0xcc	data			0.6225490196078431
RT_STRING	0xaa4ea4	0x1d0	data			0.5344827586206896
RT_STRING	0xaa5074	0x3dc	data			0.3765182186234818
RT_STRING	0xaa5450	0x3c0	data			0.35104166666666664
RT_STRING	0xaa5810	0x314	data			0.38578680203045684
RT_STRING	0xaa5b24	0x304	data			0.38212435233160624
RT_RCDATA	0xaa5e28	0x627e	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, datetime=2010:05:11 20:59:59], baseline, precision 8, 256x256, components 3	English	United States	0.9922265408106608
RT_RCDATA	0xaac0a8	0x10	data			1.5
RT_RCDATA	0xaac0b8	0x4d1f8	raw G3 (Group 3) FAX, byte-padded	English	United States	0.475767341150252
RT_RCDATA	0xaf92b0	0x1054	data			0.4672248803827751
RT_RCDATA	0xafa304	0x2	data	English	United States	5.0
RT_RCDATA	0xafa308	0x151	Delphi compiled form 'TForm1'			0.7210682492581603
RT_RCDATA	0xafa45c	0x4c651	data	English	United States	0.17103795623703713
RT_RCDATA	0xb46ab0	0x5580d	data	English	United States	0.2652239585861499
RT_GROUP_CURSOR	0xb9c2c0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0xb9c2d4	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0xb9c2e8	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xb9c2fc	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xb9c310	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xb9c324	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0xb9c338	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_ICON	0xb9c34c	0x4c	data	English	United States	0.8026315789473685

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	CharNextW, LoadStringW
kernel32.dll	Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FindResourceW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwindEx, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
kernel32.dll	GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
user32.dll	WINNLSEnableIME, SetClassLongPtrW, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateLayeredWindow, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, TrackMouseEvent, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxIndirectW, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, HideCaret, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetUpdateRgn, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AppendMenuW, AdjustWindowRectEx, ActivateKeyboardLayout
gdi32.dll	UnrealizeObject, TextOutW, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetTextAlign, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetMapMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetRegionData, GetPixel, GetPaletteEntries, GetObjectA, GetObjectW, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetCharABCWidthsFloatW, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExtCreateRegion, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateFontW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, Chord, BitBlt, ArcTo, Arc, AngleArc, AbortDoc
version.dll	VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
kernel32.dll	lstrlenW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, IsDebuggerPresent, OutputDebugStringW, MulDiv, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, LCMapStringW, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetSystemDirectoryW, GetStdHandle, GetLongPathNameW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageW, FindResourceW, FindFirstFileW, FindClose, ExpandEnvironmentStringsW, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileW, CreateEventW, CompareStringW, CloseHandle
advapi32.dll	RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey
kernel32.dll	Sleep
oleaut32.dll	SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
oleaut32.dll	GetErrorInfo, SysFreeString
ole32.dll	CreateStreamOnHGlobal, ReleaseStgMedium, OleDraw, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
comctl32.dll	InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
user32.dll	EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow
msvcrt.dll	isxdigit, isupper, isspace, ispunct, isprint, islower, isgraph, isdigit, iscntrl, isalpha, isalnum, toupper, tolower, strchr, strncmp, memset, memcpy, memcmp
shell32.dll	ShellExecuteW, Shell_NotifyIconW, DragQueryFileW
comdlg32.dll	PageSetupDlgW, PrintDlgW, GetSaveFileNameW, GetOpenFileNameW
winspool.drv	SetPrinterW, OpenPrinterW, GetPrinterW, GetDefaultPrinterW, EnumPrintersW, DocumentPropertiesW, DeviceCapabilitiesW, ClosePrinter
winspool.drv	GetDefaultPrinterW
winmm.dll	timeGetTime
d3d9.dll	Direct3DCreate9

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x49efd0
__dbk_fcall_wrapper	2	0x417ba0
dbkFCallWrapperAddr	1	0xd7af58

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-27T13:43:00.851979+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	63481	40.68.123.157	192.168.2.4
2024-07-27T13:42:22.481435+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49731	40.68.123.157	192.168.2.4

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 13:42:08.734443903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:08.739761114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:08.739878893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:08.740324020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:08.745165110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:09.358750105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:09.400306940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:10.660351038 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:10.665370941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:10.665448904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:10.671946049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:10.912239075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:10.962618113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.037878036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.040160894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.045329094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.045413971 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.050339937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534740925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534755945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534776926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534785032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534794092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534801006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534810066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534816980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534831047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534840107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.534857988 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.534857988 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.534857988 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.534943104 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.536824942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.587594032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.612842083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.612874031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.613231897 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.623425961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.623478889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.623485088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.623585939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.623812914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.628318071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.628329992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.628375053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.628396034 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.628660917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.628715992 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.633044958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.633055925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.633064032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.633100986 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.633107901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.633158922 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.633457899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.637794018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.637804985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.637851000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.642611027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.642662048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.642668962 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.642694950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.642725945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.642748117 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.642757893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.642811060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.647387028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.697191954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.916518927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916572094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916606903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916654110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916687012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916718960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916748047 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.916754007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916749001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.916834116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.916923046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916958094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.916985989 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.916990042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917025089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917043924 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.917077065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917109013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917129993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.917141914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917171001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917195082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.917221069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917253017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917270899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.917284966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917316914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917335987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.917349100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917383909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917399883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.917676926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917741060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.917896986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917928934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917960882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.917983055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.917993069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918025970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918040037 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.918060064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918092012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918104887 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.918124914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918155909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918169022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.918189049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918226957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918237925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.918258905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918291092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918303013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.918828964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918862104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918893099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918910980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.918942928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.918946981 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.918976068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.919008017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.919020891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.919040918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.919087887 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.919254065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.919305086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.922269106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.922385931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.922441959 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.923044920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923077106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923110008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923122883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.923386097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923425913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923438072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.923460960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923510075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.923540115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923572063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923633099 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.923722029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923757076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.923805952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.924572945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.924604893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.924637079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.924654961 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.925889969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.925923109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.925942898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.925955057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.925987005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.926002026 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.926019907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.926069021 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.927892923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.927926064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.928016901 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.928033113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.928065062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.928097963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.928118944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.928174973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.928215027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.928230047 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.928832054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.928914070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.929008961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.929040909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.929073095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.929101944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.929105043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.929163933 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.929686069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.929718018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.929749966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.929775000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.929995060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.930027962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.930054903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.930691957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.930723906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.930753946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.930757046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.930815935 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.930823088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.931042910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.931101084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.931715965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.931746960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.931781054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.931817055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.931874990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.931935072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.932200909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.932369947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.932404041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.932430029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.932540894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.932573080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.932599068 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.933207035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.933239937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.933267117 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.933270931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.933326960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.933896065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.933928013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.933959961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.933985949 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.934216976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.934274912 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.934380054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.934413910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.934472084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.934520960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.934704065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.934765100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.935216904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.935250044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.935306072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.935523987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.935688972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.935748100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.935861111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.936041117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.936099052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.936208010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.936374903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.936408043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.936434984 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.936440945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.936496973 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.936872959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937041044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937098980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.937201977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937232971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937267065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937290907 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.937521935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937582016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.937706947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937738895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937772036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937794924 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.937872887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.937930107 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.938013077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938215017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938246012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938276052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.938277960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938334942 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.938391924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938424110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938457012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938483953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.938564062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938595057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938622952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.938626051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938658953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938682079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.938690901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.938750029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.939059019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939220905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939253092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939285994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939299107 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.939351082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.939393044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939424992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939457893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939483881 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.939563990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939594984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939623117 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.939627886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939660072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939682961 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.939907074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.939965963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.940092087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940123081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940155983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940180063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.940248013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940279961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940305948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.940313101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940367937 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.940399885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940434933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940491915 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.940740108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940773010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940804958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940828085 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.940838099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.940891981 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.941132069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941164017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941196918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941217899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.941227913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941282034 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.941308975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941342115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941399097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.941447020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941610098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941643953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941669941 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.941765070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941797018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941823006 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.941828966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941863060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941884995 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.941937923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941970110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.941994905 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.942117929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942150116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942174911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.942182064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942214012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942238092 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.942245960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942279100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942302942 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.942460060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942492008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942517996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.942524910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942581892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.942614079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942646027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942677975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942703009 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.942711115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942768097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.942775011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942949057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.942981005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.943006039 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.943013906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.943070889 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.979687929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.979722023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.979754925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.979785919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.979818106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.979849100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.979882956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980032921 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980034113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980047941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980079889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980106115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980113029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980144978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980176926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980176926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980209112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980237961 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980241060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980274916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980298996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980585098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980616093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980647087 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980648041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980680943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980705023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980714083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980763912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980775118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980796099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980828047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980854034 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980860949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980892897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980920076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.980925083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980952978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.980983019 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.981029987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981064081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981091022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.981630087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981662035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981690884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.981693983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981724977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981754065 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.981756926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981789112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981807947 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.981839895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981870890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981899023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.981903076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981954098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.981961966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.981986046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982018948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982043028 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.982662916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982697010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982726097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.982747078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982778072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982803106 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.982810020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982841015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982865095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.982872963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982903004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982928991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.982935905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982968092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.982990026 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983000040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983031034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983057022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983063936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983094931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983119965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983125925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983156919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983185053 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983191967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983222961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983251095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983256102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983288050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983314991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983319044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983351946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983375072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983383894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983416080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983439922 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983448982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983481884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983505011 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.983967066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.983999014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984026909 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.984129906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984162092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984186888 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.984190941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984246016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.984282017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984529018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984560966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984586954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.984594107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984626055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984651089 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.984658003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.984714031 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.985179901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985210896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985243082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985268116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.985358953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985393047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985418081 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.985424995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985457897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985482931 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.985490084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985522032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985552073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.985553026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985586882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985609055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.985893965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985924959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985949993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.985956907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.985989094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986012936 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.986021042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986069918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986077070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.986103058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986135006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986156940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.986166000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986197948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986222029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.986228943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986260891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986285925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.986293077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986325026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986342907 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.986356020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986411095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:11.986532927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986736059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986768007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:11.986792088 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.021492004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.021542072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.021576881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.021610022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.021644115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.021676064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.021711111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.021760941 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.021760941 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.021760941 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.021852016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.067270994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.067326069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.067361116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.067485094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.067497015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.067531109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.067563057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.067580938 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.067598104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.067616940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.067814112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.067898989 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.067965984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068001032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068028927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068058014 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.068317890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068350077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068381071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.068382025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068416119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068439960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.068449974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068500996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068530083 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.068533897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068567038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068591118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.068603992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068635941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068656921 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.068825006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068856955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068883896 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.068888903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068922043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.068945885 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.068954945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069010019 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.069545984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069577932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069611073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069637060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.069715977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069749117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069776058 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.069780111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069837093 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.069852114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069885015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069916964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069941998 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.069947958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.069981098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070003986 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.070013046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070046902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070075989 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.070076942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070110083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070139885 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.070142984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070197105 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.070204020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070280075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070313931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070358992 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.070436001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070496082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.070580959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070614100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070646048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070672035 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.070895910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070930958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.070951939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.070962906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071012020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071017981 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.071043968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071077108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071099043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.071108103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071140051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071168900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.071172953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071228027 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.071417093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071449995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071499109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071510077 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.071532011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071563005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071588993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.071597099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071646929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071671963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.071680069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071712017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071738005 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.071744919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071778059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.071804047 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.072407007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072514057 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.072592020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072623968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072657108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072679043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.072689056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072736979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072741985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.072770119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072820902 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.072827101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072860956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072891951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072911024 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.072925091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072954893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.072977066 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073132992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073164940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073187113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073195934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073227882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073246956 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073259115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073291063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073312998 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073322058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073354006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073376894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073386908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073420048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073440075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073451042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073482990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073504925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073514938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073566914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073791981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073823929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073854923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073878050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073887110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073919058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073940039 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.073951006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.073982000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.074002028 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.074013948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.074047089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.074064970 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.109884977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.109954119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.109988928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.109991074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.110023022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.110049009 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.110057116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.110089064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.110112906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.110126019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.110179901 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.155960083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156024933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156059027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156085968 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.156090975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156124115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156147957 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.156158924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156215906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.156349897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156554937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156613111 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.156696081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156730890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156761885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156793118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.156795025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156826973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156852007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.156858921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156891108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156925917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.156930923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.156980991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.156984091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157016039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157048941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157071114 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157100916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157133102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157151937 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157165051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157196999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157217979 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157227993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157259941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157286882 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157290936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157322884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157356977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157366991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157423019 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157587051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157618999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157674074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157695055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157727003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157758951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157778978 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157790899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157820940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157845020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157854080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157886028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157903910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157917976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157948971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.157965899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.157980919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.158015013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.158034086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.158242941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.158303022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.158653975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.158754110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.158787012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.158809900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.158989906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159043074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.159116030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159148932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159181118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159205914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.159212112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159245014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159281969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.159295082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159326077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159352064 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.159358978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159424067 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.159544945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159576893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159609079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159626007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.159641027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159696102 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.159697056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159729958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159779072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159782887 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.159811974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159843922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.159867048 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.160090923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160137892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.160288095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160468102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160521984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160530090 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.160561085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160593033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160624027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160628080 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.160655975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160687923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160701990 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.160722971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160748959 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.160756111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.160815954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.161032915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161082983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161114931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161139011 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.161147118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161179066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161210060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161215067 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.161242008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161262989 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.161273956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161304951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161329985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.161336899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161369085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161395073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.161401987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161434889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161454916 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.161467075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161498070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161516905 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.161530018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161561966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.161582947 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.162105083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162153959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162158966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.162185907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162218094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162235975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.162250042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162281036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162302971 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.162312984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162345886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162367105 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.162378073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162412882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162429094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.162465096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162497044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162519932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.162529945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162558079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.162585020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.198358059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.198415041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.198486090 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.198518038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.198565960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.198569059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.198601961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.198633909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.198649883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.198668957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.198713064 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.255948067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256040096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256094933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256119967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256145954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256179094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256198883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256211042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256243944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256264925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256274939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256292105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256308079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256324053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256354094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256370068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256386042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256401062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256417036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256418943 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256433010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256465912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256519079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256520033 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256535053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256568909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256601095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256627083 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256633997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256665945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256689072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256697893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256731033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256762981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256764889 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256795883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256819963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256828070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256860971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256882906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256906986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256942034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.256963015 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.256973982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257006884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257033110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257057905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257091045 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257112980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257123947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257157087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257179022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257193089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257225990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257247925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257256985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257289886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257311106 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257320881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257356882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257381916 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257397890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257431030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257452965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257462978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257497072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257513046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257519960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257527113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257540941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257555008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257555962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257570028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257589102 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257621050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.257875919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257888079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257893085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.257931948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.258058071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258068085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258075953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258085012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258094072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258102894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258112907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258116007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.258116007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.258146048 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.258173943 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.258209944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258219957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258229017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258270979 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.258291960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258296967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258337975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.258898973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258908987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258918047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258923054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258927107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258930922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258934975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258987904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.258996964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259005070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259013891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259021044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259030104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259033918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259037971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259038925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.259078979 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.259107113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.259449005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259459019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259466887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259476900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259485006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259495020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259509087 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.259536982 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.259563923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.259571075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259581089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259589911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259598970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259608030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259619951 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.259622097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259630919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259639978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259648085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.259660959 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.259680033 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.260510921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.260520935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.260529041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.260538101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.260545969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.260571003 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.260581970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.260610104 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.287306070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.287316084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.287323952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.287399054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.287399054 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.287409067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.287417889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.287426949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.287458897 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.287487984 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.342953920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.342988014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343023062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343055010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343102932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343133926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343168020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343213081 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343213081 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343213081 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343308926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343364954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343400955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343419075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343431950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343447924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343462944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343462944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343502045 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343679905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343688965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343698025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343707085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343733072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343760967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343801022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343811035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343820095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343830109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343839884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343849897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343856096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343856096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343861103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343872070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.343880892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.343904018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.344568968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344578981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344587088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344595909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344605923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344614983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344623089 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.344624996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344634056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344644070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344649076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.344649076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.344654083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344664097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344672918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344672918 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.344682932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344691038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.344700098 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.344733953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.345391989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345402002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345411062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345419884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345428944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345438957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345448971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345459938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345463037 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.345463991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.345501900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.345501900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.345932007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345942020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345954895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345963955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345973015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345982075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.345984936 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.345992088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346002102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346010923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346010923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.346010923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.346019983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346030951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346033096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.346040010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346050978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346051931 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.346060038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346070051 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.346086979 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.346926928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346936941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346944094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346952915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346961975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346971035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346976995 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.346978903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346987963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.346993923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.346997023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347007036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347009897 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347017050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347026110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347031116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347035885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347044945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347049952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347054958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347069025 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347107887 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347847939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347857952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347866058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347875118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347883940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347893000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347901106 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347902060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347912073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347920895 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347920895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347930908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347939968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347944975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347944975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.347949982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347959995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347969055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347979069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.347984076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.348006964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.348007917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.348750114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348759890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348767996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348777056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348786116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348794937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348799944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.348804951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348814964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348817110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.348824024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348834991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348838091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.348839045 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.348844051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.348867893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.348897934 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.375539064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.375571966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.375608921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.375658035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.375708103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.375741959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.375775099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.375776052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.375865936 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.375865936 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.415936947 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.432588100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432631969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432666063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432698011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432729959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432761908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432795048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432802916 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.432804108 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.432804108 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.432826996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432859898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432873964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.432892084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432924032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432941914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.432955980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.432987928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.433002949 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.433021069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.433053017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.433069944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.433090925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.433137894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435142994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435174942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435206890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435228109 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435256004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435303926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435305119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435337067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435369015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435386896 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435403109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435452938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435452938 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435484886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435517073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435534000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435548067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435579062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435594082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435611963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435647011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435659885 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435681105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435713053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435725927 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435745001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435777903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435816050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435826063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435858965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435879946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435889006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435921907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435940981 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.435955048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.435986996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436005116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436018944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436050892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436069012 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436080933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436114073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436134100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436145067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436178923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436189890 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436211109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436243057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436256886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436275005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436306953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436325073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436340094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436372042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436388016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436403036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436434031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436451912 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436466932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436518908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436522007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436549902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436582088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436597109 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436616898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436649084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436669111 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436681032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436733961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436748981 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436767101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436799049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436820984 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436831951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436863899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436885118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436896086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436928034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436950922 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.436959982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.436990976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437007904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437024117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437057972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437079906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437089920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437122107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437144041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437154055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437186003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437205076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437216997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437249899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437268972 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437280893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437313080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437330008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437345028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437376022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437393904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437412024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437443972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437462091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437475920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437506914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437522888 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437683105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437715054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437730074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437747002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437778950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437798023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437809944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437840939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437854052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437872887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437906027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437920094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437937021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437953949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437968016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437983036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.437983036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.437997103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.438011885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.438014030 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.438041925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.464201927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.464243889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.464293957 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.464302063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.464353085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.464390039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.464421988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.464456081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.464507103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.464507103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.464507103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.464514017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.509571075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.526650906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.526695013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.526730061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.526763916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.526874065 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.526874065 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.527524948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527556896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527592897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527700901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527707100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.527734041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527757883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.527766943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527798891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527817965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.527832031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527863026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527884960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.527894974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527926922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527947903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.527959108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.527992010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528011084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528024912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528055906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528075933 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528088093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528120041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528139114 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528263092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528295040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528316975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528346062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528377056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528400898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528410912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528443098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528465033 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528477907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528527975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528532028 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528610945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528642893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528666019 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528676033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528707981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528727055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.528740883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528774977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.528790951 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.529087067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.529119015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.529139042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.529150963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.529181957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.529201984 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.529222012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.529253006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.529274940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.529285908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.529319048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.529339075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.534183025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534246922 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.534288883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534415960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534466028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534497976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534568071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.534569025 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.534646988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534679890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534712076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534735918 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.534744978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534797907 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.534953117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.534985065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535017014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535038948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.535048962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535083055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535101891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.535110950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535166025 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.535247087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535283089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535315037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535337925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.535346985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535379887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535403013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.535413980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535468102 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.535593033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535625935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535659075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535682917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.535733938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535789967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.535912991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535945892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535978079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.535999060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536010027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536040068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536063910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536072969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536103964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536125898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536149025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536181927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536201954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536216021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536267042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536585093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536617041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536648035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536673069 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536680937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536712885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536737919 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536746025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536777973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536809921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536813021 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536844015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536864996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536875010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536906958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536928892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.536938906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536973000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.536994934 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.537004948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537059069 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.537488937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537538052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537569046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537594080 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.537600994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537632942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537655115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.537664890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537697077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537718058 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.537729025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537759066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537784100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.537791014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537822962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537846088 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.537854910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537885904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537909031 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.537919044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537950993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.537975073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.555242062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.555289030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.555321932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.555354118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.555389881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.555422068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.555459023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.555488110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.555802107 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.615777016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.615866899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.615900993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.615932941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.615967035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.615998983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616030931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616064072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616096973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616127968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616159916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616161108 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616161108 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616161108 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616194010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616249084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616249084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616249084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616286039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616318941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616350889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616378069 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616381884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616432905 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616450071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616499901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616533995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616554022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616565943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616600037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616621971 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616684914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616735935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616739988 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616769075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616822958 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.616916895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616965055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.616997004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617017984 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.617028952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617060900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617084980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.617288113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617341042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617347956 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.617372990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617408991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617429972 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.617439985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617472887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617494106 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.617537022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617569923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617592096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.617603064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617635012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617657900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.617916107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617963076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.617971897 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.618010998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.618067026 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.622953892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623059034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623090029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623122931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623213053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623222113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.623222113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.623245001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623279095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623388052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.623430014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623462915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623488903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.623496056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623550892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.623600960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623632908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623665094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623687029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.623697042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623729944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.623749971 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.624017000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624048948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624070883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.624080896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624113083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624138117 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.624145031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624176979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624197960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.624537945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624569893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624594927 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.624602079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624634027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624660969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.624672890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624727964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.624883890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624916077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624949932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.624969959 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.625036955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625092030 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.625117064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625149012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625180006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625201941 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.625212908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625243902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625264883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.625276089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625308037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625329018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.625339985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625392914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.625905991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625937939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625969887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.625992060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626003027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626034975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626058102 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626070023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626140118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626396894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626444101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626476049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626498938 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626507998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626538992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626562119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626570940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626602888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626624107 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626633883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626686096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626697063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626729012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626760960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626781940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626791954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626823902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626842976 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.626856089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.626908064 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.627510071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.627542973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.627574921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.627599001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.627608061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.627660990 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.643364906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.643418074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.643479109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.643583059 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.643625021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.643656969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.643688917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.643721104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.643800020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.643800020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.696973085 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.704881907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705046892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705077887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705111980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705122948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.705147028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705193043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705195904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.705245972 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.705312967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705346107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705399036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.705799103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705832005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705863953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.705887079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.706516981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706547976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706577063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.706614971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706665039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706669092 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.706698895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706732035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706753016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.706764936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706814051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706818104 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.706851006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706882000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706902027 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.706914902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706947088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.706967115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.706979036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707031012 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.707180977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707242966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707276106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707298040 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.707341909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707397938 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.707453966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707485914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707539082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.707842112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707890034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707921982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707942963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.707954884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.707988024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708007097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.708158970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708190918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708219051 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.708256960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708290100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708312035 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.708322048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708370924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708374977 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.708421946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708455086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708475113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.708506107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708538055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708566904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.708570957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.708625078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.713639975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.713691950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.713723898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.713748932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.713844061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.713876963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.713902950 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.713908911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.713943958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.713962078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.714231968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714263916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714287996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.714296103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714328051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714348078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.714360952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714394093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714420080 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.714426041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714457035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714478016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.714490891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714545965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.714804888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714838028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714869976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714895010 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.714901924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.714981079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715002060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715013027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715046883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715066910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715078115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715111017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715131044 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715143919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715209961 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715504885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715537071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715568066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715593100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715600967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715632915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715656042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715665102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715697050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715718985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715728998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715780973 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715792894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715825081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715857029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715878010 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715888977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715920925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.715941906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.715953112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716006041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.716526985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716559887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716592073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716614962 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.716624975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716656923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716675997 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.716689110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716718912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716742039 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.716751099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716783047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716799974 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.716814995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716867924 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.716880083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716912985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716943979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.716964006 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.716980934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.717031956 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.717279911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.717312098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.717344046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.717363119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.717375994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.717411041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.717428923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.717443943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.717485905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.717495918 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.732036114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.732132912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.732165098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.732253075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.732259035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.732291937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.732325077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.732366085 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.732403994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.732435942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.732460022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.775177956 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.794084072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794135094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794167042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794198990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794208050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.794233084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794256926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.794265032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794298887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794428110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.794603109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794658899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.794733047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794764996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794820070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.794884920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794918060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794950962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.794970989 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.794982910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.795036077 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.796199083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796231031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796264887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796288013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.796314001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796367884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.796515942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796547890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796597004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796605110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.796628952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796663046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796683073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.796695948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796731949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796746969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.796765089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796818972 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.796930075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.796962023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797014952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.797080994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797112942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797144890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797166109 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.797218084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797249079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797271967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.797281981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797334909 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.797368050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797400951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797432899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797456980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.797511101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797564983 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.797653913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797686100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797718048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797739029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.797749996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.797802925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.802388906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802422047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802454948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802486897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802489042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.802545071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.802615881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802648067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802680016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802700996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.802712917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802766085 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.802791119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802823067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802854061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802877903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.802886009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802918911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.802937984 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803049088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803081989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803102970 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803113937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803147078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803165913 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803179979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803212881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803231001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803245068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803277969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803296089 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803560972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803592920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803617001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803625107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803657055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803673029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803688049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803720951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803740025 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803834915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803867102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803889036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803899050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803930044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803950071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.803961992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.803988934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804013014 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804042101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804075003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804092884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804106951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804138899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804161072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804167986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804198980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804219961 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804231882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804284096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804336071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804363012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804426908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804430008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804460049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804512024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804513931 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804543018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804572105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804598093 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804605007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804636955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804658890 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804670095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804719925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804868937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804900885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804933071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804955006 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.804964066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.804995060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805016041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.805026054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805058002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805077076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.805092096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805123091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805140018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.805149078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805181980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805202961 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.805213928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805246115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805264950 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.805278063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805309057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805330038 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.805341005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805372953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.805394888 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.820959091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.820974112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.820986986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.821001053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.821016073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.821145058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.821154118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.821161032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.821155071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.821238995 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.821271896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.869026899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.882656097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.882685900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.882700920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.882715940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.882730961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.882745981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.882972002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.883004904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.883021116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.883318901 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.883734941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.883749962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.883764029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.883879900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.883888006 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.883894920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.883909941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.883939981 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.883969069 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.883985996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.884784937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.884846926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.884891033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.884907007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.884963989 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.884964943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885066032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885081053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885096073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885111094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885114908 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885126114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885139942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885152102 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885179043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885194063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885209084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885221958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885236025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885243893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885251045 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885262012 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885297060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885407925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885516882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885531902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885565996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885713100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885727882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885741949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885756969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885763884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885791063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885910988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885935068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885948896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885963917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885967016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.885978937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885994911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.885996103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.886032104 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.886288881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.886338949 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.890912056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.890974998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.890991926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891028881 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891084909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891100883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891114950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891129017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891144991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891253948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891253948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891253948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891315937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891331911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891345024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891381979 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891429901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891444921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891459942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891479969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891499043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891623974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891638041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891652107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891666889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891680956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891690016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891696930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891706944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891711950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891727924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891741991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891783953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.891968966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891983986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.891999006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892014980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892030954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892030954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892046928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892072916 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892103910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892290115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892304897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892318010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892332077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892347097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892357111 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892360926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892375946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892378092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892394066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892411947 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892435074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892658949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892674923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892688036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892703056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892719030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892724037 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892733097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892749071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.892750025 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.892777920 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893007994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893028975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893043995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893059015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893058062 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893074036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893093109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893098116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893107891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893122911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893130064 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893136978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893146992 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893151999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893167019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893181086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893196106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893202066 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893210888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893223047 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893229008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893241882 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893275023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893574953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893682957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893697977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893712997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893728971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893734932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893743038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893758059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893759012 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893773079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.893781900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.893820047 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.909745932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.909816980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.909833908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.909864902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.909898996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.909929991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.909962893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.909997940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.909998894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.909998894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.962743044 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.972008944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972024918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972038984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972099066 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.972322941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972337008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972349882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972363949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972379923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972392082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972400904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.972400904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.972433090 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.972588062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972600937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972614050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972628117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972641945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972647905 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.972656965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972667933 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.972671986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.972690105 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.972713947 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.975011110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975066900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975080967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975119114 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.975238085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975253105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975265026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975280046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975286007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.975315094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.975523949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975538015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975550890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975565910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975570917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.975579977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975589991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.975594997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975610971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.975631952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.975658894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.976248980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976264954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976278067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976291895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976306915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976308107 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.976320982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976335049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976349115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.976350069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976365089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976366043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.976380110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976393938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976401091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.976408958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.976418018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.976452112 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.976641893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.980917931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.980931997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.980948925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.980993986 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981025934 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981060028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981074095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981087923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981101990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981117964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981127024 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981148005 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981257915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981272936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981324911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981324911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981338024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981378078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981456995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981471062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981484890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981497049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981508970 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981537104 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981638908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981653929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981667995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981681108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981693029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981698036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981714010 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981717110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981746912 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981869936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981918097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.981956005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981977940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.981992006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982023001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.982127905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982142925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982156992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982172012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982175112 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.982203007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.982400894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982415915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982429028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982443094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982453108 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.982460022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982472897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982492924 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.982498884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.982511997 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.982549906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983105898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983175039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983186960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983220100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983258009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983270884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983283997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983297110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983309984 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983311892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983329058 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983342886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983346939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983491898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983505964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983520031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983532906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983547926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983547926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983561993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983566046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983577967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983587027 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983592987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983628988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983629942 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983644009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983673096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983870029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983920097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983920097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.983936071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983951092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.983979940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.984132051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.984143972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.984158039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.984183073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.984184027 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.984196901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.984204054 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.984210968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.984240055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.984246969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.984253883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.984287024 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.999349117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.999386072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.999435902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.999468088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.999500036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.999531031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.999536991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.999536991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.999536991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:12.999563932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:12.999625921 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.060691118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.060761929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.060837030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.060889959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.060931921 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.060951948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061006069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061007023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.061059952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.061065912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061111927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061156988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061182022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.061204910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061249971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061253071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.061300993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061347008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.061429024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061474085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061518908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.061521053 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.063808918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.063854933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.063864946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.063899994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.063956976 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.063961029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064007998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064052105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064060926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.064096928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064142942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064146996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.064285040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064328909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064335108 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.064374924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064419985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064429998 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.064465046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064531088 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.064601898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064647913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064692974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064696074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.064824104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064868927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064879894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.064913988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064956903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.064963102 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.065001965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.065045118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.065052032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.065089941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.065134048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.065150023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.065177917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.065222979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.065223932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.065371037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.065414906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.065418005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.069458008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.069511890 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.069521904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.069567919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.069617987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.069808006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.069869995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.069915056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.069919109 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.069976091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070022106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070023060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070066929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070118904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070125103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070177078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070220947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070223093 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070266962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070300102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070321083 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070354939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070409060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070417881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070462942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070514917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070522070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070566893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070611000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070614100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070676088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070738077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070739031 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070782900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070827007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070830107 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070872068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070916891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.070931911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.070976019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071022987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071028948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.071067095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071111917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.071113110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071172953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071217060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071221113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.071269035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071314096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071319103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.071358919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071407080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071408033 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.071482897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071544886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.071830034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071924925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071969986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.071978092 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072016001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072062969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072088957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072132111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072176933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072179079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072222948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072271109 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072349072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072393894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072438002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072441101 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072532892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072592974 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072593927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072638988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072680950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072685957 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072726011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072771072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072777987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072803974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072855949 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.072859049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072905064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072951078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.072954893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.073174953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.073220015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.073232889 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.073266029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.073304892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.073316097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.073354006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.073400974 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.073400974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.088102102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.088148117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.088157892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.088196039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.088257074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.088259935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.088306904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.088350058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.088361025 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.088397026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.088443041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.150645018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151062965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151107073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151150942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151210070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151257038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151299953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151350975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.151350975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.151350975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.151365995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151412964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151423931 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.151458025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151516914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.151530981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151576042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151633024 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.151684999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151839018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.151895046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.152678967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.152740955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.152785063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.152796030 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.152888060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.152930975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.152941942 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.152977943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153023005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153029919 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.153122902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153167963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153175116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.153213978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153258085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153265953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.153302908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153347015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153353930 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.153506994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153552055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.153561115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.154350996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.154411077 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.154490948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.154659033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.154704094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.154711962 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.155009985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.155055046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.155065060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.155169010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.155222893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.155299902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.155344963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.155390978 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.156248093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.156308889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.156353951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.156358004 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.156394958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.156440020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.158881903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159200907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159259081 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.159382105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159427881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159471989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159482002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.159517050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159560919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159569979 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.159606934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159651995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159653902 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.159698009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159740925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159749031 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.159818888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159863949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159866095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.159909964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.159962893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.160335064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160381079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160424948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160433054 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.160497904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160554886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.160576105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160621881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160674095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.160681009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160725117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160768032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160778046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.160830021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160875082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160888910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.160919905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.160970926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.160980940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161026001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161070108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161081076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161114931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161159039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161180973 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161202908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161248922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161248922 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161294937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161343098 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161456108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161499023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161542892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161552906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161590099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161638021 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161648989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161693096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161736012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161737919 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161794901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161840916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161847115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161884069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161926985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.161937952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.161986113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162030935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162039042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.162075043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162118912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162133932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.162167072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162209988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162214994 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.162254095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162300110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162305117 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.162627935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162672997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162678003 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.162718058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162769079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.162798882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162844896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162887096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162898064 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.162930965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.162986040 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.163110971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.163327932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.163374901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.163382053 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.163417101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.163470030 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.179778099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.179920912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.179966927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.180090904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.180097103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.180136919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.180161953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.180217028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.180272102 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.180423021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.228362083 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.240998030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241043091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241103888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241147041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241190910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241229057 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.241229057 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.241235018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241281986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241292000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.241326094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241369009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241372108 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.241414070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241456985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241461992 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.241502047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241545916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241549969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.241590977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.241641045 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.242362976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.242408991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.242456913 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.242513895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.242681026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.242724895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.242729902 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.242769003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.242816925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.242819071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243026972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243071079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243076086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.243201971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243246078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243249893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.243290901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243335009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243340015 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.243396044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243439913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243441105 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.243486881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243534088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243535995 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.243577957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243619919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243623018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.243680954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243725061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243729115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.243846893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243891954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243895054 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.243936062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243979931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.243987083 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.244025946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.244076967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.244345903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247443914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247515917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.247612000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247657061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247700930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247704029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.247783899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247827053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247833967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.247873068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247919083 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.247952938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.247997046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248039961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248044968 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.248100042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248143911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248147964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.248188019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248236895 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.248239040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248279095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248322010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248325109 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.248366117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248410940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248411894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.248456001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248522997 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.248538017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248584032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248626947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.248629093 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.249231100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249294996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.249373913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249420881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249464035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249469042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.249511003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249555111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249600887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249605894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.249659061 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.249689102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249733925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249777079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249780893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.249820948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249866009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249871969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.249908924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.249954939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.249991894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250181913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250221968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250241041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.250267982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250320911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.250341892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250386000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250431061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250439882 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.250475883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250530958 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.250535011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250580072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250623941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250632048 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.250669003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250711918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250725985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.250756979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250799894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250806093 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.250844955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250888109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.250899076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.251034021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251079082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251086950 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.251122952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251167059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251178980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.251211882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251254082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251261950 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.251341105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251384974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251395941 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.251499891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251545906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251550913 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.251589060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251631021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251631975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.251677036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.251729965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.265522003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.265567064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.265613079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.265624046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.265686989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.265732050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.265742064 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.265779018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.265877962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.265887976 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.306385994 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.333029032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333075047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333120108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333179951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333236933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333283901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333282948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.333282948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.333329916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333348036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.333544970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333589077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333606005 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.333636045 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333679914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333689928 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.333726883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333770037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333780050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.333815098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333863020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.333889008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333934069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.333982944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.334037066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334080935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334124088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334127903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.334168911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334213018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334213972 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.334259987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334305048 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.334530115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334574938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334614992 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.334618092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334695101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334738970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334743023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.334784985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334830046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334831953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.334892035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334934950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.334938049 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.334979057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.335022926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.335025072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.335067034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.335110903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.335114002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.335155010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.335200071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.335899115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.335944891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.335987091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.335990906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.336034060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.336076975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.336080074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.336122990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.336168051 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.340256929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.340301991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.340351105 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.340425014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.340604067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.340648890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.340651989 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.340693951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.340738058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.340739965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.340783119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.340830088 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.341090918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341135979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341180086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341181040 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.341224909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341269016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341273069 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.341314077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341357946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341358900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.341589928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341639996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.341880083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341924906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341969967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.341970921 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.342014074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.342057943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.342058897 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.343086958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343151093 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.343244076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343290091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343333960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343334913 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.343379021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343425035 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.343440056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343483925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343528032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343528986 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.343575954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343621016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.343635082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343678951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343722105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.343724012 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.345331907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345385075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.345448017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345493078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345535994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345540047 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.345586061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345633030 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.345644951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345690012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345732927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345735073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.345793962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345838070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345839977 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.345881939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345926046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.345927954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.345985889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346029043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346030951 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.346074104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346117020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346122980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.346160889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346204042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346204996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.346249104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346292973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346293926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.346503973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346549034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346553087 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.346594095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346637964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346640110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.346683025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346726894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346729040 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.346771002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346813917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346815109 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.346858978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346901894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.346904993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.360589981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.360610008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.360626936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.360651016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.360676050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.360681057 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.360708952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.360743046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.360934973 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.360935926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.360935926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.421637058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.421688080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.421720982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.421751976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.421785116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.421804905 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.421817064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.421850920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.421874046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.421874046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.421993971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422025919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422038078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.422059059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422091007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422102928 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.422125101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422157049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422167063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.422189951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422231913 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.422738075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422770023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422802925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422811985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.422833920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422867060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422875881 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.422899008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422930956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422940016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.422964096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.422995090 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423005104 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423027992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423060894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423069954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423090935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423130989 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423141003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423171997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423203945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423213005 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423235893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423268080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423275948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423300028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423332930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423341990 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423367977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423407078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423408985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423439026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423471928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423480034 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423505068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423537016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423547983 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423572063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423613071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.423958063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.423990965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.424031019 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.428659916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.428711891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.428744078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.428754091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.428778887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.428819895 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.428843021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.428904057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.428936958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.428946018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.428970098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429003000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429011106 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.429230928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429261923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429272890 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.429295063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429327011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429333925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.429359913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429400921 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.429668903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429701090 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429733038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429742098 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.429784060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429817915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429822922 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.429850101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429883003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429888010 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.429912090 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.429953098 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.432076931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432177067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432225943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432235003 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.432259083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432291031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432297945 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.432323933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432364941 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.432405949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432437897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432470083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432477951 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.432522058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432563066 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.432718039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432749987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432781935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432790041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.432813883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.432852983 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.434201002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434232950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434267044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434273005 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.434333086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434364080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434374094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.434398890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434432030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434438944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.434465885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434505939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.434745073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434777021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434808969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434818029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.434842110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434874058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434880018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.434905052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434937000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.434943914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.434969902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435002089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435008049 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.435034037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435074091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.435164928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435197115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435226917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435235977 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.435259104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435297966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.435301065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435332060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435364962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435372114 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.435405016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435436964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435441017 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.435471058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.435511112 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.448940992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.448964119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.448976040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.449065924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.449079990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.449094057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.449107885 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.449107885 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.449110031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.449132919 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.449300051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.449353933 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.510092020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510143995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510175943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510315895 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.510376930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510411024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510432005 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.510442972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510476112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510493040 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.510541916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510592937 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.510605097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510637999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510668993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510684013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.510703087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510734081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510747910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.510766983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.510812998 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511029005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511060953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511092901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511112928 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511125088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511157036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511173964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511190891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511224031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511235952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511529922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511576891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511579037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511611938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511642933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511657953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511676073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511707067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511723042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511739969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511770964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511785984 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511804104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511835098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511850119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511868000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511899948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511914968 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.511934042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511965990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.511980057 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.512347937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.512397051 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.512429953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.512463093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.512511015 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.512531996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.512564898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.512598038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.512612104 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519260883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519309044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519315958 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519341946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519378901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519388914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519418001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519465923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519467115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519500017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519531012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519546032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519563913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519594908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519609928 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519627094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519658089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519670963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519691944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519722939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519731998 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519756079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519785881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519795895 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519819021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519853115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519859076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519886017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519917011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519925117 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.519949913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.519989014 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.520992994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521025896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521059036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521083117 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.521141052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521172047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521183968 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.521204948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521238089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521245003 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.521271944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521312952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.521477938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521509886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521542072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521549940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.521574974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521606922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521615028 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.521639109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.521678925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.524036884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524086952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524120092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524128914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.524220943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524251938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524260044 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.524285078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524323940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.524558067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524590015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524622917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524630070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.524655104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524687052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524694920 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.524720907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524760962 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.524852037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524883032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524914980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524923086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.524946928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524980068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.524986982 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.525011063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525043011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525062084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.525074959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525109053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525115013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.525382042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525413990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525424004 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.525446892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525479078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525486946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.525511980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525543928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525552988 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.525577068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.525616884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.539953947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.539988041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.540020943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.540056944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.540127993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.540159941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.540191889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.540222883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.540266991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.540266991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.587620020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.600332022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600368023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600404024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600434065 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.600537062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600584984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600594997 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.600617886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600650072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600672960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.600855112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600887060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600908995 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.600919008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600950003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.600972891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.600982904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601013899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601035118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601044893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601077080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601099968 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601110935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601162910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601502895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601551056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601582050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601603985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601613998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601645947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601665020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601677895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601708889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601723909 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601742029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601773024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601790905 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601804972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601835966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601854086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601867914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.601932049 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.601936102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602351904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602382898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602412939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.602416039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602447987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602480888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602489948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.602513075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602526903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.602545977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602576971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602592945 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.602610111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602641106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602657080 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.602675915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.602725029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.606643915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.606794119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.606827021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.606852055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.606925964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.606959105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.606976032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.606996059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.607028961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.607042074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.608496904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608560085 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.608571053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608606100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608654022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608658075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.608685970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608719110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608738899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.608782053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608814001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608834982 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.608845949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608899117 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.608916044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608948946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608980894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.608999968 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.609014034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.609045982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.609066010 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.609677076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.609731913 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.609761953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.609793901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.609843969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.609869003 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.609875917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.609908104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.609922886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.609994888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.610028982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.610044003 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.610061884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.610095024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.610106945 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.610172987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.610205889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.610224962 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.610238075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.610270023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.610291958 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.612950087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613003016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613007069 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613034964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613181114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613228083 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613249063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613329887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613352060 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613362074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613395929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613409042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613445997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613476992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613493919 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613509893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613543034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613564968 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613576889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613609076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613627911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613708019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613739014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613760948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613771915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613804102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613826036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613836050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613867998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613883972 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.613898993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.613945961 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.614114046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.614146948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.614178896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.614192963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.614211082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.614252090 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.614253998 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.614325047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.614357948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.614375114 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.628329992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.628354073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.628366947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.628375053 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.628411055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.628616095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.628631115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.628644943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.628659010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.628683090 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.628706932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.690116882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.690458059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.690769911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.690928936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.690978050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691009998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691030979 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691041946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691075087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691097021 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691106081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691139936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691152096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691314936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691346884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691369057 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691385031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691421986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691443920 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691454887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691483021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691508055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691514969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691546917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691569090 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691579103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691612005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691632032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691797972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691829920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691854000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.691863060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.691914082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.692008972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692040920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692089081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692092896 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.692137957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692168951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692189932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.692200899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692233086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692253113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.692265034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692296982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692317963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.692327976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692359924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692382097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.692393064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692425013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692445993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.692456961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692511082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.692894936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692945004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.692976952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.693000078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.693008900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.693063974 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.693078041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.693109989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.693161011 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.697527885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.697577953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.697609901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.697645903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.697741032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.697772026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.697804928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.697837114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.697886944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.697886944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.700392008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700423956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700455904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.700474024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700555086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700607061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700659990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700670958 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.700671911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.700711012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700742960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700759888 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.700776100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700807095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700823069 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.700841904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700897932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.700939894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.700972080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701008081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701020002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.701086044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701114893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701137066 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.701147079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701179028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701193094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.701210976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701242924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701261044 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.701275110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701309919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701322079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.701766968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701817036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701824903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.701850891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701900959 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.701966047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.701997995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.702028990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.702047110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.702061892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.702110052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.704616070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.704648972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.704683065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.704701900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.704926014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.704984903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705018997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705050945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705081940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705085039 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.705085039 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.705113888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705132008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.705147028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705178022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705193996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.705212116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705257893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.705260992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705292940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705324888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705339909 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.705357075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705389977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705404043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.705421925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705454111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705468893 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.705485106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705517054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.705529928 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.707715988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.707772970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.707782030 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.707804918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.707837105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.707859993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.707868099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.707900047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.707918882 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.707931042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.707962990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.707979918 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.717143059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.717176914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.717211008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.717247963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.717247963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.717258930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.717292070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.717324018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.717340946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.717356920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.717459917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.779670954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.779695988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.779710054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.779722929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.779737949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.779752016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.779794931 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.779794931 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.779795885 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.779803991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.779987097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.779999971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780023098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780036926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.780071020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.780165911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780194998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780230999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780239105 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.780342102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780389071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.780550957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780584097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780615091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780627012 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.780647993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780694008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.780697107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780730009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780760050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780771971 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.780792952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780823946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780838966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.780857086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.780901909 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.781255007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781286955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781318903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781333923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.781490088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781522036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781542063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.781553984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781603098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781606913 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.781636000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781667948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781683922 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.781701088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781733036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781748056 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.781764030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781795025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781807899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.781826973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781858921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781874895 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.781893015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.781938076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.782334089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.782366037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.782413006 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.787069082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.787102938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.787168980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.787229061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.787260056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.787292957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.787307024 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.787417889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.787450075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.787467957 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.793575048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.793623924 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.793627024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.793659925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.793701887 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.793778896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.793811083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.793843031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.793852091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.793876886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.793917894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.793953896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.793986082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794017076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794025898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794050932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794083118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794091940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794115067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794148922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794156075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794496059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794528008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794538021 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794560909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794600964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794600964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794651985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794682980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794692993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794730902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794761896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794771910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794794083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794825077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794833899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794857979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794888973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794898987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794922113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794953108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.794962883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.794986963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795020103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795027018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.795456886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795488119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795499086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.795520067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795562029 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.795568943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795602083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795633078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795643091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.795665026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795696974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795707941 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.795728922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795758963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795768976 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.795792103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795823097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795830965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.795855999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795886993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.795896053 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.796369076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.796401978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.796411991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.796433926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.796473026 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.797447920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.797497988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.797529936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.797559023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.797632933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.797676086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.797719955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.797751904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.797782898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.797795057 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.806205034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.806237936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.806261063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.806272030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.806319952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.806324959 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.806351900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.806384087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.806405067 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.806416988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.806469917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.870389938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.870456934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.870506048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.870548964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.870574951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.870608091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.870630980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.870641947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.870682955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.870688915 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.870714903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.870762110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.870995998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871045113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871077061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871093988 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.871180058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871212006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871228933 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.871244907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871278048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871293068 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.871449947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871481895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871500969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.871515036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871548891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871561050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.871794939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871826887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871845007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.871857882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871890068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871905088 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.871922016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871952057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.871968985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.871985912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872016907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872030973 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872049093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872082949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872101068 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872364044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872396946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872411966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872428894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872461081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872483969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872512102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872544050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872555017 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872575998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872607946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872622967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872801065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872829914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872848988 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872862101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872894049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872908115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872922897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872955084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.872972965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.872988939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.873017073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.873034954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.875494003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.875547886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.875550985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.875585079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.875616074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.875648022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.875679016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.875713110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.875725985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.875725985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.875760078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.882308960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882436037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882498980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882546902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882579088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882596016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.882611990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882617950 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.882644892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882677078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.882888079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882920027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882944107 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.882951975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882983923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.882994890 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883048058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883080006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883099079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883111000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883200884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883361101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883399963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883433104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883451939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883465052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883497000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883517981 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883559942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883594990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883610964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883797884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883830070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883850098 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883861065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883892059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883915901 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883924007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883956909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.883979082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.883990049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884021044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884044886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884053946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884104967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884120941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884152889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884183884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884205103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884217024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884251118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884268999 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884597063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884675980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884687901 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884708881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884740114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884758949 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884773016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884804964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884836912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884839058 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884870052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884888887 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884901047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884932995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884949923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.884967089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.884999037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.885021925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.885032892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.885085106 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.886221886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.886307955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.886343956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.886368036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.886429071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.886460066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.886485100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.886492968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.886524916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.886548996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.894407034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.894458055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.894470930 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.894490957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.894546986 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.894638062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.894670963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.894702911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.894723892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.894735098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.894764900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.894788980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.947093964 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.962601900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.962734938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.962749958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.962858915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.962872028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.962887049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.962971926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.962985039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.962999105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.963009119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.963009119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.963073969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.964468956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964596033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964643955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964677095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964700937 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.964709044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964741945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964744091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.964765072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.964775085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964833975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.964909077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964940071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964972973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.964998960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965007067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965065002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965099096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965127945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965184927 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965265036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965312004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965344906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965372086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965375900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965409994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965431929 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965440989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965472937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965500116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965504885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965537071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965563059 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965567112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965600967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965626001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965635061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.965694904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.965966940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966089964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966121912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966146946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.966152906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966186047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966208935 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.966217995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966249943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966275930 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.966283083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966315985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.966342926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.968434095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.968465090 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.968503952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.968534946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.968581915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.968592882 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.968621969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.968652964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.968678951 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.968686104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.968740940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.971245050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971328974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971359968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971381903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.971571922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971602917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971635103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971668005 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971709967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.971709967 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.971757889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971807003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971812010 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.971839905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971867085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971890926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.971898079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971930027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971949100 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.971962929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.971995115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972013950 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972027063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972059965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972075939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972296953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972327948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972351074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972358942 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972390890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972410917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972423077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972455025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972476959 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972507000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972538948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972564936 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972572088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972603083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972625017 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972635984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972686052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972879887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972910881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972943068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.972961903 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.972975016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973006010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973026991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.973038912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973069906 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973088980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.973102093 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973133087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973153114 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.973164082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973197937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973215103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.973577023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973623991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973629951 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.973654985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973685980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973706007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.973720074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973750114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973771095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.973782063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973814011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973835945 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.973846912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973890066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.973898888 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.974747896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.974780083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.974802017 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.974812984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.974863052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.974863052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.974894047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.974926949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.974946022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.974958897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.975009918 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.983278990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.983351946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.983392000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.983481884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.983515978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.983541965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.983572960 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:13.983644962 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.983676910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:13.983843088 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.051136017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.051188946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.051219940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.051295042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.051332951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.051367044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.051403046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.051404953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.051440001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.051467896 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.053119898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053153038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053184032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.053186893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053245068 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.053426027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053457022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053488970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053517103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.053520918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053555012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053576946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.053715944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053746939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053777933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053777933 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.053809881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053836107 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.053842068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053874016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053900003 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.053905964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053937912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053971052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.053975105 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054006100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054030895 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054161072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054193974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054214954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054225922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054282904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054397106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054430008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054461002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054486990 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054493904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054553032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054748058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054780006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054811001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054836035 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054842949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054874897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054903030 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054905891 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054939032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.054964066 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.054970026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.055003881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.055026054 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.055145979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.055202961 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.056828976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.056879997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.056910992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.056941032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.057024956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.057056904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.057085037 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.057142973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.057174921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.057202101 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.057207108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.057264090 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.059721947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.059813976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.059847116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.059879065 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.059926987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.059976101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.059986115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060009956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060041904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060066938 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060074091 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060106993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060129881 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060138941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060172081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060194969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060204983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060336113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060352087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060369015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060384035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060400009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060415983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060431004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060547113 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060705900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060738087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060770988 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060790062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060817957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060852051 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060863972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060897112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060926914 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060928106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060960054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.060986996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.060991049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061024904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061047077 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061142921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061175108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061203957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061203957 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061233044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061259985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061265945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061299086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061325073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061331034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061362982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061391115 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061398029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061429977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061455011 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061464071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061522007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061597109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061625957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061681986 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061748028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061779976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061810970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061836958 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061841011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061873913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061898947 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061904907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061938047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.061963081 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.061973095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.062015057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.062037945 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.062050104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.062082052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.062103987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.063086033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.063134909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.063148022 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.063169003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.063225031 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.063230038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.063262939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.063318014 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.063384056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.063416004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.063447952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.063474894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.071820974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.071916103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.071937084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.071969032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.072017908 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.072074890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.072105885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.072138071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.072159052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.072170019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.072225094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.140242100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.140256882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.140269995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.140425920 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.140525103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.140575886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.140609026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.140640020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.140692949 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.140692949 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.141578913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.141612053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.141644955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.141724110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.141724110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.141798973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.141830921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.141863108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.141880035 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.141896009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.141943932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.141976118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142008066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142040014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142055035 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.142072916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142117977 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.142178059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142210007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142244101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142257929 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.142358065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142390966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142405987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.142425060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142471075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.142601013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142632961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142664909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142679930 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.142697096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142729044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142743111 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.142884970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142916918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.142932892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.142947912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143023968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143038034 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.143057108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143091917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143102884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.143287897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143315077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143332005 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.143347025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143378973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143394947 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.143412113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143443108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143459082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.143475056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143508911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.143521070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.146429062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.146481037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.146500111 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.146513939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.146545887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.146576881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.146609068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.146641016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.146681070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.146681070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150043964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150075912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150106907 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150108099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150147915 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150161982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150194883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150214911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150306940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150337934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150357008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150470972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150521040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150521040 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150557041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150598049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150608063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150649071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150697947 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150702953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150751114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150798082 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150799036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150831938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150863886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150878906 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150896072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150928974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150950909 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.150959969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.150991917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151011944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151041031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151087999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151087999 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151117086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151148081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151165962 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151179075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151210070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151226997 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151242971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151273966 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151290894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151307106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151338100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151355982 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151371956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151402950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151418924 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151434898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151468992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151484966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151501894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151532888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151551008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151565075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151597023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151612997 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151628971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151660919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151678085 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151694059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151724100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151740074 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151756048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151787996 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151806116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151820898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151853085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151870966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151884079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151915073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151931047 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.151948929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151983023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.151999950 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.152014017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.152046919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.152061939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.152179956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.152210951 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.152226925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.152242899 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.152275085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.152290106 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.160542011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.160614014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.160646915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.160726070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.160756111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.160787106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.160819054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.160851002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.160854101 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.160909891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.230398893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230464935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230500937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230532885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230557919 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.230566978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230581999 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.230618000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230669975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230670929 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.230703115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230736017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230755091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.230767012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230799913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230817080 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.230834007 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.230880976 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231167078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231199026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231249094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231261969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231281042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231313944 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231326103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231347084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231390953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231419086 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231451035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231484890 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231497049 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231513977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231559992 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231595993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231628895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231674910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231703043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231735945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231769085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231782913 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231801033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231833935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231847048 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231865883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231898069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231911898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.231930017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231962919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.231975079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.232054949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232101917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.232219934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232253075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232285023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232300043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.232311964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232342958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232356071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.232376099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232408047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232419968 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.232440948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232471943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232486963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.232527018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232559919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.232568979 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.234292984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.234343052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.234358072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.234375954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.234426975 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.234565020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.234597921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.234630108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.234642982 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.234663963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.234708071 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.237535000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237596989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237628937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237657070 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.237714052 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237745047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237761021 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.237777948 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237809896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237822056 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.237948895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237981081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.237996101 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238014936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238059044 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238091946 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238123894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238168001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238188982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238229036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238260031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238271952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238293886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238325119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238341093 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238358021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238390923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238401890 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238424063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238468885 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238698959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238730907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238761902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238776922 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238794088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238826036 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238840103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238856077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238888025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238900900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238919973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238953114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.238964081 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.238986015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239020109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239029884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239343882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239382029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239389896 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239417076 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239444017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239463091 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239475965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239506960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239520073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239538908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239571095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239583015 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239603043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239634991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239648104 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239666939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239711046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239716053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239748001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239779949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239793062 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239811897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239844084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239855051 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.239876032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239909887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.239921093 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.240607977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.240655899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.240715981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.240751982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.240797043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.240829945 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.240860939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.240892887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.240905046 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.240971088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.241002083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.241015911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.249378920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.249455929 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.249461889 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.249495029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.249542952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.249610901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.249641895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.249674082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.249687910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.249706984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.249749899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.318986893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319015980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319118023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319149971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319184065 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319216013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319216013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319216967 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319264889 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319267035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319314957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319346905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319365978 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319386959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319421053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319438934 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319453955 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319485903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319504023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319725990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319753885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319777012 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319835901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319868088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319886923 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319900990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319931984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319952011 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.319964886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.319996119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320014000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.320029020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320077896 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.320312977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320344925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320375919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320394993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.320409060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320441008 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320460081 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.320472956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320524931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320527077 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.320557117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320590019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320605993 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.320624113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320673943 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.320883989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320914984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320947886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.320965052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.320981026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321019888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321028948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.321069002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321101904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321118116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.321134090 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321183920 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.321252108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321300983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321335077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321351051 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.321362019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.321413040 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.322987080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.323018074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.323050976 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.323081970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.323096037 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.323116064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.323124886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.323148012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.323180914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.323196888 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.323208094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.323256016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.325920105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.325970888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326003075 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326035023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326035023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326071024 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326083899 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326148033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326179028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326199055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326211929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326261044 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326288939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326322079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326370001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326370001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326404095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326438904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326452971 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326570988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326601982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326620102 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326634884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326666117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326684952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326699972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326750040 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326766014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326895952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326925039 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326946020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.326956987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.326988935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327008963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327020884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327053070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327070951 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327084064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327116013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327131987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327148914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327197075 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327255011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327281952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327330112 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327424049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327455044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327486992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327506065 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327517986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327549934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327568054 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327580929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327613115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327630043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327644110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327676058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327693939 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327708006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327740908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327755928 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327775002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327821970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327838898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.327939034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327987909 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.327987909 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.328038931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.328072071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.328088999 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.328104973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.328138113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.328155041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.328170061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.328201056 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.328224897 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.329448938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.329579115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.329596043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.329627991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.329660892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.329679966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.329693079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.329724073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.329742908 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.329756021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.329807043 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.338124037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.338156939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.338190079 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.338223934 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.338290930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.338321924 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.338346004 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.338354111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.338387012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.338402033 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.384589911 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.407958031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.407991886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408025026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408158064 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408257961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408288956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408320904 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408354044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408385992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408415079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408415079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408418894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408427000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408514977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408546925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408584118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408617020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408648968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408672094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408672094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408680916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408695936 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408798933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408830881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408848047 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408863068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408895016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408907890 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.408927917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408960104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.408973932 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409256935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409287930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409303904 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409321070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409352064 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409367085 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409392118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409427881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409440994 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409610987 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409638882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409662008 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409670115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409703970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409723997 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409735918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409768105 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409781933 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409800053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409832001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409847021 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409864902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.409910917 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.409955978 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.410060883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.410092115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.410105944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.410208941 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.410239935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.410254955 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.410271883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.410304070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.410316944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.411777973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.411833048 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.411875010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.411909103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.411955118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.411987066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.412020922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.412065983 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.412108898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.412141085 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.412173033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.412188053 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.417531013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.417628050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.417649984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.417699099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.417731047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.417762995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.417794943 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.417825937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.417836905 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.417836905 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.417860985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.417884111 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.418009043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418040037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418056965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.418072939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418104887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418118954 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.418137074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418169022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418181896 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.418243885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418276072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418292999 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.418309927 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418338060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418355942 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.418646097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418678045 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418694973 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.418711901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418744087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418757915 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.418776035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418807030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.418822050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419044971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419076920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419092894 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419109106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419140100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419154882 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419172049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419218063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419255972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419327021 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419358969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419375896 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419399023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419431925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419445038 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419464111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419495106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419508934 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419528961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419559956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419574976 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419593096 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419636965 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.419929981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419961929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.419994116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420006990 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.420025110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420057058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420073032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.420090914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420123100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420135021 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.420154095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420185089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420207977 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.420217037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420248985 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420263052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.420280933 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420312881 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420326948 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.420346022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420392036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.420407057 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420703888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420737982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420758963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.420769930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420802116 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.420814991 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.432909012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.432960033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.432980061 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.432992935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.433046103 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.433089018 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.433166027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.433197975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.433216095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.433229923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.433280945 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.500257969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500303030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500318050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500390053 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.500428915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500485897 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500499964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500514984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500633955 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.500685930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500843048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500874043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500902891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.500905991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500937939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500962973 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.500969887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.500998020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501003027 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501036882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501056910 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501069069 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501101017 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501121044 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501414061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501446009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501477957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501490116 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501533985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501562119 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501595020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501626015 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501646042 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501657963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501688957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501712084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501719952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501751900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501774073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501785040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501816034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501837969 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.501847982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501879930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.501899958 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.502455950 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502487898 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502511024 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.502520084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502552032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502573013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.502583981 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502615929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502635002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.502648115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502680063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502698898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.502713919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502764940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.502938986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.502969980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.503000975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.503021002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.503032923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.503063917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.503083944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.503096104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.503134012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.503149033 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.505783081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.505832911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.505847931 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.505861998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.505916119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.505923986 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.505955935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506001949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506021023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506036043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506088018 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506112099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506145000 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506192923 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506195068 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506226063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506258965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506277084 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506335020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506367922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506390095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506402016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506455898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506506920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506537914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506570101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506588936 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506603956 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506654024 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506728888 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506762028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506795883 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506812096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506844997 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506875992 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506896019 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506907940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506941080 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.506959915 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.506973982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507025003 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507080078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507112980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507143974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507164001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507175922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507209063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507226944 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507347107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507378101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507400990 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507411957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507443905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507462978 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507477045 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507508993 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507529020 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507556915 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507589102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507610083 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507622004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507653952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507671118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507685900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507736921 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.507889032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507920980 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507952929 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.507973909 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.508013010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508044004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508064985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.508075953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508107901 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508127928 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.508138895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508188009 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.508260965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508292913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508323908 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508343935 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.508354902 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508387089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508404970 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.508419991 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508451939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.508471966 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.521940947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.521989107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.522006035 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.522021055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.522037029 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.522053003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.522087097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.522130013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.522161007 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.589303970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589387894 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589425087 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589507103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589513063 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.589539051 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589570045 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.589623928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589679956 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.589687109 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589910984 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589942932 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.589962006 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.589976072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590008020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590029001 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590039968 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590071917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590092897 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590104103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590138912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590154886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590343952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590375900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590398073 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590409040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590440989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590461016 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590471983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590503931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590523005 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590536118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590567112 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590586901 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590598106 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590629101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590651035 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590661049 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590692043 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590709925 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.590763092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590795040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.590811014 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.591134071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591166019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591187000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.591198921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591249943 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.591288090 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591320038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591351032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591371059 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.591383934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591415882 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591434956 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.591447115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591479063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591500044 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.591511011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591542006 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591559887 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.591574907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591607094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591629028 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.591639042 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.591689110 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.592088938 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.592122078 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.592153072 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.592174053 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.592185020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.592242002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.594655037 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.594707012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.594739914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.594770908 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.594863892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.594894886 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.594917059 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.594927073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.594959974 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.594979048 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595086098 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595139980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595199108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595232010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595282078 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595334053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595366001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595398903 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595417023 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595431089 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595480919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595483065 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595510960 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595541954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595561028 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595674038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595706940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595726013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595755100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595786095 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595809937 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595834970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595865965 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595886946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595917940 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595946074 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.595969915 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.595977068 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596009016 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596026897 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596040964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596091032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596162081 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596194983 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596226931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596244097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596254110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596286058 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596303940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596317053 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596364975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596365929 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596398115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596429110 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596448898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596460104 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596512079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596518040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596549034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596580982 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596601963 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596611023 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596645117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596663952 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596676111 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596708059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596728086 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596739054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596788883 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.596808910 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596841097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.596892118 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.597461939 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597513914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597542048 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597579002 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.597632885 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597666025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597681999 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.597697973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597731113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597752094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.597848892 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597879887 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597903013 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.597912073 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597944975 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.597963095 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.597978115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.598011971 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.598028898 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.598043919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.598078012 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.598093987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.598104954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.598150015 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.610572100 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.610676050 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.610707045 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.610785961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.610801935 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.610887051 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.611000061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.611031055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.611061096 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.665971041 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678092957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678153038 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678186893 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678225994 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678260088 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678292990 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678337097 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678344011 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678369999 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678376913 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678412914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678426027 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678442001 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678498030 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678513050 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678530931 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678563118 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678581953 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678595066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678637028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678652048 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678853989 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678885937 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678910971 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678934097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678966999 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.678987980 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.678998947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679030895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679052114 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.679063082 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679090977 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679116011 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.679122925 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679157972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679176092 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.679405928 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679438114 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679461956 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.679470062 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679502964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679519892 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.679534912 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679567099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679589033 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.679600954 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679627895 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.679657936 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.680439949 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.680499077 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.680514097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.680546045 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.680599928 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.680646896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.680679083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.680711031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.680733919 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.681193113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.681225061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.681251049 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.681257963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.681291103 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.681341887 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.682584047 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.682634115 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.682652950 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.682666063 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.682718039 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.682837009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.682868004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.682899952 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.682921886 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.682931900 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.682984114 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.683141947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683273077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683305025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683326006 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.683336973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683370113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683391094 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.683402061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683434963 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683454990 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.683461905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683511972 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.683919907 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.683968067 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684000969 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684020996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.684032917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684082031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684082985 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.684129953 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684163094 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684181929 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.684683084 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684732914 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684741974 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.684766054 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.684815884 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685419083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685450077 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685482979 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685513973 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685534000 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685547113 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685564995 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685578108 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685611010 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685628891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685642958 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685689926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685693026 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685723066 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685755014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685774088 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685786009 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685817003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685834885 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685849905 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685882092 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685902119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685914040 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685945988 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.685965061 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.685977936 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686009884 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686028957 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686041117 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686075926 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686098099 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686106920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686140060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686158895 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686171055 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686203957 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686222076 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686350107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686381102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686403036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686414003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686461926 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686464071 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686496019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686527014 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686547995 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686562061 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686611891 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686667919 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686717033 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686748028 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686768055 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686779022 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686810970 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686830997 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.686842918 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686876059 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.686893940 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.701997995 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.702095032 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.702127934 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.702130079 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.702312946 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.702670097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.702702045 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.702734947 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.702769041 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.702775955 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.702822924 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.767874002 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.767924070 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.767956972 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.767987013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768002987 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768018961 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768042088 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768052101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768106937 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768276930 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768326044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768373013 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768381119 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768424034 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768462896 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768492937 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768512964 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768543959 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768570900 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768577099 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768630028 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768738031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768769026 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768800020 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768821955 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768832922 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768881083 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768882036 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768913031 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768944025 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.768964052 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.768975019 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769007921 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769025087 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.769038916 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769071102 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769093037 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.769104004 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769134998 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769154072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.769182920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769215107 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769237995 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.769246101 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769279003 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769309044 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769315004 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.769357920 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769365072 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.769391060 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769448996 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.769460917 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769491911 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769524097 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769546032 CEST	49730	1110	192.168.2.4	91.92.250.213
Jul 27, 2024 13:42:14.769556046 CEST	1110	49730	91.92.250.213	192.168.2.4
Jul 27, 2024 13:42:14.769587040 CEST	1110	49730	91.92.250.213	192.168.2.4

Target ID:	0
Start time:	07:42:03
Start date:	27/07/2024
Path:	C:\Users\user\Desktop\QTmGYKK6SL.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\QTmGYKK6SL.exe"
Imagebase:	0x400000
File size:	12'016'128 bytes
MD5 hash:	190E4ED7759276E78D16398673996B2B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	07:42:06
Start date:	27/07/2024
Path:	C:\Users\user\Desktop\QTmGYKK6SL.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\QTmGYKK6SL.exe
Imagebase:	0x400000
File size:	12'016'128 bytes
MD5 hash:	190E4ED7759276E78D16398673996B2B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	07:42:22
Start date:	27/07/2024
Path:	C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\AppData\Local\Temp\o0c2ddmlg7qrbu2xkviy.exe
Imagebase:	0x7ff665040000
File size:	10'636'288 bytes
MD5 hash:	1455F96A3552BFFCBD01FB90A2A4447B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 21%, ReversingLabs Detection: 23%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc.exe stop RDP-Controller
Imagebase:	0x7ff72bec0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
Imagebase:	0x7ff6d1780000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	9
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc.exe failure RDP-Controller reset= 1 actions= restart/10000
Imagebase:	0x7ff6d1780000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	11
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc.exe start RDP-Controller
Imagebase:	0x7ff6d1780000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Imagebase:	0x7ff7bacd0000
File size:	89'088 bytes
MD5 hash:	CFCBC15615FFC698507D32C0A7D21134
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\icacls.exe
Wow64 process (32bit):	false
Commandline:	icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Imagebase:	0x7ff6c0c40000
File size:	39'424 bytes
MD5 hash:	48C87E3B3003A2413D6399EA77707F5D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\icacls.exe
Wow64 process (32bit):	false
Commandline:	icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl
Imagebase:	0x7ff6c0c40000
File size:	39'424 bytes
MD5 hash:	48C87E3B3003A2413D6399EA77707F5D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	07:42:26
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	07:42:48
Start date:	27/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	20
Start time:	07:43:16
Start date:	27/07/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	21
Start time:	07:43:16
Start date:	27/07/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -pss -s 432 -p 3164 -ip 3164
Imagebase:	0x7ff6823a0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	07:43:16
Start date:	27/07/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 3164 -s 1156
Imagebase:	0x7ff6823a0000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	07:43:34
Start date:	27/07/2024
Path:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Imagebase:	0x7ff7bacd0000
File size:	89'088 bytes
MD5 hash:	CFCBC15615FFC698507D32C0A7D21134
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 033A98AA Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 033A9C07
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 033A9C0D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 033A9C13

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 54b6b3a6a9f18c1c42503a355f895c395cc67f602b7485ac6e008395e2f288b8
Instruction ID: f2bf6c0f20bdac16dc9d35bce2bdcfe5b46a310b94a0d0956c02eed59a0a9530
Opcode Fuzzy Hash: 54b6b3a6a9f18c1c42503a355f895c395cc67f602b7485ac6e008395e2f288b8
Instruction Fuzzy Hash: 52B15C34918F4C8FDB54EF2CC884A9EB7E1FBA9310F60571AA84AD7255DB709581CB41

Function 033AC95A Relevance: 3.3, APIs: 2, Instructions: 338COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 033ACC9F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 033ACCA5

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 45e471fb9c1d00e182d5068cc72067aebab42eda361a8fe28810466512c0969c
Instruction ID: 2fd3cb59d81888549c80e505b8c57f92892406441019a13a853798fedafcc6e1
Opcode Fuzzy Hash: 45e471fb9c1d00e182d5068cc72067aebab42eda361a8fe28810466512c0969c
Instruction Fuzzy Hash: 9AA18D31928F8C8BDB14EF2CD8856EAB7E1FB99350F10571AA48AC7164DB34E581CB81

Function 033A4962 Relevance: 1.8, APIs: 1, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49395fb1db586929925ec1189ca498da1cd1b490b708534174e820a908c43b9f
Instruction ID: 071e04f15c9dc22d1d9f0a5b95b0677107ac0d786bf636e998162c593e09f712
Opcode Fuzzy Hash: 49395fb1db586929925ec1189ca498da1cd1b490b708534174e820a908c43b9f
Instruction Fuzzy Hash: 58A1AF31A18E0C8FCB58EF2CD4C56ADB3E1FBA9310B04461EE48AD7255DA70E985CB85

Function 033BCCD2 Relevance: 1.8, APIs: 1, Instructions: 321COMMON

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 033BCF21

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: _clrfp
String ID:
API String ID: 3618594692-0
Opcode ID: efe40dfbbc0780a1a2bfbda1991ae8976835cde26a98ce25ff59e7c94d75e8ca
Instruction ID: 05f9b9f1d5cf43cece59b55f2f341a5ef724900002a7f53026b73e08036639fb
Opcode Fuzzy Hash: efe40dfbbc0780a1a2bfbda1991ae8976835cde26a98ce25ff59e7c94d75e8ca
Instruction Fuzzy Hash: 17B14730610A4DCFDBA9CF1CC8CABA6B7F1FB49304B198599E959CB666C335D852CB01

Function 033A7B92 Relevance: .4, Instructions: 446COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5704d865c20122bb7255f085bdd420624eadc4fa98812b431343d99789eb5b45
Instruction ID: f5c89dab5e4bbf6aa86554bb220772671ee16acc6bcfeba41326f0199f04ed27
Opcode Fuzzy Hash: 5704d865c20122bb7255f085bdd420624eadc4fa98812b431343d99789eb5b45
Instruction Fuzzy Hash: 57E15D31928F8D8BC749DF68C8D45BAB3E1FBA8300F44571EE88AD7154EB74AA44C781

Function 033B6BCE Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df153f8d60fbe873a3e9d23a0d3d75c95b7a0dac35bf1a23fd1683ae13456419
Instruction ID: 42753157fcc54892bed690e6dc0509f96cc72abac982e21427f5de33f88db2ed
Opcode Fuzzy Hash: df153f8d60fbe873a3e9d23a0d3d75c95b7a0dac35bf1a23fd1683ae13456419
Instruction Fuzzy Hash: 3D61043091CB5C4FDB28EF289C8A1BABBF5FB84710F04475FE586C7156DA30A84286C2

Function 033B4F9A Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2b80bb17cd9c218d1e222d3be9e57a11b086c6eca4a0abdae5755d48babc3af
Instruction ID: c924d89f1d57c02bf996e2b82112144949b01e2ac07c334419c49361b3e64045
Opcode Fuzzy Hash: d2b80bb17cd9c218d1e222d3be9e57a11b086c6eca4a0abdae5755d48babc3af
Instruction Fuzzy Hash: B9511432718E0C4FDB0CDE6CE8989B5B3E2F7AD310315832EE54AD72A5DA74D8468781

Function 033A5EE6 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
Instruction ID: c1c52f56b5eba081b2ccdd9fbf6309b1b29f043a13fc95fe427325a07c8da24f
Opcode Fuzzy Hash: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
Instruction Fuzzy Hash: 932186317156054BE70CCE2EC899575B3D6F7D9205B58C67DD15BCB357C93658038A08

Function 033A5956 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
Instruction ID: 07d4b3b4565894dda7b1ab521cb994f938c9bedda78e714fc1ad8eb2d525bf38
Opcode Fuzzy Hash: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
Instruction Fuzzy Hash: 7711E572315C008FE74CDE3DCDC566573D6EB89214718C2BCE55ACB26AD6358403C744

Function 033B0912 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 460COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 033B096F

Part of subcall function 033B2CD2: __GetUnwindTryBlock.LIBCMT ref: 033B2D15
Part of subcall function 033B2CD2: __SetUnwindTryBlock.LIBVCRUNTIME ref: 033B2D3A

Is_bad_exception_allowed.LIBVCRUNTIME ref: 033B0A47
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 033B0C95
std::bad_alloc::bad_alloc.LIBCMT ref: 033B0DA2

Strings

csm, xrefs: 033B0A6A
csm, xrefs: 033B09F0
csm, xrefs: 033B0989

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 5b2f6b96f28cff2876ba3c8a704bf2042e89a9c9b999a2398d90b7d5bf9477b5
Instruction ID: f40cc00bcb35808bcb0536fcfebd5ae3699da60abed44b9f84d8afeec0f6ee18
Opcode Fuzzy Hash: 5b2f6b96f28cff2876ba3c8a704bf2042e89a9c9b999a2398d90b7d5bf9477b5
Instruction Fuzzy Hash: 85E17030918B088FDB58EF68C8C56EAB7F0FB98354F54065ED58ADB651DB34E481CB82

Function 033B0DE2 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 464COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 033B0F80
std::bad_alloc::bad_alloc.LIBCMT ref: 033B12A9

Strings

csm, xrefs: 033B0FA7
csm, xrefs: 033B0F29
csm, xrefs: 033B0EC7

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: c0e8a6a559005a298c3155eaa0edc71f261e3c6bc1e132040adffd4f92bad855
Instruction ID: 76a2543c70234b8439309f6dc401aeaf08e02ff6c73872ed68653b8d51859682
Opcode Fuzzy Hash: c0e8a6a559005a298c3155eaa0edc71f261e3c6bc1e132040adffd4f92bad855
Instruction Fuzzy Hash: 99E1C334918B488FDB18EF28C8D16E9B7F1FB95310F14465ED596CB662DB30E582CB82

Function 033B01E2 Relevance: 7.9, APIs: 5, Instructions: 439COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 033B0305
__AdjustPointer.LIBCMT ref: 033B0350

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 8e7d662ee8937c04c5f417c45340c4d0fa32b695b79aab3ad2bc43397963f089
Instruction ID: 33f7f1c23e487028213c14959343fc8419e1ee5b59e70e191b30c0b311a47d3d
Opcode Fuzzy Hash: 8e7d662ee8937c04c5f417c45340c4d0fa32b695b79aab3ad2bc43397963f089
Instruction Fuzzy Hash: BAC1E330518F1A8FDB2DEF1C88D42BBB2F0FB94710B58466EC98AC7955EB70D8818791

Function 033A9FC6 Relevance: 7.8, Strings: 6, Instructions: 289COMMON

Download Yara Rule

Strings

`, xrefs: 033AA067
(, xrefs: 033AA27A
H, xrefs: 033AA264
2, xrefs: 033AA21B
, xrefs: 033AA226
P!`, xrefs: 033AA2CE

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID:
String ID: $($2$H$P!`$`
API String ID: 0-2682688576
Opcode ID: f0cd2e5902e2e8dc0272b1842c2263caec52b75ac89b4f60df87ff0c01938c8e
Instruction ID: 6ce74d92376ef547ee69534806055f4736ca6f44241075241fa12252f90624a7
Opcode Fuzzy Hash: f0cd2e5902e2e8dc0272b1842c2263caec52b75ac89b4f60df87ff0c01938c8e
Instruction Fuzzy Hash: C7C1F4B0908B888FD7A4DF1CC48879ABBE0FB99304F504A6ED88DCB215DB745589CF46

Function 033B1556 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON

Download Yara Rule

APIs

_CallSETranslator.LIBVCRUNTIME ref: 033B1611

Strings

RCC, xrefs: 033B15E2
MOC, xrefs: 033B15DA

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: CallTranslator
String ID: MOC$RCC
API String ID: 3163161869-2084237596
Opcode ID: 105ad8849598ec12c5d555c7b147fd1495b1c6b6b71dccbbe2818c1382ea2167
Instruction ID: 4a0d2444762b1b6be702c155ee88ffcf31dd69278a4723140ba92f354e60fddf
Opcode Fuzzy Hash: 105ad8849598ec12c5d555c7b147fd1495b1c6b6b71dccbbe2818c1382ea2167
Instruction Fuzzy Hash: 8FA19230918B488FCB19DF6CC895AE9BBF0FB98304F14465EE589C7551DB74E582CB82

Function 033B12E6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 233COMMON

Download Yara Rule

APIs

_CallSETranslator.LIBVCRUNTIME ref: 033B1391

Strings

RCC, xrefs: 033B1361
MOC, xrefs: 033B1359

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: CallTranslator
String ID: MOC$RCC
API String ID: 3163161869-2084237596
Opcode ID: ce56de7200799010ae32f90d4c8e7df356f577e99ae53dd25fe57116d9e911d3
Instruction ID: 375abb29002e8972a485089eccbeac0bf8280a935987592605b49008f82ea831
Opcode Fuzzy Hash: ce56de7200799010ae32f90d4c8e7df356f577e99ae53dd25fe57116d9e911d3
Instruction Fuzzy Hash: ED71C530918B488FD768DF2CD886BEAB7E0FB99304F144A5ED58AC7211D774E581CB82

Function 033AFC1A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 033AFC45
_IsNonwritableInCurrentImage.LIBCMT ref: 033AFCDC

Strings

csm, xrefs: 033AFCC3

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: CurrentImageNonwritable__except_validate_context_record
String ID: csm
API String ID: 3242871069-1018135373
Opcode ID: 739d50aa53a7372d3f9f8c4cca6286223fd376175fafd75e91ede1457cd359ba
Instruction ID: 33d022db0c00ef467534c4680ba591517696032195a22c6b15375791e16f53fd
Opcode Fuzzy Hash: 739d50aa53a7372d3f9f8c4cca6286223fd376175fafd75e91ede1457cd359ba
Instruction Fuzzy Hash: 9761C230618E098BCF29EE5CECC5A74B3D5FB54354F14416EE88AC725AEB30E8528BC5

Function 033B23A6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 033B2450
_CreateFrameInfo.LIBVCRUNTIME ref: 033B2479

Strings

csm, xrefs: 033B2579

Memory Dump Source

Source File: 00000000.00000002.1703305136.00000000033A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 033A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_33a0000_QTmGYKK6SL.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
Instruction ID: 63d9c317b9c716b5eefb41809b3f355cad937a1695dd4bc65a1580d8552be6b8
Opcode Fuzzy Hash: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
Instruction Fuzzy Hash: FC5165B4918F088FD764EF2CC4C5A69B7E5FB99351F11065EE589CB621DB30E842CB82

Analysis Process: o0c2ddmlg7qrbu2xkviy.exePID: 5844, Parent PID: 6544COMMON

Executed Functions

Function 00007FF6650412FD Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.1970373625.00007FF665041000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF665040000, based on PE: true

Associated: 00000003.00000002.1970361216.00007FF665040000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1970388570.00007FF665050000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1970402379.00007FF665051000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1970402379.00007FF66564C000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1970402379.00007FF66564E000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1970966457.00007FF665A5D000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1970994571.00007FF665A65000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1970994571.00007FF665A67000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1971086344.00007FF665A68000.00000008.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.1971120425.00007FF665A6B000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff665040000_o0c2ddmlg7qrbu2xkviy.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9530b670b6bc79fe9eaccb2c34df731090ecf1aa2220e2cef9c324af77e614e1
Instruction ID: 0a4ca2396aedb37df83db20a4872948c74815feff93d324d997bb0b95425714c
Opcode Fuzzy Hash: 9530b670b6bc79fe9eaccb2c34df731090ecf1aa2220e2cef9c324af77e614e1
Instruction Fuzzy Hash: 1EB01234A14305C4F3012F16EC4325C3230AF14F00F400030C80C4B362CF7D98514720

Analysis Process: main.exePID: 3164, Parent PID: 620COMMON

Execution Graph

Execution Coverage:	6.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	7.7%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 00007FFE10246DF3 Relevance: 54.6, APIs: 23, Strings: 8, Instructions: 332
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

LocalAlloc.KERNEL32 ref: 00007FFE10246E28
wcsncpy.MSVCRT ref: 00007FFE10246E56
LookupAccountNameW.ADVAPI32 ref: 00007FFE10246EB3
GetLastError.KERNEL32 ref: 00007FFE10246EC5
GetLastError.KERNEL32 ref: 00007FFE10246F0E
LocalAlloc.KERNEL32 ref: 00007FFE10246F3D
LookupAccountNameW.ADVAPI32 ref: 00007FFE10246F79
LocalFree.KERNEL32 ref: 00007FFE10246F86
GetLastError.KERNEL32 ref: 00007FFE10246F91

Part of subcall function 00007FFE102440D2: EnterCriticalSection.KERNEL32 ref: 00007FFE102441A3
Part of subcall function 00007FFE102440D2: LeaveCriticalSection.KERNEL32 ref: 00007FFE102441CB
Part of subcall function 00007FFE102440D2: CopyFileA.KERNEL32 ref: 00007FFE10244228

GetProcessHeap.KERNEL32 ref: 00007FFE10247284
HeapAlloc.KERNEL32 ref: 00007FFE10247295

Strings

[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE10246ED7, 00007FFE10246F23, 00007FFE10246FA3
D, xrefs: 00007FFE10246E45
sid_to_str, xrefs: 00007FFE1024711A
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE10246DFD, 00007FFE102472B2
mem_alloc, xrefs: 00007FFE10246DF6, 00007FFE102472AB
[D] (%s) -> User found(name=%s,s_sid=%s,acct_expires=%x,last_logon=%x), xrefs: 00007FFE10247100
users_sync, xrefs: 00007FFE10246ED0, 00007FFE10246F1C, 00007FFE10246F9C, 00007FFE102470F9
[E] (%s) -> ConvertSidToStringSid failed(gle=%lu), xrefs: 00007FFE10247121

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: AllocErrorLastLocal$AccountCriticalHeapLookupNameSection$CopyEnterFileFreeLeaveProcessfflushfwritewcsncpy
String ID: D$[D] (%s) -> User found(name=%s,s_sid=%s,acct_expires=%x,last_logon=%x)$[E] (%s) -> ConvertSidToStringSid failed(gle=%lu)$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$sid_to_str$users_sync
API String ID: 3624467404-104752423
Opcode ID: a0c95d91e4369224ee69ffe4f0886408ff921e2969674c85983f0f3a9c1182ca
Instruction ID: be2ce0ecd693f06a4bd4ed69472f91ee6abe20ddd455084a4561acc6928fa9a2
Opcode Fuzzy Hash: a0c95d91e4369224ee69ffe4f0886408ff921e2969674c85983f0f3a9c1182ca
Instruction Fuzzy Hash: 1BF14B66A0CE02C6EB608B16E4443796BA1FBC8774F1500B2DB5E877B6EE7CE845C741

Function 00007FF7BACD3452 Relevance: 27.3, APIs: 7, Strings: 11, Instructions: 253memorystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BACE8500,00000000,00000000), ref: 00007FF7BACD349D
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BACE8500,00000000,00000000), ref: 00007FF7BACD34AE

Part of subcall function 00007FF7BACD5015: fopen.MSVCRT ref: 00007FF7BACD505A
Part of subcall function 00007FF7BACD5015: fseek.MSVCRT ref: 00007FF7BACD5079
Part of subcall function 00007FF7BACD5015: _errno.MSVCRT ref: 00007FF7BACD508D
Part of subcall function 00007FF7BACD5015: _errno.MSVCRT ref: 00007FF7BACD50A8

GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BACE8500,00000000,00000000), ref: 00007FF7BACD35DA
HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7BACE8500,00000000,00000000), ref: 00007FF7BACD35EB
strncpy.MSVCRT ref: 00007FF7BACD36F4
strncpy.MSVCRT ref: 00007FF7BACD37E2
strncpy.MSVCRT ref: 00007FF7BACD37F7

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF7BACD3640
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD3522
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF7BACD350D
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD34E6
(path != NULL), xrefs: 00007FF7BACD3514
mem_alloc, xrefs: 00007FF7BACD3639
5, xrefs: 00007FF7BACD3505
[I] (%s) -> Done(path=%s), xrefs: 00007FF7BACD384E
NULL, xrefs: 00007FF7BACD3838
service, xrefs: 00007FF7BACD345D
ini_load, xrefs: 00007FF7BACD34DF, 00007FF7BACD351B, 00007FF7BACD3847

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc$service
API String ID: 1423203057-455140666
Opcode ID: 6ddc479bc11967d2225c0c5f849eea2d70ec7ec8fbbd2fd89b086ef18872a135
Instruction ID: b8b9b561054700a8cd335c857ff629b739339c49c746f73117b839df95ab2456
Opcode Fuzzy Hash: 6ddc479bc11967d2225c0c5f849eea2d70ec7ec8fbbd2fd89b086ef18872a135
Instruction Fuzzy Hash: 9CB1B166A0968291FA51BB19A44837AEB91FB72B84FC840B5DF8D0778DDF7CE405C320

Function 00007FFE11EC5BF3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32 ref: 00007FFE11EC5C39
strcpy.MSVCRT ref: 00007FFE11EC5C54
FindFirstFileA.KERNEL32 ref: 00007FFE11EC5D27
GetLastError.KERNEL32 ref: 00007FFE11EC5D43
GetLastError.KERNEL32 ref: 00007FFE11EC5D72
FindClose.KERNEL32 ref: 00007FFE11EC5D90

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

(resume_handle != NULL), xrefs: 00007FFE11EC5CF9
[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu), xrefs: 00007FFE11EC5DA8
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11EC5C82, 00007FFE11EC5CBA, 00007FFE11EC5CF2
(name != NULL), xrefs: 00007FFE11EC5CC1
fs_dir_list, xrefs: 00007FFE11EC5C90, 00007FFE11EC5CC8, 00007FFE11EC5D00, 00007FFE11EC5D5D, 00007FFE11EC5DA1
[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu), xrefs: 00007FFE11EC5D64
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC5C97, 00007FFE11EC5CCF, 00007FFE11EC5D07
(path != NULL), xrefs: 00007FFE11EC5C89

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
API String ID: 4253334766-1535167640
Opcode ID: 409c3b7b22b22245a4a5f9e1b64c03c63d989e592a936231ffe5ac6cae602da9
Instruction ID: 53e45a94ee3bcfa4063a84e939b21e73158bc332fb1e8387e8e460918d04ef0d
Opcode Fuzzy Hash: 409c3b7b22b22245a4a5f9e1b64c03c63d989e592a936231ffe5ac6cae602da9
Instruction Fuzzy Hash: 2E613B21F0CE4389FB249B96AC043BB2258AF10375FD451B2E85E5B2F4DE6CF9458741

Function 00007FF7BACD47F3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE ref: 00007FF7BACD4839
_mbscpy.MSVCRT ref: 00007FF7BACD4854
FindFirstFileA.KERNEL32 ref: 00007FF7BACD4927
GetLastError.KERNEL32 ref: 00007FF7BACD4943
GetLastError.KERNEL32 ref: 00007FF7BACD4972
FindClose.KERNEL32 ref: 00007FF7BACD4990

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD4897, 00007FF7BACD48CF, 00007FF7BACD4907
fs_dir_list, xrefs: 00007FF7BACD4890, 00007FF7BACD48C8, 00007FF7BACD4900, 00007FF7BACD495D, 00007FF7BACD49A1
[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu), xrefs: 00007FF7BACD4964
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7BACD4882, 00007FF7BACD48BA, 00007FF7BACD48F2
(resume_handle != NULL), xrefs: 00007FF7BACD48F9
(path != NULL), xrefs: 00007FF7BACD4889
(name != NULL), xrefs: 00007FF7BACD48C1
[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu), xrefs: 00007FF7BACD49A8

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Find$ErrorFileLast$CloseFirstNext_mbscpyfflushfwrite
String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
API String ID: 1094913617-1535167640
Opcode ID: 31ce2ca2e1ee8476024e7a7709de7764d6abc175595fe46fba7d7720874f4b8f
Instruction ID: 84039e30aed7b1621e74c50bab4f5d8a474654c975cf2a5b812a1aec16821224
Opcode Fuzzy Hash: 31ce2ca2e1ee8476024e7a7709de7764d6abc175595fe46fba7d7720874f4b8f
Instruction Fuzzy Hash: CF617231E0C54385FA207B5CA90C3B8E155AF32394FC551B2DFAD6B2DCDE2CA8859365

Function 00007FFE10246DAF Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 167memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE10246CCF: GetProcessHeap.KERNEL32 ref: 00007FFE10246D1D
Part of subcall function 00007FFE10246CCF: HeapFree.KERNEL32 ref: 00007FFE10246D2E
Part of subcall function 00007FFE10246CCF: GetProcessHeap.KERNEL32 ref: 00007FFE10246D42
Part of subcall function 00007FFE10246CCF: HeapFree.KERNEL32 ref: 00007FFE10246D53
Part of subcall function 00007FFE10246CCF: LocalFree.KERNEL32 ref: 00007FFE10246D69
Part of subcall function 00007FFE10246CCF: GetProcessHeap.KERNEL32 ref: 00007FFE10246D7D
Part of subcall function 00007FFE10246CCF: HeapFree.KERNEL32 ref: 00007FFE10246D8E

NetApiBufferFree.NETAPI32 ref: 00007FFE102472D3
NetUserEnum.NETAPI32 ref: 00007FFE10247349
GetProcessHeap.KERNEL32 ref: 00007FFE10247387
HeapAlloc.KERNEL32 ref: 00007FFE10247398
memcpy.MSVCRT ref: 00007FFE102473D5
GetProcessHeap.KERNEL32 ref: 00007FFE102473DA
HeapFree.KERNEL32 ref: 00007FFE102473EB

Strings

[I] (%s) -> Done(sam_user_num=%u), xrefs: 00007FFE10247578
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE10246DDD
mem_alloc, xrefs: 00007FFE10246DD6
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1024743A
users_sync, xrefs: 00007FFE10247433, 00007FFE1024745C, 00007FFE10247571
[E] (%s) -> NetUserEnum failed(enum_err=%08lx), xrefs: 00007FFE10247463

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Heap$Free$Process$AllocBufferEnumLocalUsermemcpy
String ID: [E] (%s) -> Failed(err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> NetUserEnum failed(enum_err=%08lx)$[I] (%s) -> Done(sam_user_num=%u)$mem_alloc$users_sync
API String ID: 1987963910-3382179125
Opcode ID: f82548c41b64e104f45176bb652d640d323ef8c93e62912a90947e9cbac2ef3b
Instruction ID: 7b8e61987ced0c77de0a5da6819e961703ab4f274233ea410993374ed1def07e
Opcode Fuzzy Hash: f82548c41b64e104f45176bb652d640d323ef8c93e62912a90947e9cbac2ef3b
Instruction Fuzzy Hash: 51617D61A0CE46C5FA209756B8443B96EA0BFD43B4F5400B2DB6D8B7B3EE6DE855C301

Function 00007FFE1A45290A Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 89networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE1A452928
WSAGetLastError.WS2_32 ref: 00007FFE1A452A12

Part of subcall function 00007FFE1A45283A: setsockopt.WS2_32 ref: 00007FFE1A45286A

htonl.WS2_32 ref: 00007FFE1A45295A
htons.WS2_32 ref: 00007FFE1A45296B
bind.WS2_32 ref: 00007FFE1A452984
listen.WS2_32 ref: 00007FFE1A452999
WSAGetLastError.WS2_32 ref: 00007FFE1A4529AA

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

WSAGetLastError.WS2_32 ref: 00007FFE1A4529D4

Strings

tcp_listen, xrefs: 00007FFE1A4529BF, 00007FFE1A4529E9, 00007FFE1A452A23, 00007FFE1A452A57
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1A452A2A
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE1A452A5E
[E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1A4529F0
[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1A4529C6

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLast$bindfflushfwritehtonlhtonslistensetsockoptsocket
String ID: [E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$tcp_listen
API String ID: 3590747132-3524496754
Opcode ID: f8bff91af96c5007eb7fcf78505af45f0c951cb3b5af3f813e452651c67239d6
Instruction ID: b1e5f74bc5d99e130e64d2497396a62f854540d4cc3dcfe25794bd0c9002a327
Opcode Fuzzy Hash: f8bff91af96c5007eb7fcf78505af45f0c951cb3b5af3f813e452651c67239d6
Instruction Fuzzy Hash: C13195A1B48E0646E620AB27A8001B573A0AF54FB4F1853F7E97D436F1EE7CE4658740

Function 00007FF7BACD1DBC Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 120stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF7BACD1DD4
strcmp.MSVCRT ref: 00007FF7BACD1DE7
StartServiceCtrlDispatcherA.ADVAPI32 ref: 00007FF7BACD1E23
_read.MSVCRT ref: 00007FF7BACD1E79
GetLastError.KERNEL32 ref: 00007FF7BACD1E98

Part of subcall function 00007FF7BACD1A63: FreeLibrary.KERNEL32(?,?,00000000,000002BAD3D813D0,00007FF7BACD1E50,?,?,?,?,?,?,00000001,00007FF7BACD1FC3,?,?,00007FF7BACE8508), ref: 00007FF7BACD1AA1
Part of subcall function 00007FF7BACD1A63: GetProcessHeap.KERNEL32(?,?,00000000,000002BAD3D813D0,00007FF7BACD1E50,?,?,?,?,?,?,00000001,00007FF7BACD1FC3,?,?,00007FF7BACE8508), ref: 00007FF7BACD1AD4
Part of subcall function 00007FF7BACD1A63: HeapFree.KERNEL32(?,?,00000000,000002BAD3D813D0,00007FF7BACD1E50,?,?,?,?,?,?,00000001,00007FF7BACD1FC3,?,?,00007FF7BACE8508), ref: 00007FF7BACD1AE5

Part of subcall function 00007FF7BACD1B1C: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7BACD1E55,?,?,?,?,?,?,00000001,00007FF7BACD1FC3,?,?,00007FF7BACE8508,00000000), ref: 00007FF7BACD1B4D
Part of subcall function 00007FF7BACD1B1C: HeapFree.KERNEL32(?,?,00000000,00007FF7BACD1E55,?,?,?,?,?,?,00000001,00007FF7BACD1FC3,?,?,00007FF7BACE8508,00000000), ref: 00007FF7BACD1B5E

Strings

[E] (%s) -> No a valid run mode(mode=%s), xrefs: 00007FF7BACD1F8B
main, xrefs: 00007FF7BACD1EA3, 00007FF7BACD1F84
RDP-Controller, xrefs: 00007FF7BACD1DF4
standalone, xrefs: 00007FF7BACD1DCA
service, xrefs: 00007FF7BACD1DDD, 00007FF7BACD1E37
[E] (%s) -> StartServiceCtrlDispatcherA failed(GetLastError=%lu), xrefs: 00007FF7BACD1EAA

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Heap$Free$Processstrcmp$CtrlDispatcherErrorLastLibraryServiceStart_read
String ID: RDP-Controller$[E] (%s) -> No a valid run mode(mode=%s)$[E] (%s) -> StartServiceCtrlDispatcherA failed(GetLastError=%lu)$main$service$standalone
API String ID: 3617873859-308889057
Opcode ID: 55467b970312a76cee8264313134d138696b032ea232789205e1211f0220befb
Instruction ID: f96eedfeeb343766d1c1b49d62b207654a46f5cc54c6ba34e911030e8c5d0924
Opcode Fuzzy Hash: 55467b970312a76cee8264313134d138696b032ea232789205e1211f0220befb
Instruction Fuzzy Hash: B0511714A0C64395FBA0775CA48C378A291AF3A344FD425B3DF8E4669ADF1DE8819232

Function 00007FF7BACD1131 Relevance: 13.6, APIs: 9, Instructions: 120sleepstringCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,00007FF7BACD1313), ref: 00007FF7BACD116E
_amsg_exit.MSVCRT ref: 00007FF7BACD118D
_initterm.MSVCRT ref: 00007FF7BACD11AE
_initterm.MSVCRT ref: 00007FF7BACD11D3
SetUnhandledExceptionFilter.KERNEL32(?,?,?,00007FF7BACD1313), ref: 00007FF7BACD1212
_malloc_dbg.MSVCRT ref: 00007FF7BACD1244
strlen.MSVCRT ref: 00007FF7BACD125C
_malloc_dbg.MSVCRT ref: 00007FF7BACD1268
_cexit.MSVCRT ref: 00007FF7BACD12E3

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: _initterm_malloc_dbg$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
String ID:
API String ID: 4167734774-0
Opcode ID: b69943c6f9b772719986a418f55e2c71d1b60b008ccac56098dddaa58f381500
Instruction ID: dd9f97efe163da1b2d848dc4ef9c97bf9ab4efe6e1a8d751fc4249ebb264c099
Opcode Fuzzy Hash: b69943c6f9b772719986a418f55e2c71d1b60b008ccac56098dddaa58f381500
Instruction Fuzzy Hash: 3E515A21A0860289FB50FB59E848279A3A0BF7AB94F8454B6CF4D47399DF3DF4419360

Function 00007FFE10245F3A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE10245F62
WSAGetLastError.WS2_32 ref: 00007FFE10245F7C

Strings

tcp_recv, xrefs: 00007FFE10245F96, 00007FFE10245FAE, 00007FFE10245FD3
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE10245F9D
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE10245FDA
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE10245FB5

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: f193efd81dde89f2c72c9f1d13d33f0ca31008ea4ec8f01b3fb2f3a9771b48b3
Instruction ID: 2374fc6583b07fe21439b539e445a59e98617dc2754a4615ac1455649b25a65b
Opcode Fuzzy Hash: f193efd81dde89f2c72c9f1d13d33f0ca31008ea4ec8f01b3fb2f3a9771b48b3
Instruction Fuzzy Hash: FB115E90A0CD27D1F6205717A8442B82A546F8A7B4F4113B0EB6D97BF7EE5CA51AC305

Function 00007FF7BACD5015 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fopen.MSVCRT ref: 00007FF7BACD505A
fseek.MSVCRT ref: 00007FF7BACD5079
_errno.MSVCRT ref: 00007FF7BACD508D
_errno.MSVCRT ref: 00007FF7BACD50A8
_errno.MSVCRT ref: 00007FF7BACD5167

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

_errno.MSVCRT ref: 00007FF7BACD5182
_errno.MSVCRT ref: 00007FF7BACD51CF
fclose.MSVCRT ref: 00007FF7BACD5570

Strings

(buf_sz != NULL), xrefs: 00007FF7BACD5109
mem_alloc, xrefs: 00007FF7BACD5434
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD50E4, 00007FF7BACD5117, 00007FF7BACD514A
[E] (%s) -> ftell failed(path=%s,errno=%d), xrefs: 00007FF7BACD5281
[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d), xrefs: 00007FF7BACD509C
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7BACD50CF, 00007FF7BACD5102, 00007FF7BACD5135
[E] (%s) -> fopen failed(path=%s,errno=%d), xrefs: 00007FF7BACD5176
[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d), xrefs: 00007FF7BACD5397
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF7BACD543B
[I] (%s) -> Done(path=%s,buf_sz=%llu), xrefs: 00007FF7BACD55EF
(((*buf) == NULL) || ((*buf_sz) > 0)), xrefs: 00007FF7BACD513C
NULL, xrefs: 00007FF7BACD55D9
[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld), xrefs: 00007FF7BACD5521
[E] (%s) -> fread failed(path=%s,errno=%d), xrefs: 00007FF7BACD5462
(path != NULL), xrefs: 00007FF7BACD50D6
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD5095, 00007FF7BACD50DD, 00007FF7BACD5110, 00007FF7BACD5143, 00007FF7BACD516F, 00007FF7BACD527A, 00007FF7BACD5390, 00007FF7BACD545B, 00007FF7BACD551A, 00007FF7BACD55A5, 00007FF7BACD55E8

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: _errno$fclosefflushfopenfseekfwrite
String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
API String ID: 2897271634-4120527733
Opcode ID: 9f84269571c8a0eedd8a27f15f6e0f61a213b1d19bbe3ba683093f61b2385d4b
Instruction ID: f55948cb8deaa2c11f3372f9cd8e7a568317f9c6c1be0eabc06e3d1e4a1b534d
Opcode Fuzzy Hash: 9f84269571c8a0eedd8a27f15f6e0f61a213b1d19bbe3ba683093f61b2385d4b
Instruction Fuzzy Hash: E8D19E61A0864685FA11BB5DE8483B8A391AF73781FC414B2DF4D476A8EE3CF9859320

Function 00007FFE1A453AF7 Relevance: 66.8, APIs: 10, Strings: 28, Instructions: 327
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1A453B12
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1A453B3F
CreateThread.KERNEL32 ref: 00007FFE1A453B8B
CreateThread.KERNEL32 ref: 00007FFE1A453BEB
CreateThread.KERNEL32 ref: 00007FFE1A453C4B
GetLastError.KERNEL32 ref: 00007FFE1A453CA2
GetLastError.KERNEL32 ref: 00007FFE1A453DBE
GetLastError.KERNEL32 ref: 00007FFE1A453E96

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

GetLastError.KERNEL32 ref: 00007FFE1A453F9E

Part of subcall function 00007FFE1A4520C2: EnterCriticalSection.KERNEL32 ref: 00007FFE1A452193
Part of subcall function 00007FFE1A4520C2: LeaveCriticalSection.KERNEL32 ref: 00007FFE1A4521BB
Part of subcall function 00007FFE1A4520C2: CopyFileA.KERNEL32 ref: 00007FFE1A452218

GetLastError.KERNEL32 ref: 00007FFE1A45409C

Strings

~, xrefs: 00007FFE1A453D20
[E] (%s) -> CreateThread(routine_gc) failed(gle=%lu), xrefs: 00007FFE1A453EA8
server_init, xrefs: 00007FFE1A453BA8, 00007FFE1A453C08, 00007FFE1A453C68, 00007FFE1A453C8A, 00007FFE1A453CAD, 00007FFE1A453DC9, 00007FFE1A453EA1, 00007FFE1A453FA9, 00007FFE1A4540A7, 00007FFE1A45419A
, xrefs: 00007FFE1A453FBC
~, xrefs: 00007FFE1A4540E2
P, xrefs: 00007FFE1A4540E7
P, xrefs: 00007FFE1A453F0E
P, xrefs: 00007FFE1A454016
P, xrefs: 00007FFE1A453D25
[E] (%s) -> CreateThread(routine_tx) failed(gle=%lu), xrefs: 00007FFE1A4540AE
, xrefs: 00007FFE1A453CC0
routine_tx, xrefs: 00007FFE1A453C61
[I] (%s) -> %s, xrefs: 00007FFE1A453C91
routine_gc, xrefs: 00007FFE1A453BA1
Done, xrefs: 00007FFE1A453C83
[E] (%s) -> CreateThread(routine_accept) failed(gle=%lu), xrefs: 00007FFE1A453FB0
~, xrefs: 00007FFE1A454011
, xrefs: 00007FFE1A4540BA
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_clients) failed(gle=%lu), xrefs: 00007FFE1A453DD0
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A4541A1
, xrefs: 00007FFE1A453EB4
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_queue) failed(gle=%lu), xrefs: 00007FFE1A453CB4
[I] (%s) -> CreateThread(%s) done, xrefs: 00007FFE1A453BAF, 00007FFE1A453C0F, 00007FFE1A453C6F
~, xrefs: 00007FFE1A453F09
, xrefs: 00007FFE1A453DDC
~, xrefs: 00007FFE1A453E3C
P, xrefs: 00007FFE1A453E45
routine_accept, xrefs: 00007FFE1A453C01

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLast$CriticalSection$CreateThread$CountInitializeSpin$CopyEnterFileLeavefflushfwrite
String ID: $ $ $ $ $Done$P$P$P$P$P$[E] (%s) -> CreateThread(routine_accept) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_gc) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_tx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_clients) failed(gle=%lu)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_queue) failed(gle=%lu)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$routine_accept$routine_gc$routine_tx$server_init$~$~$~$~$~
API String ID: 3214881788-719614687
Opcode ID: 814ef7d209ae360dfc6d6398dd159066661408ab670544f83ce77df514a77a89
Instruction ID: b81288ea7108ba2ad67f1e4b08c715eae9fe131356ce730b85256743d9a044e8
Opcode Fuzzy Hash: 814ef7d209ae360dfc6d6398dd159066661408ab670544f83ce77df514a77a89
Instruction Fuzzy Hash: 96F108A0F0CF0381FB60A756A89437922A19B14F75F2403F3D53E0B2F6DE6DB9A58241

Function 00007FFE1A45487C Relevance: 58.0, APIs: 11, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE1A4551A4: LoadLibraryA.KERNEL32 ref: 00007FFE1A4551B2

Part of subcall function 00007FFE1A455123: GetProcAddress.KERNEL32 ref: 00007FFE1A455143

FreeLibrary.KERNEL32 ref: 00007FFE1A45490F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE1A45495B
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE1A454974
GetLastError.KERNEL32 ref: 00007FFE1A454982

Strings

, xrefs: 00007FFE1A454B53
~, xrefs: 00007FFE1A454BA9
:, xrefs: 00007FFE1A454ADB
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE1A4548F4
%, xrefs: 00007FFE1A454A89
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE1A454A9C, 00007FFE1A454B70
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE1A454DA7
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE1A454994
sys_init, xrefs: 00007FFE1A4548ED, 00007FFE1A454922, 00007FFE1A45498D, 00007FFE1A454A6E, 00007FFE1A454B40, 00007FFE1A454B7E, 00007FFE1A454C31, 00007FFE1A454CC7, 00007FFE1A454DA0
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE1A454B85
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE1A454B47
C:\Windows, xrefs: 00007FFE1A45496D, 00007FFE1A454A60
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE1A454AAA
MachineGuid, xrefs: 00007FFE1A454AA3
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A454929
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE1A454CCE
P, xrefs: 00007FFE1A454BB2
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE1A454C38
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE1A454A75
\, xrefs: 00007FFE1A454AE0
ntdll.dll, xrefs: 00007FFE1A454884
RtlGetVersion, xrefs: 00007FFE1A45489C

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: ce9ae63d77125e1254aada9a548ba752f22cfe5e2c4af01e954c6cc378a2dbe5
Instruction ID: 1e4fbaa9124b88631b93099a7507f55ab0637853d78d53dd5c06e25b083bd878
Opcode Fuzzy Hash: ce9ae63d77125e1254aada9a548ba752f22cfe5e2c4af01e954c6cc378a2dbe5
Instruction Fuzzy Hash: B3D17DA1F0CE5382FB61AB17E4403B863A1AB51F74F1541F3CA5D5B6B2DE2CA9A4C341

Function 00007FFE126D34DC Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE126D3E04: LoadLibraryA.KERNEL32 ref: 00007FFE126D3E12

Part of subcall function 00007FFE126D3D83: GetProcAddress.KERNEL32 ref: 00007FFE126D3DA3

FreeLibrary.KERNEL32 ref: 00007FFE126D356F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE126D35BB
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE126D35D4
GetLastError.KERNEL32 ref: 00007FFE126D35E2

Strings

\, xrefs: 00007FFE126D3740
%, xrefs: 00007FFE126D36E9
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE126D3554
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE126D392E
RtlGetVersion, xrefs: 00007FFE126D34FC
~, xrefs: 00007FFE126D3809
sys_init, xrefs: 00007FFE126D354D, 00007FFE126D3582, 00007FFE126D35ED, 00007FFE126D36CE, 00007FFE126D37A0, 00007FFE126D37DE, 00007FFE126D3891, 00007FFE126D3927, 00007FFE126D3A00
C:\Windows, xrefs: 00007FFE126D35CD, 00007FFE126D36C0
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE126D3898
, xrefs: 00007FFE126D37B3
MachineGuid, xrefs: 00007FFE126D3703
P, xrefs: 00007FFE126D3812
ntdll.dll, xrefs: 00007FFE126D34E4
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE126D36FC, 00007FFE126D37D0
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE126D36D5
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE126D37A7
:, xrefs: 00007FFE126D373B
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE126D3589
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE126D3A07
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE126D35F4
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE126D370A
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE126D37E5

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 3b3c1b133227a8bad1d2144b89a4456320b7ea5323494489f9a52021d4d8da23
Instruction ID: f81a0ad648d5b28d3092c61eec59499c95856ce045bb2a4e1bc6f35bc74c78fe
Opcode Fuzzy Hash: 3b3c1b133227a8bad1d2144b89a4456320b7ea5323494489f9a52021d4d8da23
Instruction Fuzzy Hash: 2DD16C61E0CE5F86FB209B57EC803B92250AF45774F1541B2D98E076F4EEECE8948B91

Function 00007FFE1150C25C Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE1150BC64: LoadLibraryA.KERNEL32 ref: 00007FFE1150BC72

Part of subcall function 00007FFE1150BBE3: GetProcAddress.KERNEL32 ref: 00007FFE1150BC03

FreeLibrary.KERNEL32 ref: 00007FFE1150C2EF
GetNativeSystemInfo.KERNEL32 ref: 00007FFE1150C33B
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE1150C354
GetLastError.KERNEL32 ref: 00007FFE1150C362

Strings

C:\Windows, xrefs: 00007FFE1150C34D, 00007FFE1150C440
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1150C309
RtlGetVersion, xrefs: 00007FFE1150C27C
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE1150C455
~, xrefs: 00007FFE1150C589
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE1150C565
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE1150C787
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE1150C618
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE1150C527
MachineGuid, xrefs: 00007FFE1150C483
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE1150C48A
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE1150C6AE
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE1150C374
ntdll.dll, xrefs: 00007FFE1150C264
sys_init, xrefs: 00007FFE1150C2CD, 00007FFE1150C302, 00007FFE1150C36D, 00007FFE1150C44E, 00007FFE1150C520, 00007FFE1150C55E, 00007FFE1150C611, 00007FFE1150C6A7, 00007FFE1150C780
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE1150C47C, 00007FFE1150C550
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE1150C2D4
, xrefs: 00007FFE1150C533
P, xrefs: 00007FFE1150C592
%, xrefs: 00007FFE1150C469
:, xrefs: 00007FFE1150C4BB
\, xrefs: 00007FFE1150C4C0

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: bfd07b4d3620cfcd3bc3c6517118baa50ff2612316696af1ebdc37463817eb14
Instruction ID: 053d6743455b8ed8cd1ab44cf0c6d6a8938048f5e9aa3d1e7bbfa83a50c5ca6c
Opcode Fuzzy Hash: bfd07b4d3620cfcd3bc3c6517118baa50ff2612316696af1ebdc37463817eb14
Instruction Fuzzy Hash: 70D17B22E0CF57C1FB219BDBE8403BD2269AF06774F1501FAC94E176B0DE2DA9858742

Function 00007FFE13226E0C Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE13227734: LoadLibraryA.KERNEL32 ref: 00007FFE13227742

Part of subcall function 00007FFE132276B3: GetProcAddress.KERNEL32 ref: 00007FFE132276D3

FreeLibrary.KERNEL32 ref: 00007FFE13226E9F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE13226EEB
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE13226F04
GetLastError.KERNEL32 ref: 00007FFE13226F12

Strings

[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE13227115
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE132271C8
C:\Windows, xrefs: 00007FFE13226EFD, 00007FFE13226FF0
ntdll.dll, xrefs: 00007FFE13226E14
MachineGuid, xrefs: 00007FFE13227033
\, xrefs: 00007FFE13227070
RtlGetVersion, xrefs: 00007FFE13226E2C
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE13227005
:, xrefs: 00007FFE1322706B
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE1322725E
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE132270D7
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE1322702C, 00007FFE13227100
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE13226E84
sys_init, xrefs: 00007FFE13226E7D, 00007FFE13226EB2, 00007FFE13226F1D, 00007FFE13226FFE, 00007FFE132270D0, 00007FFE1322710E, 00007FFE132271C1, 00007FFE13227257, 00007FFE13227330
~, xrefs: 00007FFE13227139
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE13227337
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE13226EB9
P, xrefs: 00007FFE13227142
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE1322703A
, xrefs: 00007FFE132270E3
%, xrefs: 00007FFE13227019
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE13226F24

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 728b767adc8d527ebe255513fc84395f47a792a5c3bda38828877f2e585362b2
Instruction ID: f94442d07ae30904aebb2d3bd4fb97b918e0a803026ce75e301a410199a5a65e
Opcode Fuzzy Hash: 728b767adc8d527ebe255513fc84395f47a792a5c3bda38828877f2e585362b2
Instruction Fuzzy Hash: 46D12B22E1CE5289FB70A71BF8407B96260AFF4B74F1541B6D94E272B1DE6DAC44C381

Function 00007FFE1024210C Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE10242A34: LoadLibraryA.KERNEL32 ref: 00007FFE10242A42

Part of subcall function 00007FFE102429B3: GetProcAddress.KERNEL32 ref: 00007FFE102429D3

FreeLibrary.KERNEL32 ref: 00007FFE1024219F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE102421EB
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE10242204
GetLastError.KERNEL32 ref: 00007FFE10242212

Strings

[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE10242415
RtlGetVersion, xrefs: 00007FFE1024212C
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE102421B9
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE10242184
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE1024233A
C:\Windows, xrefs: 00007FFE102421FD, 00007FFE102422F0
:, xrefs: 00007FFE1024236B
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE1024255E
~, xrefs: 00007FFE10242439
\, xrefs: 00007FFE10242370
%, xrefs: 00007FFE10242319
MachineGuid, xrefs: 00007FFE10242333
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE1024232C, 00007FFE10242400
, xrefs: 00007FFE102423E3
ntdll.dll, xrefs: 00007FFE10242114
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE10242224
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE10242305
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE10242637
sys_init, xrefs: 00007FFE1024217D, 00007FFE102421B2, 00007FFE1024221D, 00007FFE102422FE, 00007FFE102423D0, 00007FFE1024240E, 00007FFE102424C1, 00007FFE10242557, 00007FFE10242630
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE102423D7
P, xrefs: 00007FFE10242442
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE102424C8

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 4b40777002c449f6e2d1738e7a259e47248f5ef9ef21cdea825fca1331d142d1
Instruction ID: 0a79ec13a55af11697f2ad73b71165a0e32ef19f7ca8a4c580d42a226cf35563
Opcode Fuzzy Hash: 4b40777002c449f6e2d1738e7a259e47248f5ef9ef21cdea825fca1331d142d1
Instruction Fuzzy Hash: 01D16D61E0CE52C1F7209757A8403B96E60ABC6774F9501B2DB4E973B3EE2DA889C345

Function 00007FFE11EC44CC Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE11EC4DF4: LoadLibraryA.KERNEL32 ref: 00007FFE11EC4E02

Part of subcall function 00007FFE11EC4D73: GetProcAddress.KERNEL32 ref: 00007FFE11EC4D93

FreeLibrary.KERNEL32 ref: 00007FFE11EC455F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE11EC45AB
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE11EC45C4
GetLastError.KERNEL32 ref: 00007FFE11EC45D2

Strings

9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE11EC46EC, 00007FFE11EC47C0
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE11EC46C5
ntdll.dll, xrefs: 00007FFE11EC44D4
, xrefs: 00007FFE11EC47A3
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE11EC4797
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE11EC49F7
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE11EC4544
MachineGuid, xrefs: 00007FFE11EC46F3
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE11EC45E4
\, xrefs: 00007FFE11EC4730
sys_init, xrefs: 00007FFE11EC453D, 00007FFE11EC4572, 00007FFE11EC45DD, 00007FFE11EC46BE, 00007FFE11EC4790, 00007FFE11EC47CE, 00007FFE11EC4881, 00007FFE11EC4917, 00007FFE11EC49F0
:, xrefs: 00007FFE11EC472B
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE11EC491E
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE11EC47D5
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE11EC46FA
%, xrefs: 00007FFE11EC46D9
~, xrefs: 00007FFE11EC47F9
RtlGetVersion, xrefs: 00007FFE11EC44EC
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE11EC4888
P, xrefs: 00007FFE11EC4802
C:\Windows, xrefs: 00007FFE11EC45BD, 00007FFE11EC46B0
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11EC4579

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 77ba298abb47a5c0d12a8cf223872496bbf117b7f8215b755508996f17e581e0
Instruction ID: 4d775a5b07e3972da03216e2e6a202b826dfad9de436e4016110a319b840a0ac
Opcode Fuzzy Hash: 77ba298abb47a5c0d12a8cf223872496bbf117b7f8215b755508996f17e581e0
Instruction Fuzzy Hash: 40D17E61E0CE5381FB2097D7EC403BB62A8AB51774F9551B6D94E17BB4EE2CF8448341

Function 00007FF7BACD28FC Relevance: 52.8, APIs: 10, Strings: 20, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7BACD2304: LoadLibraryA.KERNEL32(?,?,service,000002BAD3D813D0,00007FF7BACD2910), ref: 00007FF7BACD2312

Part of subcall function 00007FF7BACD2283: GetProcAddress.KERNEL32(?,?,00000000,000002BAD3D813D0,?,00007FF7BACD292B), ref: 00007FF7BACD22A3

FreeLibrary.KERNEL32 ref: 00007FF7BACD298F
GetNativeSystemInfo.KERNEL32 ref: 00007FF7BACD29DB
GetWindowsDirectoryA.KERNEL32 ref: 00007FF7BACD29F4
GetLastError.KERNEL32 ref: 00007FF7BACD2A02

Strings

RtlGetVersion, xrefs: 00007FF7BACD291C
MachineGuid, xrefs: 00007FF7BACD2B23
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FF7BACD2BC7
[E] (%s) -> Failed(err=%08x), xrefs: 00007FF7BACD29A9
:, xrefs: 00007FF7BACD2B5B
ntdll.dll, xrefs: 00007FF7BACD2904
sys_init, xrefs: 00007FF7BACD296D, 00007FF7BACD29A2, 00007FF7BACD2A0D, 00007FF7BACD2AEE, 00007FF7BACD2BC0, 00007FF7BACD2BFE, 00007FF7BACD2CB1, 00007FF7BACD2D47, 00007FF7BACD2E20
%, xrefs: 00007FF7BACD2B09
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FF7BACD2CB8
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FF7BACD2974
service, xrefs: 00007FF7BACD28FF
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FF7BACD2D4E
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FF7BACD2E27
C:\Windows, xrefs: 00007FF7BACD29ED, 00007FF7BACD2AE0
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FF7BACD2B2A
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FF7BACD2B1C, 00007FF7BACD2BF0
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FF7BACD2A14
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FF7BACD2C05
\, xrefs: 00007FF7BACD2B60
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FF7BACD2AF5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: %$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$service$sys_init
API String ID: 3828489143-3798070276
Opcode ID: 6adf132e8037f4d047643bc80ab3c7f8111de06e89ca55ee02caa9d802eb4487
Instruction ID: 9c5408268f6a3e2cf0177c3fd5c532f2c5d7636c246ae1160f7215ff8ff6aed9
Opcode Fuzzy Hash: 6adf132e8037f4d047643bc80ab3c7f8111de06e89ca55ee02caa9d802eb4487
Instruction Fuzzy Hash: 89D17B71E0C656A1FA60BB1CA4483B8E250EB72755FD510B2CF8E1769CDE2CFC45A3A1

Function 00007FFE1322BCA7 Relevance: 39.4, APIs: 8, Strings: 18, Instructions: 376
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

mem_alloc, xrefs: 00007FFE1322C33C
/line?fields=query, xrefs: 00007FFE1322BFB9
SYSTEM\CurrentControlSet\Services\UpdateService\Parameters, xrefs: 00007FFE1322BF09
ip-api.com, xrefs: 00007FFE1322BFC6
-ILCCNC-, xrefs: 00007FFE1322BCB9
, xrefs: 00007FFE1322C1EC
KCIT, xrefs: 00007FFE1322BCD3
TPCR, xrefs: 00007FFE1322BD3F
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1322C343
last-patch, xrefs: 00007FFE1322BEDC
AKAK, xrefs: 00007FFE1322C1F7
--TSCB--, xrefs: 00007FFE1322C271
-VRSCNC-, xrefs: 00007FFE1322C261
Referer, xrefs: 00007FFE1322BF02
curl/8.4.0, xrefs: 00007FFE1322BFCD
-ILCCNC-, xrefs: 00007FFE1322C202
-ILCCNC-, xrefs: 00007FFE1322BE07
AKAK, xrefs: 00007FFE1322BD38

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID:
String ID: $--TSCB--$-ILCCNC-$-ILCCNC-$-ILCCNC-$-VRSCNC-$/line?fields=query$AKAK$AKAK$KCIT$Referer$SYSTEM\CurrentControlSet\Services\UpdateService\Parameters$TPCR$[E] (%s) -> Memory allocation failed(size=%llu)$curl/8.4.0$ip-api.com$last-patch$mem_alloc
API String ID: 0-4235120829
Opcode ID: 32f65e0a07db0da76d3cf6bef7a582ef3162b3a37664c1b3ef8a336ad840eee9
Instruction ID: 85c5c74210971fef07a099aad3a92585704f7ed32fa5bbd4f30f5af1efacb9b1
Opcode Fuzzy Hash: 32f65e0a07db0da76d3cf6bef7a582ef3162b3a37664c1b3ef8a336ad840eee9
Instruction Fuzzy Hash: 81126221A08F8289EA70AB56F8843B9A3A0EBD8774F104276DA5D677F5DF3CE545C700

Function 00007FFE1322A6C0 Relevance: 37.7, APIs: 9, Strings: 16, Instructions: 167
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE13227734: LoadLibraryA.KERNEL32 ref: 00007FFE13227742

Part of subcall function 00007FFE13227400: GetModuleHandleExA.KERNEL32 ref: 00007FFE1322741E

strlen.MSVCRT ref: 00007FFE1322A818
strlen.MSVCRT ref: 00007FFE1322A834
strcat.MSVCRT ref: 00007FFE1322A850
strlen.MSVCRT ref: 00007FFE1322A858
strcat.MSVCRT ref: 00007FFE1322A87F
strlen.MSVCRT ref: 00007FFE1322A887
strcat.MSVCRT ref: 00007FFE1322A8A5
strlen.MSVCRT ref: 00007FFE1322A8AD
strlen.MSVCRT ref: 00007FFE1322A8C7

Strings

Done, xrefs: 00007FFE1322A98E
C_InitI2P, xrefs: 00007FFE1322A938
i2p_init, xrefs: 00007FFE1322A995, 00007FFE1322A9BB
i2p.su3, xrefs: 00007FFE1322A8E9
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1322A9C2
i2p.conf, xrefs: 00007FFE1322A860
C_StartI2P, xrefs: 00007FFE1322A957
libi2p.dll, xrefs: 00007FFE1322A7B2
i2p.su3, xrefs: 00007FFE1322A8B2
[I] (%s) -> %s, xrefs: 00007FFE1322A99C
--reseed, xrefs: 00007FFE1322A739
.file=, xrefs: 00007FFE1322A743
--datadi, xrefs: 00007FFE1322A704
i2p, xrefs: 00007FFE1322A97E
--conf=, xrefs: 00007FFE1322A6CA
i2p, xrefs: 00007FFE1322A88C

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: strlen$strcat$HandleLibraryLoadModule
String ID: --conf=$--datadi$--reseed$.file=$C_InitI2P$C_StartI2P$Done$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$i2p$i2p$i2p.conf$i2p.su3$i2p.su3$i2p_init$libi2p.dll
API String ID: 1893813203-492052463
Opcode ID: b5cdc75914d221bfbefe16a4f4c13c465e0792fddc7a04030aebfabb7b88f732
Instruction ID: 03f341b98b1f3381530bda91f0fbf68e73fb8eb0cfcbbe6205f1394f1a9bf60c
Opcode Fuzzy Hash: b5cdc75914d221bfbefe16a4f4c13c465e0792fddc7a04030aebfabb7b88f732
Instruction Fuzzy Hash: 4E71823160CF8289F721AB17F9503EAA291EBE8790F440171DA8D6B7A9DF7CD515C740

Function 00007FFE126D14FC Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE126D151C
GetLastError.KERNEL32 ref: 00007FFE126D1650

Part of subcall function 00007FFE126D3AD0: GetModuleHandleExA.KERNEL32 ref: 00007FFE126D3AEE

strlen.MSVCRT ref: 00007FFE126D156E
strlen.MSVCRT ref: 00007FFE126D158A
strcat.MSVCRT ref: 00007FFE126D15A5
strlen.MSVCRT ref: 00007FFE126D15AD
strlen.MSVCRT ref: 00007FFE126D15C2
fopen.MSVCRT ref: 00007FFE126D15E8

Strings

[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE126D1662
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log, xrefs: 00007FFE126D154E, 00007FFE126D1564, 00007FFE126D159B, 00007FFE126D15B8, 00007FFE126D1607
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE126D1615
P, xrefs: 00007FFE126D16DA
dwlmgr.l, xrefs: 00007FFE126D15CA
, xrefs: 00007FFE126D166E
[I] (%s) -> %s, xrefs: 00007FFE126D179B
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE126D1727
Done, xrefs: 00007FFE126D178D
debug_init, xrefs: 00007FFE126D160E, 00007FFE126D1633, 00007FFE126D165B, 00007FFE126D1720, 00007FFE126D1794
~, xrefs: 00007FFE126D16D5
log, xrefs: 00007FFE126D15D7
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE126D163A

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$dwlmgr.l$log$~
API String ID: 3395718042-2859552336
Opcode ID: 978b0a6ebadae812f341b6658679c0ec3d2c2c517391c4d48ff864214b591a68
Instruction ID: 7d22f3c77e9e8696b9df071bfb90b73c2b2488980118792559118e38d1623a8c
Opcode Fuzzy Hash: 978b0a6ebadae812f341b6658679c0ec3d2c2c517391c4d48ff864214b591a68
Instruction Fuzzy Hash: 69512C54E1CE9FC6FB209713AC803B81255AF45774F6441F2C98D066FAEEECA989C301

Function 00007FFE1150C9FC Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1150CA1C
GetLastError.KERNEL32 ref: 00007FFE1150CB50

Part of subcall function 00007FFE1150B930: GetModuleHandleExA.KERNEL32 ref: 00007FFE1150B94E

strlen.MSVCRT ref: 00007FFE1150CA6E
strlen.MSVCRT ref: 00007FFE1150CA8A
strcat.MSVCRT ref: 00007FFE1150CAA5
strlen.MSVCRT ref: 00007FFE1150CAAD
strlen.MSVCRT ref: 00007FFE1150CAC2
fopen.MSVCRT ref: 00007FFE1150CAE8

Strings

[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1150CB3A
~, xrefs: 00007FFE1150CBD5
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE1150CB62
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log, xrefs: 00007FFE1150CA4E, 00007FFE1150CA64, 00007FFE1150CA9B, 00007FFE1150CAB8, 00007FFE1150CB07
rdpctl.l, xrefs: 00007FFE1150CACA
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE1150CB15
, xrefs: 00007FFE1150CB6E
log, xrefs: 00007FFE1150CAD7
debug_init, xrefs: 00007FFE1150CB0E, 00007FFE1150CB33, 00007FFE1150CB5B, 00007FFE1150CC20, 00007FFE1150CC94
[I] (%s) -> %s, xrefs: 00007FFE1150CC9B
Done, xrefs: 00007FFE1150CC8D
P, xrefs: 00007FFE1150CBDA
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE1150CC27

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$rdpctl.l$~
API String ID: 3395718042-1794035234
Opcode ID: 3c2e7bbcb8526972e3423f8e7bc29e03943a38cc64b03e3cdeb29d94f12f5a58
Instruction ID: e4ab8b5b6ea2877be17033a88d64b18bb8abcb26df47401f9bec8462f484e3ea
Opcode Fuzzy Hash: 3c2e7bbcb8526972e3423f8e7bc29e03943a38cc64b03e3cdeb29d94f12f5a58
Instruction Fuzzy Hash: 9E513B61E0CF1381FB219B93E8803BD165EAF0A774F9451FAC90E062B2DF6DA945D341

Function 00007FFE1322794C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1322796C
GetLastError.KERNEL32 ref: 00007FFE13227AA0

Part of subcall function 00007FFE13227400: GetModuleHandleExA.KERNEL32 ref: 00007FFE1322741E

strlen.MSVCRT ref: 00007FFE132279BE
strlen.MSVCRT ref: 00007FFE132279DA
strcat.MSVCRT ref: 00007FFE132279F5
strlen.MSVCRT ref: 00007FFE132279FD
strlen.MSVCRT ref: 00007FFE13227A12
fopen.MSVCRT ref: 00007FFE13227A38

Strings

debug_init, xrefs: 00007FFE13227A5E, 00007FFE13227A83, 00007FFE13227AAB, 00007FFE13227B70, 00007FFE13227BE4
P, xrefs: 00007FFE13227B2A
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE13227A8A
[I] (%s) -> %s, xrefs: 00007FFE13227BEB
cnccli.l, xrefs: 00007FFE13227A1A
log, xrefs: 00007FFE13227A27
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE13227A65
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE13227AB2
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log, xrefs: 00007FFE1322799E, 00007FFE132279B4, 00007FFE132279EB, 00007FFE13227A08, 00007FFE13227A57
Done, xrefs: 00007FFE13227BDD
, xrefs: 00007FFE13227ABE
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE13227B77
~, xrefs: 00007FFE13227B25

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$cnccli.l$debug_init$log$~
API String ID: 3395718042-315528054
Opcode ID: b87acf069d0c111b26ffbcf509236f87ef9b3c2dec2be1befab7b5d9d08e5bd2
Instruction ID: 56e411297a7efd9784a07055c28acd31bdd76ed2c7b59028704e6411b18b0677
Opcode Fuzzy Hash: b87acf069d0c111b26ffbcf509236f87ef9b3c2dec2be1befab7b5d9d08e5bd2
Instruction Fuzzy Hash: 11511A10A0CE4789FA20775BBC903B99250AFF97B4F5151B2D90D262B2DF6DAA86C341

Function 00007FFE1A45226C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1A45228C
GetLastError.KERNEL32 ref: 00007FFE1A4523C0

Part of subcall function 00007FFE1A454E70: GetModuleHandleExA.KERNEL32 ref: 00007FFE1A454E8E

strlen.MSVCRT ref: 00007FFE1A4522DE
strlen.MSVCRT ref: 00007FFE1A4522FA
strcat.MSVCRT ref: 00007FFE1A452315
strlen.MSVCRT ref: 00007FFE1A45231D
strlen.MSVCRT ref: 00007FFE1A452332
fopen.MSVCRT ref: 00007FFE1A452358

Strings

[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE1A452497
log, xrefs: 00007FFE1A452347
P, xrefs: 00007FFE1A45244A
, xrefs: 00007FFE1A4523DE
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE1A4523D2
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE1A452385
~, xrefs: 00007FFE1A452445
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log, xrefs: 00007FFE1A4522BE, 00007FFE1A4522D4, 00007FFE1A45230B, 00007FFE1A452328, 00007FFE1A452377
[I] (%s) -> %s, xrefs: 00007FFE1A45250B
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A4523AA
debug_init, xrefs: 00007FFE1A45237E, 00007FFE1A4523A3, 00007FFE1A4523CB, 00007FFE1A452490, 00007FFE1A452504
Done, xrefs: 00007FFE1A4524FD
evtsrv.l, xrefs: 00007FFE1A45233A

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$evtsrv.l$log$~
API String ID: 3395718042-190452282
Opcode ID: a4a6283dc51dc741a53d2f5bec1208c00311563646a7d26f147c64fa65f9183b
Instruction ID: 3f1247eb60917f37aaca9810065cc1ad2992a4a8c125d3f0860d8c200f2500e4
Opcode Fuzzy Hash: a4a6283dc51dc741a53d2f5bec1208c00311563646a7d26f147c64fa65f9183b
Instruction Fuzzy Hash: DF511CD0B0CE1386FA21AB13E4803B81360AF56F75F5044F3EA1D576B2EE7CA9A58301

Function 00007FFE1024427C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1024429C
GetLastError.KERNEL32 ref: 00007FFE102443D0

Part of subcall function 00007FFE10242700: GetModuleHandleExA.KERNEL32 ref: 00007FFE1024271E

strlen.MSVCRT ref: 00007FFE102442EE
strlen.MSVCRT ref: 00007FFE1024430A
strcat.MSVCRT ref: 00007FFE10244325
strlen.MSVCRT ref: 00007FFE1024432D
strlen.MSVCRT ref: 00007FFE10244342
fopen.MSVCRT ref: 00007FFE10244368

Strings

, xrefs: 00007FFE102443EE
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE102443E2
P, xrefs: 00007FFE1024445A
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE10244395
samctl.l, xrefs: 00007FFE1024434A
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE102444A7
debug_init, xrefs: 00007FFE1024438E, 00007FFE102443B3, 00007FFE102443DB, 00007FFE102444A0, 00007FFE10244514
log, xrefs: 00007FFE10244357
~, xrefs: 00007FFE10244455
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log, xrefs: 00007FFE102442CE, 00007FFE102442E4, 00007FFE1024431B, 00007FFE10244338, 00007FFE10244387
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE102443BA
[I] (%s) -> %s, xrefs: 00007FFE1024451B
Done, xrefs: 00007FFE1024450D

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$samctl.l$~
API String ID: 3395718042-1297835036
Opcode ID: 016f4638319368af51dd97b999517278ba6aac657be23468ad1dcb1b2069bb53
Instruction ID: 0d20be8cfb43b57c38eebda674fa9055b7067cfe3db97d591c298f4adf765339
Opcode Fuzzy Hash: 016f4638319368af51dd97b999517278ba6aac657be23468ad1dcb1b2069bb53
Instruction Fuzzy Hash: 71512B90A0CE13C5FA205B42A8903F82E50AFC5778FA001F6D70D967B7EE6DB946C305

Function 00007FFE11EC9F6C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11EC9F8C
GetLastError.KERNEL32 ref: 00007FFE11ECA0C0

Part of subcall function 00007FFE11EC4AC0: GetModuleHandleExA.KERNEL32 ref: 00007FFE11EC4ADE

strlen.MSVCRT ref: 00007FFE11EC9FDE
strlen.MSVCRT ref: 00007FFE11EC9FFA
strcat.MSVCRT ref: 00007FFE11ECA015
strlen.MSVCRT ref: 00007FFE11ECA01D
strlen.MSVCRT ref: 00007FFE11ECA032
fopen.MSVCRT ref: 00007FFE11ECA058

Strings

prgmgr.l, xrefs: 00007FFE11ECA03A
~, xrefs: 00007FFE11ECA145
[I] (%s) -> %s, xrefs: 00007FFE11ECA20B
P, xrefs: 00007FFE11ECA14A
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log, xrefs: 00007FFE11EC9FBE, 00007FFE11EC9FD4, 00007FFE11ECA00B, 00007FFE11ECA028, 00007FFE11ECA077
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11ECA0AA
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE11ECA197
Done, xrefs: 00007FFE11ECA1FD
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE11ECA085
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE11ECA0D2
debug_init, xrefs: 00007FFE11ECA07E, 00007FFE11ECA0A3, 00007FFE11ECA0CB, 00007FFE11ECA190, 00007FFE11ECA204
, xrefs: 00007FFE11ECA0DE
log, xrefs: 00007FFE11ECA047

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$prgmgr.l$~
API String ID: 3395718042-2735303109
Opcode ID: b3f422636813f9db082be2eff172362a900e087fd06423e4adef8e4629b24b28
Instruction ID: eb1938a2c650cfb8a2e055e257307fe49b03de579b4967c7d8c6cfd5f7866725
Opcode Fuzzy Hash: b3f422636813f9db082be2eff172362a900e087fd06423e4adef8e4629b24b28
Instruction Fuzzy Hash: 4E512C50E0CE4381FB2197E7AC813BB169DAF857E4FD411B6C90E472B2EE6DB9468341

Function 00007FFE126DBAB2 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE126DBB0C
RegQueryValueExA.ADVAPI32 ref: 00007FFE126DBC54

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

, xrefs: 00007FFE126DBC97
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE126DBC82
(value != NULL), xrefs: 00007FFE126DBBDF
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DBB87, 00007FFE126DBBBA, 00007FFE126DBBED, 00007FFE126DBC20
, xrefs: 00007FFE126DBC8E
(root != NULL), xrefs: 00007FFE126DBB79
P, xrefs: 00007FFE126DBCFF
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DBF4B
(key != NULL), xrefs: 00007FFE126DBBAC
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE126DBB72, 00007FFE126DBBA5, 00007FFE126DBBD8, 00007FFE126DBC0B
registry_get_value, xrefs: 00007FFE126DBB27, 00007FFE126DBB80, 00007FFE126DBBB3, 00007FFE126DBBE6, 00007FFE126DBC19, 00007FFE126DBC7B, 00007FFE126DBDC6, 00007FFE126DBF44
(value_sz != NULL), xrefs: 00007FFE126DBC12
P, xrefs: 00007FFE126DBD08
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE126DBB2E
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126DBDCD
NULL, xrefs: 00007FFE126DBCAE, 00007FFE126DBF5C, 00007FFE126DBF68

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: e71e00ddab3813d9aa3897deaadce60e761dc9e739cf8e9d2cd97b8039851cba
Instruction ID: f702d7a0b150f6e71aef12534d5abcd3f3637bfcdc6effa99a9e724cc2f4fe22
Opcode Fuzzy Hash: e71e00ddab3813d9aa3897deaadce60e761dc9e739cf8e9d2cd97b8039851cba
Instruction Fuzzy Hash: 42A11E6090CF4FC7FA60A713AC407B96251AF007B5F5401B2DA9E466F9FEEDA985C342

Function 00007FFE11505192 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE115051EC
RegQueryValueExA.ADVAPI32 ref: 00007FFE11505334

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE1150562B
(key != NULL), xrefs: 00007FFE1150528C
(value != NULL), xrefs: 00007FFE115052BF
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE11505362
(value_sz != NULL), xrefs: 00007FFE115052F2
(root != NULL), xrefs: 00007FFE11505259
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE115054AD
, xrefs: 00007FFE11505377
registry_get_value, xrefs: 00007FFE11505207, 00007FFE11505260, 00007FFE11505293, 00007FFE115052C6, 00007FFE115052F9, 00007FFE1150535B, 00007FFE115054A6, 00007FFE11505624
NULL, xrefs: 00007FFE1150538E, 00007FFE1150563C, 00007FFE11505648
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11505267, 00007FFE1150529A, 00007FFE115052CD, 00007FFE11505300
P, xrefs: 00007FFE115053E8
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE1150520E
P, xrefs: 00007FFE115053DF
, xrefs: 00007FFE1150536E
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE11505252, 00007FFE11505285, 00007FFE115052B8, 00007FFE115052EB

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 435f0e7a9ab592d34743d64c01d9f013227a1ed4134e646b68ad534058a57e85
Instruction ID: f05e6675e38f91c5043fbf3e5b3c84852a500581eb7347f7f25b437ca63089ed
Opcode Fuzzy Hash: 435f0e7a9ab592d34743d64c01d9f013227a1ed4134e646b68ad534058a57e85
Instruction Fuzzy Hash: 68A15761E1CF4B81F7319B86A8403BD225DAF0077DF5501BAD91E476B1EEADE989C302

Function 00007FFE1322D422 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE1322D47C
RegQueryValueExA.ADVAPI32 ref: 00007FFE1322D5C4

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1322D73D
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE1322D5F2
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE1322D8BB
P, xrefs: 00007FFE1322D66F
(root != NULL), xrefs: 00007FFE1322D4E9
(value != NULL), xrefs: 00007FFE1322D54F
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE1322D49E
, xrefs: 00007FFE1322D5FE
(key != NULL), xrefs: 00007FFE1322D51C
P, xrefs: 00007FFE1322D678
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE1322D4E2, 00007FFE1322D515, 00007FFE1322D548, 00007FFE1322D57B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1322D4F7, 00007FFE1322D52A, 00007FFE1322D55D, 00007FFE1322D590
NULL, xrefs: 00007FFE1322D61E, 00007FFE1322D8CC, 00007FFE1322D8D8
, xrefs: 00007FFE1322D607
(value_sz != NULL), xrefs: 00007FFE1322D582
registry_get_value, xrefs: 00007FFE1322D497, 00007FFE1322D4F0, 00007FFE1322D523, 00007FFE1322D556, 00007FFE1322D589, 00007FFE1322D5EB, 00007FFE1322D736, 00007FFE1322D8B4

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 7576ae6a36753d6cf1c14af836e9cd5c39fa3049076cbbfb5f585f907a1cd92d
Instruction ID: 486d5760707648f90153c2aa68ff080708e34ea8fd086900acd5c359e1344c3e
Opcode Fuzzy Hash: 7576ae6a36753d6cf1c14af836e9cd5c39fa3049076cbbfb5f585f907a1cd92d
Instruction Fuzzy Hash: 6BA1417190CF4B8DF670BB16BC003B86250AFF5364F5401B2D96E266B5EEACE985D302

Function 00007FFE1A459B22 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE1A459B7C
RegQueryValueExA.ADVAPI32 ref: 00007FFE1A459CC4

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

Strings

NULL, xrefs: 00007FFE1A459D1E, 00007FFE1A459FCC, 00007FFE1A459FD8
(value != NULL), xrefs: 00007FFE1A459C4F
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE1A459B9E
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A459E3D
(key != NULL), xrefs: 00007FFE1A459C1C
, xrefs: 00007FFE1A459D07
(root != NULL), xrefs: 00007FFE1A459BE9
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE1A459BE2, 00007FFE1A459C15, 00007FFE1A459C48, 00007FFE1A459C7B
P, xrefs: 00007FFE1A459D78
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE1A459FBB
, xrefs: 00007FFE1A459CFE
(value_sz != NULL), xrefs: 00007FFE1A459C82
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE1A459CF2
registry_get_value, xrefs: 00007FFE1A459B97, 00007FFE1A459BF0, 00007FFE1A459C23, 00007FFE1A459C56, 00007FFE1A459C89, 00007FFE1A459CEB, 00007FFE1A459E36, 00007FFE1A459FB4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A459BF7, 00007FFE1A459C2A, 00007FFE1A459C5D, 00007FFE1A459C90
P, xrefs: 00007FFE1A459D6F

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 2eb85fe08712c9625d29b8c13bccc0ad78cd7b35cc400876baf117bdecc1f14f
Instruction ID: f7c0b2e78327a0662eb7ecd4368fb7e1308c0b4bdb4921c01c19065ee0e41507
Opcode Fuzzy Hash: 2eb85fe08712c9625d29b8c13bccc0ad78cd7b35cc400876baf117bdecc1f14f
Instruction Fuzzy Hash: 48A146A5B0CF4781FA60BB43A9403B86651AF02F64F5401F3DA1D876B3EF6DA969C701

Function 00007FFE10243402 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE1024345C
RegQueryValueExA.ADVAPI32 ref: 00007FFE102435A4

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE1024389B
(key != NULL), xrefs: 00007FFE102434FC
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE102435D2
, xrefs: 00007FFE102435E7
P, xrefs: 00007FFE1024364F
P, xrefs: 00007FFE10243658
(root != NULL), xrefs: 00007FFE102434C9
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE102434D7, 00007FFE1024350A, 00007FFE1024353D, 00007FFE10243570
registry_get_value, xrefs: 00007FFE10243477, 00007FFE102434D0, 00007FFE10243503, 00007FFE10243536, 00007FFE10243569, 00007FFE102435CB, 00007FFE10243716, 00007FFE10243894
, xrefs: 00007FFE102435DE
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1024371D
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE102434C2, 00007FFE102434F5, 00007FFE10243528, 00007FFE1024355B
NULL, xrefs: 00007FFE102435FE, 00007FFE102438AC, 00007FFE102438B8
(value != NULL), xrefs: 00007FFE1024352F
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE1024347E
(value_sz != NULL), xrefs: 00007FFE10243562

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 9c977889d563c1987e390171c3469c66642a4b360fa1d16f1788854835f10803
Instruction ID: 0641b8d06e1bded532e6441f63673ca8af7d146fd5fa6da219b60450446bfd2f
Opcode Fuzzy Hash: 9c977889d563c1987e390171c3469c66642a4b360fa1d16f1788854835f10803
Instruction Fuzzy Hash: ACA142A090CF0BE1F6309707A4403B97954AFC0774F5580B2DB5E867B3EEADA985C705

Function 00007FFE11EC3382 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE11EC33DC
RegQueryValueExA.ADVAPI32 ref: 00007FFE11EC3524

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE11EC3442, 00007FFE11EC3475, 00007FFE11EC34A8, 00007FFE11EC34DB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC3457, 00007FFE11EC348A, 00007FFE11EC34BD, 00007FFE11EC34F0
P, xrefs: 00007FFE11EC35CF
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE11EC381B
(key != NULL), xrefs: 00007FFE11EC347C
, xrefs: 00007FFE11EC3567
, xrefs: 00007FFE11EC355E
(root != NULL), xrefs: 00007FFE11EC3449
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC33F7, 00007FFE11EC3450, 00007FFE11EC3483, 00007FFE11EC34B6, 00007FFE11EC34E9, 00007FFE11EC354B, 00007FFE11EC3696, 00007FFE11EC3814
(value_sz != NULL), xrefs: 00007FFE11EC34E2
(value != NULL), xrefs: 00007FFE11EC34AF
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE11EC33FE
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE11EC3552
P, xrefs: 00007FFE11EC35D8
NULL, xrefs: 00007FFE11EC357E, 00007FFE11EC382C, 00007FFE11EC3838

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 7f19a7410ae59509b384c64feabfbea1f96e87a3bd380099ac3d5f47d3dae185
Instruction ID: 4d1fef247f26db6a57c20efbb0b68aee9de68f6d512ea7a0d2b93bd471fa6f2d
Opcode Fuzzy Hash: 7f19a7410ae59509b384c64feabfbea1f96e87a3bd380099ac3d5f47d3dae185
Instruction Fuzzy Hash: DAA13F65D0CF4B91FB20DBC2AC003BB625CAF14764F9451B2CA1E467B1EE6DFA858702

Function 00007FFE1322C66D Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 180threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32 ref: 00007FFE1322C882
GetLastError.KERNEL32 ref: 00007FFE1322C8E3

Strings

[I] (%s) -> %s, xrefs: 00007FFE1322C8D2
server_host, xrefs: 00007FFE1322C6A4
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1322C83C
i2p_addr, xrefs: 00007FFE1322C7D8
[I] (%s) -> CreateThread(%s) done, xrefs: 00007FFE1322C8A2
Done, xrefs: 00007FFE1322C8C4
i2p_sam3_timeo, xrefs: 00007FFE1322C7A5
[E] (%s) -> CreateThread(%s) failed(gle=%lu), xrefs: 00007FFE1322C8FC
i2p_try_num, xrefs: 00007FFE1322C764
server_port, xrefs: 00007FFE1322C6E2
~, xrefs: 00007FFE1322C930
P, xrefs: 00007FFE1322C935
cnccli, xrefs: 00007FFE1322C6AB, 00007FFE1322C6E9, 00007FFE1322C72A, 00007FFE1322C76B, 00007FFE1322C7AC, 00007FFE1322C7DF
cnc_init, xrefs: 00007FFE1322C835, 00007FFE1322C89B, 00007FFE1322C8CB, 00007FFE1322C8F5
, xrefs: 00007FFE1322C908
routine_rx, xrefs: 00007FFE1322C894, 00007FFE1322C8EE
server_timeo, xrefs: 00007FFE1322C723

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: CreateErrorLastThread
String ID: $Done$P$[E] (%s) -> CreateThread(%s) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$cnc_init$cnccli$i2p_addr$i2p_sam3_timeo$i2p_try_num$routine_rx$server_host$server_port$server_timeo$~
API String ID: 1689873465-2891999747
Opcode ID: 33e71f06e42a99735c9f1285eb2e935319501a0d22f8531b1d7d2ee8e9760a1c
Instruction ID: 4718c37c946dd03925daf9a31a33f5660334abfa228cc0232f49ab54dccbfe1e
Opcode Fuzzy Hash: 33e71f06e42a99735c9f1285eb2e935319501a0d22f8531b1d7d2ee8e9760a1c
Instruction Fuzzy Hash: 3E914E60A0CE538DFA30B766BC843B46694AFA8374F5042B1C95D672F5DFBCA945C342

Function 00007FF7BACD4D7B Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 133fileCOMMON

Download Yara Rule

APIs

fopen.MSVCRT ref: 00007FF7BACD4DA3
fclose.MSVCRT ref: 00007FF7BACD4DD5
_errno.MSVCRT ref: 00007FF7BACD4E8F
_errno.MSVCRT ref: 00007FF7BACD4EB0
fwrite.MSVCRT ref: 00007FF7BACD4F24

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD4E42, 00007FF7BACD4E72
(mode != NULL), xrefs: 00007FF7BACD4E64
NULL, xrefs: 00007FF7BACD4FDA, 00007FF7BACD4FE6
[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d), xrefs: 00007FF7BACD4EA4
fs_file_write, xrefs: 00007FF7BACD4E05, 00007FF7BACD4E3B, 00007FF7BACD4E6B, 00007FF7BACD4E9D, 00007FF7BACD4F4D, 00007FF7BACD4FFD
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7BACD4E2D, 00007FF7BACD4E5D
(path != NULL), xrefs: 00007FF7BACD4E34
[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu), xrefs: 00007FF7BACD5004
[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d), xrefs: 00007FF7BACD4F54
[E] (%s) -> Failed(path=%s,mode=%s,err=%08x), xrefs: 00007FF7BACD4E0C

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: _errno$fclosefopenfwrite
String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
API String ID: 608220805-544371937
Opcode ID: 2fa1cd46eac7cf50ee181b8d3ee56f4178c7b011de09ae6be45fd9e8eb5f757e
Instruction ID: 9c6868a0c03b9d6ecdfafe2f8a69c5c4572f691d0c58f33874818dbf80312a56
Opcode Fuzzy Hash: 2fa1cd46eac7cf50ee181b8d3ee56f4178c7b011de09ae6be45fd9e8eb5f757e
Instruction Fuzzy Hash: 0251A031A0864395FA20BB5CDA482B8E2917F76785FC811B2DF9D4769CDF2CF9529320

Function 00007FFE1322328E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE132232AD
CreateDirectoryA.KERNEL32 ref: 00007FFE132232CF
GetLastError.KERNEL32 ref: 00007FFE13223320
strcpy.MSVCRT ref: 00007FFE13223371
strlen.MSVCRT ref: 00007FFE13223379
strlen.MSVCRT ref: 00007FFE13223395
strlen.MSVCRT ref: 00007FFE132233A6
CreateDirectoryA.KERNEL32 ref: 00007FFE13223417
GetLastError.KERNEL32 ref: 00007FFE13223421

Strings

(path != NULL), xrefs: 00007FFE132232F7
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE13223305
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu), xrefs: 00007FFE132233D0
NULL, xrefs: 00007FFE13223547
fs_dir_create, xrefs: 00007FFE132232FE, 00007FFE13223332, 00007FFE132233C9, 00007FFE132234EF, 00007FFE13223556
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE132232F0
[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FFE132234F6
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FFE13223339
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FFE1322355D

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: strlen$CreateDirectoryErrorLast$strcpy
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
API String ID: 1104438493-1059260517
Opcode ID: 8c963961a951776b503a5fc3615dbab1392d406fa737535c647d0a1987d59cda
Instruction ID: 04c167937374464c988c1f65d77e62abe4af8088b7244f5351f3332cf86733ee
Opcode Fuzzy Hash: 8c963961a951776b503a5fc3615dbab1392d406fa737535c647d0a1987d59cda
Instruction Fuzzy Hash: 89716922A0CE438EFA717B17FC807B95251AFE9774F5800B2DA4E662B1DE2CE945C311

Function 00007FFE11EC5E9E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE11EC5EBD
CreateDirectoryA.KERNEL32 ref: 00007FFE11EC5EDF
GetLastError.KERNEL32 ref: 00007FFE11EC5F30
strcpy.MSVCRT ref: 00007FFE11EC5F81
strlen.MSVCRT ref: 00007FFE11EC5F89
strlen.MSVCRT ref: 00007FFE11EC5FA5
strlen.MSVCRT ref: 00007FFE11EC5FB6
CreateDirectoryA.KERNEL32 ref: 00007FFE11EC6027
GetLastError.KERNEL32 ref: 00007FFE11EC6031

Strings

fs_dir_create, xrefs: 00007FFE11EC5F0E, 00007FFE11EC5F42, 00007FFE11EC5FD9, 00007FFE11EC60FF, 00007FFE11EC6166
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11EC5F00
[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FFE11EC6106
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC5F15
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FFE11EC5F49
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu), xrefs: 00007FFE11EC5FE0
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FFE11EC616D
NULL, xrefs: 00007FFE11EC6157
(path != NULL), xrefs: 00007FFE11EC5F07

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strlen$CreateDirectoryErrorLast$strcpy
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
API String ID: 1104438493-1059260517
Opcode ID: 388fdc971c35c5c66298320583c07e34cd3b7c2f582f1aba419fafd61ed40875
Instruction ID: b00810e7b294dd3e9b1de03cb535212e717ef067157d85a2d52b567adcda7b26
Opcode Fuzzy Hash: 388fdc971c35c5c66298320583c07e34cd3b7c2f582f1aba419fafd61ed40875
Instruction Fuzzy Hash: B8717D11B0CE8381FB205B97EC413BB56A9AF88764F9411B2D90E167F6DE2DF885CB01

Function 00007FF7BACD309C Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF7BACD30BC
GetLastError.KERNEL32 ref: 00007FF7BACD31ED

Part of subcall function 00007FF7BACD1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7BACD162F), ref: 00007FF7BACD1FEE

strlen.MSVCRT ref: 00007FF7BACD310E
strlen.MSVCRT ref: 00007FF7BACD312A
_mbscat.MSVCRT ref: 00007FF7BACD3145
strlen.MSVCRT ref: 00007FF7BACD314D
strlen.MSVCRT ref: 00007FF7BACD3162
fopen.MSVCRT ref: 00007FF7BACD3185

Strings

[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FF7BACD31B2
Done, xrefs: 00007FF7BACD332A
main.log, xrefs: 00007FF7BACD316A
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FF7BACD32C4
debug_init, xrefs: 00007FF7BACD31AB, 00007FF7BACD31D0, 00007FF7BACD31F8, 00007FF7BACD32BD, 00007FF7BACD3331
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log, xrefs: 00007FF7BACD30EE, 00007FF7BACD3104, 00007FF7BACD313B, 00007FF7BACD3158, 00007FF7BACD31A4
[I] (%s) -> %s, xrefs: 00007FF7BACD3338
[E] (%s) -> Failed(err=%08x), xrefs: 00007FF7BACD31D7
service, xrefs: 00007FF7BACD309E
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FF7BACD31FF

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpin_mbscatfopen
String ID: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$main.log$service
API String ID: 3216678114-1460613360
Opcode ID: 806580b93aadc203eb73588eff232527fbb2f0bd67923d4f8ae07467998f43c7
Instruction ID: cbde110b28d26ee795f4fffd6b2bdc7541fff9f3713af320b80b93755e2de828
Opcode Fuzzy Hash: 806580b93aadc203eb73588eff232527fbb2f0bd67923d4f8ae07467998f43c7
Instruction Fuzzy Hash: 03515910A0C60391FA60775CA8882B8E250AF76744FC400F6CF9D5A3DEDF6CB9469361

Function 00007FF7BACD77A0 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 193stringCOMMON

Download Yara Rule

APIs

_mbscat.MSVCRT ref: 00007FF7BACD7920
strlen.MSVCRT ref: 00007FF7BACD79DE
_mbscpy.MSVCRT ref: 00007FF7BACD7A06
_mbscpy.MSVCRT ref: 00007FF7BACD7A5D
strlen.MSVCRT ref: 00007FF7BACD7A65
strlen.MSVCRT ref: 00007FF7BACD7A8F

Part of subcall function 00007FF7BACD5015: fopen.MSVCRT ref: 00007FF7BACD505A
Part of subcall function 00007FF7BACD5015: fseek.MSVCRT ref: 00007FF7BACD5079
Part of subcall function 00007FF7BACD5015: _errno.MSVCRT ref: 00007FF7BACD508D
Part of subcall function 00007FF7BACD5015: _errno.MSVCRT ref: 00007FF7BACD50A8

Strings

%TEMP%, xrefs: 00007FF7BACD7902
C:/Projects/rdp/bot/codebase/package.c, xrefs: 00007FF7BACD784A, 00007FF7BACD787A
package_unpack, xrefs: 00007FF7BACD7819, 00007FF7BACD7858, 00007FF7BACD7888, 00007FF7BACD7969, 00007FF7BACD7AB0, 00007FF7BACD7AD6
[E] (%s) -> Entry unpack failed(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u,err=%08x), xrefs: 00007FF7BACD7970
(package != NULL), xrefs: 00007FF7BACD7851
[E] (%s) -> Failed(package=%s,target=%s,err=%08x), xrefs: 00007FF7BACD7820
[I] (%s) -> Done(package=%s,target=%s), xrefs: 00007FF7BACD7ADD
NULL, xrefs: 00007FF7BACD7AEE, 00007FF7BACD7AFA
(target != NULL), xrefs: 00007FF7BACD7881
[I] (%s) -> Entry unpack done(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u), xrefs: 00007FF7BACD7AB7
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD785F, 00007FF7BACD788F

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: strlen$_errno_mbscpy$_mbscatfopenfseek
String ID: %TEMP%$(package != NULL)$(target != NULL)$C:/Projects/rdp/bot/codebase/package.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Entry unpack failed(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u,err=%08x)$[E] (%s) -> Failed(package=%s,target=%s,err=%08x)$[I] (%s) -> Done(package=%s,target=%s)$[I] (%s) -> Entry unpack done(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u)$package_unpack
API String ID: 3066828623-21863935
Opcode ID: 4e060256d15c7e919ae692f560fe0c26935cca38bca4517b55ebaffd7a87395a
Instruction ID: 3bb74a6cbcf9e248131cd362b0358edabc5260ae936852245cf3f912ac25967f
Opcode Fuzzy Hash: 4e060256d15c7e919ae692f560fe0c26935cca38bca4517b55ebaffd7a87395a
Instruction Fuzzy Hash: EC81916160874795FA10BF1CE8483A9E3A0AB6A384FD44071EF9D9B68DDF7CE605D720

Function 00007FF7BACD16E3 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 179stringmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7BACD1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7BACD162F), ref: 00007FF7BACD1FEE

strlen.MSVCRT ref: 00007FF7BACD1758
strlen.MSVCRT ref: 00007FF7BACD177A
_mbscpy.MSVCRT ref: 00007FF7BACD1796
strlen.MSVCRT ref: 00007FF7BACD179E
strlen.MSVCRT ref: 00007FF7BACD17B5
FreeLibrary.KERNEL32 ref: 00007FF7BACD17F1
GetProcessHeap.KERNEL32 ref: 00007FF7BACD18AD
HeapAlloc.KERNEL32 ref: 00007FF7BACD18C1
_mbscpy.MSVCRT ref: 00007FF7BACD18D6

Strings

units_init, xrefs: 00007FF7BACD189A, 00007FF7BACD1967, 00007FF7BACD19A8
unit_cleanup, xrefs: 00007FF7BACD1876
[I] (%s) -> Loaded(f_path=%s), xrefs: 00007FF7BACD18A1
mem_alloc, xrefs: 00007FF7BACD1908
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF7BACD190F
[I] (%s) -> Done(name=%s), xrefs: 00007FF7BACD19AF
[E] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FF7BACD196E
unit_init, xrefs: 00007FF7BACD185F

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: strlen$Heap_mbscpy$AllocFreeHandleLibraryModuleProcess
String ID: [E] (%s) -> Failed(name=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(name=%s)$[I] (%s) -> Loaded(f_path=%s)$mem_alloc$unit_cleanup$unit_init$units_init
API String ID: 548194777-214984806
Opcode ID: 6aa98b60b87720260012a02e692c52bcc889d8618c4132bbe0de95421e261512
Instruction ID: 1eb69167b4ac263110c3933be10092151fc146037718cf1f78fffaf2f8a2ac09
Opcode Fuzzy Hash: 6aa98b60b87720260012a02e692c52bcc889d8618c4132bbe0de95421e261512
Instruction Fuzzy Hash: CA815B21A0864395FA61BB19A4583B9E3A1AF66784FC450B2DF8D0779DDF3CF906C360

Function 00007FF7BACD68AF Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 199fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002BAD3D813D0,?,00007FF7BACE8500,00007FF7BACD1669), ref: 00007FF7BACD6907
LockFileEx.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002BAD3D813D0,?,00007FF7BACE8500,00007FF7BACD1669), ref: 00007FF7BACD6940
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002BAD3D813D0,?,00007FF7BACE8500,00007FF7BACD1669), ref: 00007FF7BACD6A15
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002BAD3D813D0,?,00007FF7BACE8500,00007FF7BACD1669), ref: 00007FF7BACD6AFA
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,service,000002BAD3D813D0,?,00007FF7BACE8500,00007FF7BACD1669), ref: 00007FF7BACD6C6E

Strings

(lock != NULL), xrefs: 00007FF7BACD69F1
fs_file_lock, xrefs: 00007FF7BACD6994, 00007FF7BACD69C8, 00007FF7BACD69F8, 00007FF7BACD6A23, 00007FF7BACD6B08, 00007FF7BACD6C8B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD69CF, 00007FF7BACD69FF
NULL, xrefs: 00007FF7BACD6C79
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7BACD69BA, 00007FF7BACD69EA
(path != NULL), xrefs: 00007FF7BACD69C1
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD699B
service, xrefs: 00007FF7BACD68B2
[E] (%s) -> LockFileEx failed(path=%s,gle=%lu), xrefs: 00007FF7BACD6B0F
[E] (%s) -> CreateFileA failed(path=%s,gle=%lu), xrefs: 00007FF7BACD6A2A
[I] (%s) -> Done(path=%s,lock=%p), xrefs: 00007FF7BACD6C92

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleLock
String ID: (lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock$service
API String ID: 2747014929-2960251455
Opcode ID: e0ef4c9546ce209838214ad7d84d2262a497ccc4cf0395369252b85571cb2afe
Instruction ID: 9b3c2ce68d529b772a6266f18cd8624e5742baf2b20a2b03cc4a5b8a413df8e6
Opcode Fuzzy Hash: e0ef4c9546ce209838214ad7d84d2262a497ccc4cf0395369252b85571cb2afe
Instruction Fuzzy Hash: F781432091C74B81FA30BB1CA458378B2509F76354F9446B2CFED066D9EE7DA985E322

Function 00007FFE126D433C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE126D4360
htonl.WS2_32 ref: 00007FFE126D43FC
htons.WS2_32 ref: 00007FFE126D440D
connect.WS2_32 ref: 00007FFE126D4426
WSAGetLastError.WS2_32 ref: 00007FFE126D444C
select.WS2_32 ref: 00007FFE126D44BC
WSAGetLastError.WS2_32 ref: 00007FFE126D44CC
WSAGetLastError.WS2_32 ref: 00007FFE126D450E

Part of subcall function 00007FFE126D3FD9: ioctlsocket.WS2_32 ref: 00007FFE126D3FFF

Part of subcall function 00007FFE126D3F24: setsockopt.WS2_32 ref: 00007FFE126D3F4C
Part of subcall function 00007FFE126D3F24: setsockopt.WS2_32 ref: 00007FFE126D3F78

WSAGetLastError.WS2_32 ref: 00007FFE126D453B

Strings

[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE126D44FD
[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE126D452A
tcp_connect, xrefs: 00007FFE126D43BD, 00007FFE126D44D8, 00007FFE126D44F6, 00007FFE126D4523, 00007FFE126D454C, 00007FFE126D4576
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE126D457D
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE126D4553
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126D44DF
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE126D43C4

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: fbff94c264d50f1a86d27a2dda819544e9a6fd6f171c1843e075d3ead4e5caed
Instruction ID: 7f8355a90df9a178fa8f2fc7592e8830fb45ffb32eb8ddca8f5c32516366e00b
Opcode Fuzzy Hash: fbff94c264d50f1a86d27a2dda819544e9a6fd6f171c1843e075d3ead4e5caed
Instruction Fuzzy Hash: 46519261A08E4E83EA209B17FC416BA7690EF84774F1403B5D9AE466F5DEFDE8058700

Function 00007FFE1150B00C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE1150B030
htonl.WS2_32 ref: 00007FFE1150B0CC
htons.WS2_32 ref: 00007FFE1150B0DD
connect.WS2_32 ref: 00007FFE1150B0F6
WSAGetLastError.WS2_32 ref: 00007FFE1150B11C
select.WS2_32 ref: 00007FFE1150B18C
WSAGetLastError.WS2_32 ref: 00007FFE1150B19C
WSAGetLastError.WS2_32 ref: 00007FFE1150B1DE

Part of subcall function 00007FFE1150ACA9: ioctlsocket.WS2_32 ref: 00007FFE1150ACCF

Part of subcall function 00007FFE1150ABF4: setsockopt.WS2_32 ref: 00007FFE1150AC1C
Part of subcall function 00007FFE1150ABF4: setsockopt.WS2_32 ref: 00007FFE1150AC48

WSAGetLastError.WS2_32 ref: 00007FFE1150B20B

Strings

[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1150B1FA
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE1150B094
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE1150B24D
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1150B1AF
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE1150B1CD
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1150B223
tcp_connect, xrefs: 00007FFE1150B08D, 00007FFE1150B1A8, 00007FFE1150B1C6, 00007FFE1150B1F3, 00007FFE1150B21C, 00007FFE1150B246

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: 85fe309330bad522897bd5eab4d8b0bcc446cc89911679206bac38ec5b9cf989
Instruction ID: b33e81ce788e27c05314779c1b74d0a24e9e3d5dc7a27a189d32465285a778e6
Opcode Fuzzy Hash: 85fe309330bad522897bd5eab4d8b0bcc446cc89911679206bac38ec5b9cf989
Instruction Fuzzy Hash: 3351DF21B0CE4282E7209FA7E8502BD7669AF857B4F0403BAE82D466F5DF7DE5058301

Function 00007FFE1322175C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE13221780
htonl.WS2_32 ref: 00007FFE1322181C
htons.WS2_32 ref: 00007FFE1322182D
connect.WS2_32 ref: 00007FFE13221846
WSAGetLastError.WS2_32 ref: 00007FFE1322186C
select.WS2_32 ref: 00007FFE132218DC
WSAGetLastError.WS2_32 ref: 00007FFE132218EC
WSAGetLastError.WS2_32 ref: 00007FFE1322192E

Part of subcall function 00007FFE132213F9: ioctlsocket.WS2_32 ref: 00007FFE1322141F

Part of subcall function 00007FFE13221344: setsockopt.WS2_32 ref: 00007FFE1322136C
Part of subcall function 00007FFE13221344: setsockopt.WS2_32 ref: 00007FFE13221398

WSAGetLastError.WS2_32 ref: 00007FFE1322195B

Strings

[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1322194A
tcp_connect, xrefs: 00007FFE132217DD, 00007FFE132218F8, 00007FFE13221916, 00007FFE13221943, 00007FFE1322196C, 00007FFE13221996
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE132218FF
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE132217E4
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE13221973
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE1322199D
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE1322191D

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: 3a02b0645d0fc3815985ff98e612554857fcd5d65f34fcb0896d69c42ade57f5
Instruction ID: e6c1bb8f372111b2c05a322643ee3a0c793a5b2f94078057e1e6ff113dc71f50
Opcode Fuzzy Hash: 3a02b0645d0fc3815985ff98e612554857fcd5d65f34fcb0896d69c42ade57f5
Instruction Fuzzy Hash: 4951B029A0CE4289F7207B27BC00679A690AFE5B74F2403B5E92D666F1DE7DF505C700

Function 00007FFE10245A8C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE10245AB0
htonl.WS2_32 ref: 00007FFE10245B4C
htons.WS2_32 ref: 00007FFE10245B5D
connect.WS2_32 ref: 00007FFE10245B76
WSAGetLastError.WS2_32 ref: 00007FFE10245B9C
select.WS2_32 ref: 00007FFE10245C0C
WSAGetLastError.WS2_32 ref: 00007FFE10245C1C
WSAGetLastError.WS2_32 ref: 00007FFE10245C5E

Part of subcall function 00007FFE10245729: ioctlsocket.WS2_32 ref: 00007FFE1024574F

Part of subcall function 00007FFE10245674: setsockopt.WS2_32 ref: 00007FFE1024569C
Part of subcall function 00007FFE10245674: setsockopt.WS2_32 ref: 00007FFE102456C8

WSAGetLastError.WS2_32 ref: 00007FFE10245C8B

Strings

[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE10245CA3
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE10245B14
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE10245CCD
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE10245C2F
[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE10245C7A
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE10245C4D
tcp_connect, xrefs: 00007FFE10245B0D, 00007FFE10245C28, 00007FFE10245C46, 00007FFE10245C73, 00007FFE10245C9C, 00007FFE10245CC6

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: 58c477ab2743a02f25a3061b18a7333f5a1808f8a51df808fc2496d176c81ab2
Instruction ID: 7d1c56fefc2b9be82617894070405896701c17857ddfb03b819284c3e929a554
Opcode Fuzzy Hash: 58c477ab2743a02f25a3061b18a7333f5a1808f8a51df808fc2496d176c81ab2
Instruction Fuzzy Hash: 4B51B461A08E6281E6244B16E8442BA7A51AFC4774F4403B5EBAD87BF7EE7CE545C700

Function 00007FFE11EC20FC Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE11EC2120
htonl.WS2_32 ref: 00007FFE11EC21BC
htons.WS2_32 ref: 00007FFE11EC21CD
connect.WS2_32 ref: 00007FFE11EC21E6
WSAGetLastError.WS2_32 ref: 00007FFE11EC220C
select.WS2_32 ref: 00007FFE11EC227C
WSAGetLastError.WS2_32 ref: 00007FFE11EC228C
WSAGetLastError.WS2_32 ref: 00007FFE11EC22CE

Part of subcall function 00007FFE11EC1D99: ioctlsocket.WS2_32 ref: 00007FFE11EC1DBF

Part of subcall function 00007FFE11EC1CE4: setsockopt.WS2_32 ref: 00007FFE11EC1D0C
Part of subcall function 00007FFE11EC1CE4: setsockopt.WS2_32 ref: 00007FFE11EC1D38

WSAGetLastError.WS2_32 ref: 00007FFE11EC22FB

Strings

[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE11EC22EA
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE11EC233D
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE11EC2313
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE11EC22BD
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE11EC2184
tcp_connect, xrefs: 00007FFE11EC217D, 00007FFE11EC2298, 00007FFE11EC22B6, 00007FFE11EC22E3, 00007FFE11EC230C, 00007FFE11EC2336
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE11EC229F

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: 00be52f98493886c70a6fc4778f049fbd0ac6de21f4713c6c0349c451989cf9d
Instruction ID: a4e8e206fae03f077d5d12388a7947ced50ab9c0a54502c878204bcedc588274
Opcode Fuzzy Hash: 00be52f98493886c70a6fc4778f049fbd0ac6de21f4713c6c0349c451989cf9d
Instruction Fuzzy Hash: 5251C465A0CE8381EB209B96EC013BFA698EF84770F941376E92E466F5DE3DF4058301

Function 00007FFE126D2BC8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE126D2BE3
CreateThread.KERNEL32 ref: 00007FFE126D2C23
GetLastError.KERNEL32 ref: 00007FFE126D2C6B
GetLastError.KERNEL32 ref: 00007FFE126D2D43

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> %s, xrefs: 00007FFE126D2E4A
, xrefs: 00007FFE126D2D61
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE126D2C57
Done, xrefs: 00007FFE126D2E3C
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE126D2D55
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE126D2C7D
ebus_init, xrefs: 00007FFE126D2C50, 00007FFE126D2C76, 00007FFE126D2D4E, 00007FFE126D2E43
P, xrefs: 00007FFE126D2CF2
, xrefs: 00007FFE126D2C89
~, xrefs: 00007FFE126D2CE9
P, xrefs: 00007FFE126D2DBB
~, xrefs: 00007FFE126D2DB6

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: 0d3d345b92d57715ffb7629bc92dc0b7791e0b502c44b520db891954b542ce77
Instruction ID: 6b21a050c57bc4811038574912a834dd521f02fc28f1d4a8c287a2bc498d8f0d
Opcode Fuzzy Hash: 0d3d345b92d57715ffb7629bc92dc0b7791e0b502c44b520db891954b542ce77
Instruction Fuzzy Hash: DD51F960A0CF4FC3FB648716ACC43792251AF18375F2407B6C5AE062F6DEED79899251

Function 00007FFE1150A7B8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1150A7D3
CreateThread.KERNEL32 ref: 00007FFE1150A813
GetLastError.KERNEL32 ref: 00007FFE1150A85B
GetLastError.KERNEL32 ref: 00007FFE1150A933

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

~, xrefs: 00007FFE1150A8D9
ebus_init, xrefs: 00007FFE1150A840, 00007FFE1150A866, 00007FFE1150A93E, 00007FFE1150AA33
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE1150A945
, xrefs: 00007FFE1150A879
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE1150A86D
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1150A847
Done, xrefs: 00007FFE1150AA2C
P, xrefs: 00007FFE1150A9AB
P, xrefs: 00007FFE1150A8E2
[I] (%s) -> %s, xrefs: 00007FFE1150AA3A
~, xrefs: 00007FFE1150A9A6
, xrefs: 00007FFE1150A951

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: 16bc6f95adb63556d6d9dd7628c5118d99aff38ef0e314d2a351385bf1973825
Instruction ID: 2360eb2ab99108f82431dfa9f6733f8ad39002f6f19093a6ba77ca6d935d778e
Opcode Fuzzy Hash: 16bc6f95adb63556d6d9dd7628c5118d99aff38ef0e314d2a351385bf1973825
Instruction Fuzzy Hash: FD513B21F0CF4392FB314796A4C437D22999F05335F6447BAC56E062F1EF6DAA86C242

Function 00007FFE132264F8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE13226513
CreateThread.KERNEL32 ref: 00007FFE13226553
GetLastError.KERNEL32 ref: 00007FFE1322659B
GetLastError.KERNEL32 ref: 00007FFE13226673

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

, xrefs: 00007FFE132265B9
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE13226587
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE132265AD
Done, xrefs: 00007FFE1322676C
, xrefs: 00007FFE13226691
~, xrefs: 00007FFE132266E6
ebus_init, xrefs: 00007FFE13226580, 00007FFE132265A6, 00007FFE1322667E, 00007FFE13226773
P, xrefs: 00007FFE13226622
[I] (%s) -> %s, xrefs: 00007FFE1322677A
P, xrefs: 00007FFE132266EB
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE13226685
~, xrefs: 00007FFE13226619

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: 4c63b5f3d359f2261d39e7ba9d5db9643061a5a5867b9a114e724cbc38ab18fd
Instruction ID: aa7c457c3337609ad05a750ba808d5ff003cf6b411e0d6d0bd02475766008425
Opcode Fuzzy Hash: 4c63b5f3d359f2261d39e7ba9d5db9643061a5a5867b9a114e724cbc38ab18fd
Instruction Fuzzy Hash: E951EB62E0CF038DF6307716BDC43B862909FB8774F2442B6C56E262F5DEADA995C241

Function 00007FFE102417F8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE10241813
CreateThread.KERNEL32 ref: 00007FFE10241853
GetLastError.KERNEL32 ref: 00007FFE1024189B
GetLastError.KERNEL32 ref: 00007FFE10241973

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

P, xrefs: 00007FFE10241922
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE10241985
[I] (%s) -> %s, xrefs: 00007FFE10241A7A
~, xrefs: 00007FFE10241919
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE10241887
, xrefs: 00007FFE10241991
~, xrefs: 00007FFE102419E6
P, xrefs: 00007FFE102419EB
ebus_init, xrefs: 00007FFE10241880, 00007FFE102418A6, 00007FFE1024197E, 00007FFE10241A73
Done, xrefs: 00007FFE10241A6C
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE102418AD
, xrefs: 00007FFE102418B9

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: 583c772d6c2aa44c00a4b912cfb21b533add25f1d60aa2102540b12dac15f462
Instruction ID: bdd344edf036c5772995a3795d9121fb4832f8ecab7be9ccf729e2db5d7fedff
Opcode Fuzzy Hash: 583c772d6c2aa44c00a4b912cfb21b533add25f1d60aa2102540b12dac15f462
Instruction Fuzzy Hash: 9651E560F0DF03C2F6205B16A8843B96A509F89374F3457B6C76E863F3EE6DA985D205

Function 00007FFE11EC17F8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11EC1813
CreateThread.KERNEL32 ref: 00007FFE11EC1853
GetLastError.KERNEL32 ref: 00007FFE11EC189B
GetLastError.KERNEL32 ref: 00007FFE11EC1973

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

P, xrefs: 00007FFE11EC19EB
P, xrefs: 00007FFE11EC1922
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11EC1887
~, xrefs: 00007FFE11EC1919
~, xrefs: 00007FFE11EC19E6
, xrefs: 00007FFE11EC18B9
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE11EC18AD
[I] (%s) -> %s, xrefs: 00007FFE11EC1A7A
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE11EC1985
ebus_init, xrefs: 00007FFE11EC1880, 00007FFE11EC18A6, 00007FFE11EC197E, 00007FFE11EC1A73
Done, xrefs: 00007FFE11EC1A6C
, xrefs: 00007FFE11EC1991

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: a4765926d0bec962e3b64301d7cbedd34045c1c1f3eb295a71ea3bfcd381612a
Instruction ID: 29962f0adcd3e2c513f443755b1ba9e76e63a906b51857df36bc60fec2b21b6d
Opcode Fuzzy Hash: a4765926d0bec962e3b64301d7cbedd34045c1c1f3eb295a71ea3bfcd381612a
Instruction Fuzzy Hash: 07513A61E0CF03C2FB2047DAAC803BB62999F05374FA453B6D56E462F5DE6DF8859281

Function 00007FF7BACD9292 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF7BACD92EC
RegQueryValueExA.KERNEL32 ref: 00007FF7BACD9434

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD9367, 00007FF7BACD939A, 00007FF7BACD93CD, 00007FF7BACD9400
(value_sz != NULL), xrefs: 00007FF7BACD93F2
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FF7BACD9462
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FF7BACD9352, 00007FF7BACD9385, 00007FF7BACD93B8, 00007FF7BACD93EB
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7BACD972B
(value != NULL), xrefs: 00007FF7BACD93BF
(key != NULL), xrefs: 00007FF7BACD938C
(root != NULL), xrefs: 00007FF7BACD9359
NULL, xrefs: 00007FF7BACD948E, 00007FF7BACD973C, 00007FF7BACD9748
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FF7BACD930E
registry_get_value, xrefs: 00007FF7BACD9307, 00007FF7BACD9360, 00007FF7BACD9393, 00007FF7BACD93C6, 00007FF7BACD93F9, 00007FF7BACD945B, 00007FF7BACD95A6, 00007FF7BACD9724
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7BACD95AD

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: (key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-910542497
Opcode ID: 652f1f39b9fc6d1d86e7ebec04d142c7ff3a41bee9e90e04d25363eb51b2c210
Instruction ID: fb4fd6ca49f85d2e19a8f99524a8bc42fbe34cb2f892c656a5fa436c75fed44d
Opcode Fuzzy Hash: 652f1f39b9fc6d1d86e7ebec04d142c7ff3a41bee9e90e04d25363eb51b2c210
Instruction Fuzzy Hash: F9A1216890C74B91FA70BF4CA44837CA254AB32744FC402B2DF9E46F99EE6DF9459321

Function 00007FFE1A4535A3 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 134memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE1A45368E
HeapAlloc.KERNEL32 ref: 00007FFE1A4536A2
CreateThread.KERNEL32 ref: 00007FFE1A4536E4
EnterCriticalSection.KERNEL32 ref: 00007FFE1A4536FA
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A453721
GetLastError.KERNEL32 ref: 00007FFE1A453771
GetProcessHeap.KERNEL32 ref: 00007FFE1A4537A2
HeapFree.KERNEL32 ref: 00007FFE1A4537B3

Strings

mem_alloc, xrefs: 00007FFE1A453749
[I] (%s) -> Server ready(ssock=0x%llx), xrefs: 00007FFE1A4535D5
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1A453750
[E] (%s) -> CreateThread(routine_rx) failed(client=0x%llx,gle=%lu), xrefs: 00007FFE1A453785
[I] (%s) -> Client accepted(client=0x%llx), xrefs: 00007FFE1A453732
routine_accept, xrefs: 00007FFE1A4535CE, 00007FFE1A45372B, 00007FFE1A45377E

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: Heap$CriticalProcessSection$AllocCreateEnterErrorFreeLastLeaveThread
String ID: [E] (%s) -> CreateThread(routine_rx) failed(client=0x%llx,gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Client accepted(client=0x%llx)$[I] (%s) -> Server ready(ssock=0x%llx)$mem_alloc$routine_accept
API String ID: 871770459-375624272
Opcode ID: d451663e41dabee467c87c723cfd067be25501a0a92c9c864de93dd7d3f51d57
Instruction ID: c63b40c5ab1b70d500872347372b7709c3443850aed86b184ad29b1510bee773
Opcode Fuzzy Hash: d451663e41dabee467c87c723cfd067be25501a0a92c9c864de93dd7d3f51d57
Instruction Fuzzy Hash: FB51FCA0B09E0241FA54AB17A8243B92260AF55FB4F1443F7D93E477F1EE7CB8668341

Function 00007FFE102471AF Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32 ref: 00007FFE10246E28
wcsncpy.MSVCRT ref: 00007FFE10246E56
LookupAccountNameW.ADVAPI32 ref: 00007FFE10246EB3
GetLastError.KERNEL32 ref: 00007FFE10246EC5
wcslen.MSVCRT ref: 00007FFE10247247
GetProcessHeap.KERNEL32 ref: 00007FFE10247257
HeapAlloc.KERNEL32 ref: 00007FFE10247268
GetProcessHeap.KERNEL32 ref: 00007FFE10247284
HeapAlloc.KERNEL32 ref: 00007FFE10247295
NetApiBufferFree.NETAPI32 ref: 00007FFE102472D3
NetUserEnum.NETAPI32 ref: 00007FFE10247349
GetProcessHeap.KERNEL32 ref: 00007FFE10247387
HeapAlloc.KERNEL32 ref: 00007FFE10247398
memcpy.MSVCRT ref: 00007FFE102473D5
GetProcessHeap.KERNEL32 ref: 00007FFE102473DA
HeapFree.KERNEL32 ref: 00007FFE102473EB

Strings

[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE10246ED7
D, xrefs: 00007FFE10246E45
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE102472B2
mem_alloc, xrefs: 00007FFE102472AB
users_sync, xrefs: 00007FFE10246ED0

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
API String ID: 2122475568-588975189
Opcode ID: 54a7b86a98f000bcfd33f2828802400fe62b6061ee7e6fb4c2b4e7f4368a0eca
Instruction ID: 2ef76d722202e0785721c732daf3e41f8c52b92253da30260e6e60f55bf58e04
Opcode Fuzzy Hash: 54a7b86a98f000bcfd33f2828802400fe62b6061ee7e6fb4c2b4e7f4368a0eca
Instruction Fuzzy Hash: 8D513D76A08E42C6EB60CF16E4443697BA1FB88B64F004076DB4D83369EF7CE815C700

Function 00007FFE102471A1 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32 ref: 00007FFE10246E28
wcsncpy.MSVCRT ref: 00007FFE10246E56
LookupAccountNameW.ADVAPI32 ref: 00007FFE10246EB3
GetLastError.KERNEL32 ref: 00007FFE10246EC5
wcslen.MSVCRT ref: 00007FFE10247247
GetProcessHeap.KERNEL32 ref: 00007FFE10247257
HeapAlloc.KERNEL32 ref: 00007FFE10247268
GetProcessHeap.KERNEL32 ref: 00007FFE10247284
HeapAlloc.KERNEL32 ref: 00007FFE10247295
NetApiBufferFree.NETAPI32 ref: 00007FFE102472D3
NetUserEnum.NETAPI32 ref: 00007FFE10247349
GetProcessHeap.KERNEL32 ref: 00007FFE10247387
HeapAlloc.KERNEL32 ref: 00007FFE10247398
memcpy.MSVCRT ref: 00007FFE102473D5
GetProcessHeap.KERNEL32 ref: 00007FFE102473DA
HeapFree.KERNEL32 ref: 00007FFE102473EB

Strings

[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE10246ED7
D, xrefs: 00007FFE10246E45
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE102472B2
mem_alloc, xrefs: 00007FFE102472AB
users_sync, xrefs: 00007FFE10246ED0

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
API String ID: 2122475568-588975189
Opcode ID: 7f593288dc07a425f65f6d7b267199539c6d78595fae3d034de1260608a3864d
Instruction ID: f1bdad696df931a0b0bc584168385b052e2fbb01c4c708d6217628b101bf7c20
Opcode Fuzzy Hash: 7f593288dc07a425f65f6d7b267199539c6d78595fae3d034de1260608a3864d
Instruction Fuzzy Hash: 2C513D76A08E42C6EB60CF16E4443697BA1FB88B64F004076DB4D83369EF7CE815C700

Function 00007FFE102471A8 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32 ref: 00007FFE10246E28
wcsncpy.MSVCRT ref: 00007FFE10246E56
LookupAccountNameW.ADVAPI32 ref: 00007FFE10246EB3
GetLastError.KERNEL32 ref: 00007FFE10246EC5
wcslen.MSVCRT ref: 00007FFE10247247
GetProcessHeap.KERNEL32 ref: 00007FFE10247257
HeapAlloc.KERNEL32 ref: 00007FFE10247268
GetProcessHeap.KERNEL32 ref: 00007FFE10247284
HeapAlloc.KERNEL32 ref: 00007FFE10247295
NetApiBufferFree.NETAPI32 ref: 00007FFE102472D3
NetUserEnum.NETAPI32 ref: 00007FFE10247349
GetProcessHeap.KERNEL32 ref: 00007FFE10247387
HeapAlloc.KERNEL32 ref: 00007FFE10247398
memcpy.MSVCRT ref: 00007FFE102473D5
GetProcessHeap.KERNEL32 ref: 00007FFE102473DA
HeapFree.KERNEL32 ref: 00007FFE102473EB

Strings

[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE10246ED7
D, xrefs: 00007FFE10246E45
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE102472B2
mem_alloc, xrefs: 00007FFE102472AB
users_sync, xrefs: 00007FFE10246ED0

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
API String ID: 2122475568-588975189
Opcode ID: 6bf7cd5875f3512d5a2b98bef802aba34ee915af7b591b1d33da1dc4fe37d457
Instruction ID: 419819cc74c852edcea57afa8ebd91856639fdec5c70bffb8d4a48172c9d166c
Opcode Fuzzy Hash: 6bf7cd5875f3512d5a2b98bef802aba34ee915af7b591b1d33da1dc4fe37d457
Instruction Fuzzy Hash: 08511D76A08E42C6EB60CF16E4443697BA1FB89B64F444175DB4D8336AEF7CE815C740

Function 00007FFE102471C4 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32 ref: 00007FFE10246E28
wcsncpy.MSVCRT ref: 00007FFE10246E56
LookupAccountNameW.ADVAPI32 ref: 00007FFE10246EB3
GetLastError.KERNEL32 ref: 00007FFE10246EC5
wcslen.MSVCRT ref: 00007FFE10247247
GetProcessHeap.KERNEL32 ref: 00007FFE10247257
HeapAlloc.KERNEL32 ref: 00007FFE10247268
GetProcessHeap.KERNEL32 ref: 00007FFE10247284
HeapAlloc.KERNEL32 ref: 00007FFE10247295
NetApiBufferFree.NETAPI32 ref: 00007FFE102472D3
NetUserEnum.NETAPI32 ref: 00007FFE10247349
GetProcessHeap.KERNEL32 ref: 00007FFE10247387
HeapAlloc.KERNEL32 ref: 00007FFE10247398
memcpy.MSVCRT ref: 00007FFE102473D5
GetProcessHeap.KERNEL32 ref: 00007FFE102473DA
HeapFree.KERNEL32 ref: 00007FFE102473EB

Strings

[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE10246ED7
D, xrefs: 00007FFE10246E45
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE102472B2
mem_alloc, xrefs: 00007FFE102472AB
users_sync, xrefs: 00007FFE10246ED0

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
API String ID: 2122475568-588975189
Opcode ID: 3fd3404b939de57ddb90f7a22bc993c0f7acd5cce79066ccac611f04a2d12c47
Instruction ID: 064999778a0f1ddb5dffcfd624c1083146a8fb8e8e99a97ee80a3df1ae30c00d
Opcode Fuzzy Hash: 3fd3404b939de57ddb90f7a22bc993c0f7acd5cce79066ccac611f04a2d12c47
Instruction Fuzzy Hash: BB511D76A08E42C6EB60CF16E4443697BA1FB89B64F444175DB4D83369EF7CE815C740

Function 00007FFE11508B63 Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 94COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11508B74
OpenSCManagerA.ADVAPI32 ref: 00007FFE11508B9E
GetLastError.KERNEL32 ref: 00007FFE11508BE6
GetLastError.KERNEL32 ref: 00007FFE11508CBE

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

Done, xrefs: 00007FFE11508CEE
[E] (%s) -> OpenSCManagerA(SERVICES_ACTIVE_DATABASE) failed(gle=%lu), xrefs: 00007FFE11508CCE
, xrefs: 00007FFE11508C04
[I] (%s) -> %s, xrefs: 00007FFE11508CFC
~, xrefs: 00007FFE11508C64
P, xrefs: 00007FFE11508C6D
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_scm) failed(gle=%lu), xrefs: 00007FFE11508BF8
ServicesActive, xrefs: 00007FFE11508B92
scm_init, xrefs: 00007FFE11508BCB, 00007FFE11508BF1, 00007FFE11508CC7, 00007FFE11508CF5
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11508BD2

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLast$CountCriticalInitializeManagerOpenSectionSpinfflushfwrite
String ID: $Done$P$ServicesActive$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_scm) failed(gle=%lu)$[E] (%s) -> OpenSCManagerA(SERVICES_ACTIVE_DATABASE) failed(gle=%lu)$[I] (%s) -> %s$scm_init$~
API String ID: 546114577-3142219161
Opcode ID: f56fc1782bac19320c22608419659dee0f339a9110204879ad83665987f711c4
Instruction ID: 1798c34a28dcc00e7144b094aa6727eebdfaf3129ba890f0cba47499f04b13b0
Opcode Fuzzy Hash: f56fc1782bac19320c22608419659dee0f339a9110204879ad83665987f711c4
Instruction Fuzzy Hash: E941FA61F0CF0792FB605797E4C1B7C226DAF15374F5415FAC90E4A2B2AE5DA9888302

Function 00007FFE1A453390 Relevance: 24.1, APIs: 10, Strings: 6, Instructions: 101memorysleepCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE1A45345C
HeapFree.KERNEL32 ref: 00007FFE1A45346D
EnterCriticalSection.KERNEL32 ref: 00007FFE1A453491
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A4534B4
EnterCriticalSection.KERNEL32 ref: 00007FFE1A453521
Sleep.KERNEL32 ref: 00007FFE1A453540
EnterCriticalSection.KERNEL32 ref: 00007FFE1A453552
GetProcessHeap.KERNEL32 ref: 00007FFE1A453570
HeapFree.KERNEL32 ref: 00007FFE1A453581
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A453590

Strings

, xrefs: 00007FFE1A4533A5
--TSCB--, xrefs: 00007FFE1A4533C4
[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FFE1A45350E
-VRSTVE-, xrefs: 00007FFE1A4533B5
routine_tx, xrefs: 00007FFE1A453507
KCIT, xrefs: 00007FFE1A4533AD

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: CriticalSection$Heap$Enter$FreeLeaveProcess$Sleep
String ID: $--TSCB--$-VRSTVE-$KCIT$[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
API String ID: 610085118-1825955162
Opcode ID: 166d59042168f0a7efe1bdf5a62cee1bbef3ee65b4c9840a769aaa8e801ae9a5
Instruction ID: 849cf90c03414411fd993825eac9f55d739a464361b46ccb49b33ba1f5862a8a
Opcode Fuzzy Hash: 166d59042168f0a7efe1bdf5a62cee1bbef3ee65b4c9840a769aaa8e801ae9a5
Instruction Fuzzy Hash: 7F5128A1B49E8682F6169B06E8542B96370EF84FA4F1051F6DA6E43774DF3CF4628340

Function 00007FF7BACD71B6 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 154COMMON

Download Yara Rule

APIs

ExpandEnvironmentStringsA.KERNEL32 ref: 00007FF7BACD71EA

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

GetLastError.KERNEL32 ref: 00007FF7BACD7349

Strings

[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu), xrefs: 00007FF7BACD7225
[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu), xrefs: 00007FF7BACD735E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD7258, 00007FF7BACD728B, 00007FF7BACD72BB, 00007FF7BACD72EB
((*xpath_sz) > 0), xrefs: 00007FF7BACD72DD
(xpath != NULL), xrefs: 00007FF7BACD727D
[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu), xrefs: 00007FF7BACD742B
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7BACD7243, 00007FF7BACD7276, 00007FF7BACD72A6, 00007FF7BACD72D6
[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x), xrefs: 00007FF7BACD731D
(path != NULL), xrefs: 00007FF7BACD724A
fs_path_expand, xrefs: 00007FF7BACD721E, 00007FF7BACD7251, 00007FF7BACD7284, 00007FF7BACD72B4, 00007FF7BACD72E4, 00007FF7BACD7316, 00007FF7BACD7357, 00007FF7BACD7424
(xpath_sz != NULL), xrefs: 00007FF7BACD72AD

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: EnvironmentErrorExpandLastStringsfflushfwrite
String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
API String ID: 1721699506-2819899730
Opcode ID: 888729eddf9796bfe1fb3d6082617d67f92a44ebe7c812a334a5a82067b18351
Instruction ID: 9528ff39a63cd47de1606724e4a4f5825e914f31f732da87735306c41408ce1a
Opcode Fuzzy Hash: 888729eddf9796bfe1fb3d6082617d67f92a44ebe7c812a334a5a82067b18351
Instruction Fuzzy Hash: 43618421A0C58795FA207B4CE8083B8E291AB76348FE540B3DF9D4799CDE3CF9859321

Function 00007FFE11506F2B Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 132stringtimeCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE11506F93
strlen.MSVCRT ref: 00007FFE11506FB5
strlen.MSVCRT ref: 00007FFE11506FC9
strlen.MSVCRT ref: 00007FFE1150703F
strlen.MSVCRT ref: 00007FFE1150705B
strlen.MSVCRT ref: 00007FFE1150706C
CompareFileTime.KERNEL32 ref: 00007FFE115070BE

Part of subcall function 00007FFE11508B2C: EnterCriticalSection.KERNEL32 ref: 00007FFE11508B37

Strings

%ProgramFiles%\RDP\, xrefs: 00007FFE11507021
v32.ini, xrefs: 00007FFE11506FDE
termsrv3, xrefs: 00007FFE11506FD1
v32.ini, xrefs: 00007FFE11507081
TermService, xrefs: 00007FFE1150711D
termsrv3, xrefs: 00007FFE11507074

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: strlen$CompareCriticalEnterFileSectionTime
String ID: %ProgramFiles%\RDP\$TermService$termsrv3$termsrv3$v32.ini$v32.ini
API String ID: 3718746087-844192579
Opcode ID: 6fa1ead858abed257b2c38d5e728982964472102b0d536e4fd6da525e34caaab
Instruction ID: 76c22f4145cfc476a6cdc50a298ebe6a9a20797b1736faea5949e6ee6d64f8ee
Opcode Fuzzy Hash: 6fa1ead858abed257b2c38d5e728982964472102b0d536e4fd6da525e34caaab
Instruction Fuzzy Hash: CB511811B0CF8381FB219BA3A5903FE56999F857E4F4800B9DA4D4B7FADE2CE9058750

Function 00007FFE1A453987 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 85memorysynchronizationsleepCOMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32 ref: 00007FFE1A4539BE
WaitForSingleObject.KERNEL32 ref: 00007FFE1A4539ED
GetProcessHeap.KERNEL32 ref: 00007FFE1A453A09
HeapFree.KERNEL32 ref: 00007FFE1A453A1A
EnterCriticalSection.KERNEL32 ref: 00007FFE1A453A31
Sleep.KERNEL32 ref: 00007FFE1A453A6F
EnterCriticalSection.KERNEL32 ref: 00007FFE1A453A7E
WaitForSingleObject.KERNEL32 ref: 00007FFE1A453AAA
GetProcessHeap.KERNEL32 ref: 00007FFE1A453AC6
HeapFree.KERNEL32 ref: 00007FFE1A453AD7
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A453AE6

Strings

[I] (%s) -> Client gone(client=0x%llx), xrefs: 00007FFE1A4539D8
routine_gc, xrefs: 00007FFE1A4539D1

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: CriticalHeapSection$EnterFreeLeaveObjectProcessSingleWait$Sleep
String ID: [I] (%s) -> Client gone(client=0x%llx)$routine_gc
API String ID: 2654219296-2700516951
Opcode ID: a7a3092cfa429e479cb0c84a87704b60a1abc0a131c3da2467e75d6fc481c899
Instruction ID: 44d3879aed27afe13a77100e7ccb27a7dbfd38de4d7b7193276f4b434a0541fc
Opcode Fuzzy Hash: a7a3092cfa429e479cb0c84a87704b60a1abc0a131c3da2467e75d6fc481c899
Instruction Fuzzy Hash: 5C41D8A1B09E4682FA55AF12D86027433A0AF58F78F1806F7C92E473F4DF7CE8658251

Function 00007FFE1322B537 Relevance: 21.2, APIs: 4, Strings: 10, Instructions: 181stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE1322B5CA

Part of subcall function 00007FFE1322AB76: strcmp.MSVCRT ref: 00007FFE1322ABBE

strlen.MSVCRT ref: 00007FFE1322B6F0
strcpy.MSVCRT ref: 00007FFE1322B717
strcpy.MSVCRT ref: 00007FFE1322B7B6

Strings

TRANSIENT, xrefs: 00007FFE1322B6BA
STATUS, xrefs: 00007FFE1322B679
NAMING, xrefs: 00007FFE1322B762
SESSION, xrefs: 00007FFE1322B680
RESULT, xrefs: 00007FFE1322B672, 00007FFE1322B754
VALUE, xrefs: 00007FFE1322B77F
REPLY, xrefs: 00007FFE1322B75B
NAMING LOOKUP NAME=ME, xrefs: 00007FFE1322B727
SESSION CREATE STYLE=STREAM ID=%s DESTINATION=%s SIGNATURE_TYPE=%s %s %s, xrefs: 00007FFE1322B63E
DESTINATION, xrefs: 00007FFE1322B6D2

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: strcpystrlen$strcmp
String ID: DESTINATION$NAMING$NAMING LOOKUP NAME=ME$REPLY$RESULT$SESSION$SESSION CREATE STYLE=STREAM ID=%s DESTINATION=%s SIGNATURE_TYPE=%s %s %s$STATUS$TRANSIENT$VALUE
API String ID: 245486318-5999096
Opcode ID: 92f053ff300a285c9ff08484fbff36539a15897fe572236fc635f002e3f1a039
Instruction ID: ff3644af5cca88f900ab4a7f7603609a6f8d6dfe530b4087b606c0210ec28562
Opcode Fuzzy Hash: 92f053ff300a285c9ff08484fbff36539a15897fe572236fc635f002e3f1a039
Instruction Fuzzy Hash: DA717B22E0EE4689FA34AA27AD103B91250AFA57B4F5403B1DD6D3B7F5DE7CA805C241

Function 00007FF7BACD1B75 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 118registryCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerA.ADVAPI32 ref: 00007FF7BACD1BF2
GetLastError.KERNEL32 ref: 00007FF7BACD1C25

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

Service running, xrefs: 00007FF7BACD1D18
[E] (%s) -> RegisterServiceCtrlHandler failed(GetLastError=%lu), xrefs: 00007FF7BACD1C37
~, xrefs: 00007FF7BACD1C7F
, xrefs: 00007FF7BACD1C43
Service stopping, xrefs: 00007FF7BACD1D48
[I] (%s) -> %s, xrefs: 00007FF7BACD1D26, 00007FF7BACD1D56
RDP-Controller, xrefs: 00007FF7BACD1BEB
P, xrefs: 00007FF7BACD1C88
svc_main, xrefs: 00007FF7BACD1C30, 00007FF7BACD1D1F, 00007FF7BACD1D4F

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: CtrlErrorHandlerLastRegisterServicefflushfwrite
String ID: $P$RDP-Controller$Service running$Service stopping$[E] (%s) -> RegisterServiceCtrlHandler failed(GetLastError=%lu)$[I] (%s) -> %s$svc_main$~
API String ID: 3562457520-1478336053
Opcode ID: ff3701bf76a7f736c7c8bbc0a00331e4bc82fb3c2cc5cc884ae150488136f5bc
Instruction ID: 3874caec4fb566c71a85d13941cb5c7431e05dff84e3667185f1bfaff31b2bf4
Opcode Fuzzy Hash: ff3701bf76a7f736c7c8bbc0a00331e4bc82fb3c2cc5cc884ae150488136f5bc
Instruction Fuzzy Hash: 40512350A0C607A2FA607B9C948C3B8E1809F37755FD021B7DF8E0A5DEDE1DB9859271

Function 00007FFE1322B000 Relevance: 21.1, APIs: 9, Strings: 5, Instructions: 94memorystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE1322B047
HeapReAlloc.KERNEL32 ref: 00007FFE1322B05B
strlen.MSVCRT ref: 00007FFE1322B0AD
GetProcessHeap.KERNEL32 ref: 00007FFE1322B0D0
HeapFree.KERNEL32 ref: 00007FFE1322B0E1
GetProcessHeap.KERNEL32 ref: 00007FFE1322B0F5
HeapAlloc.KERNEL32 ref: 00007FFE1322B106

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

GetProcessHeap.KERNEL32 ref: 00007FFE1322B148
HeapFree.KERNEL32 ref: 00007FFE1322B159

Strings

sam3_send_req, xrefs: 00007FFE1322B097
[D] (%s) -> %s, xrefs: 00007FFE1322B09E
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1322B11F, 00007FFE1322B137
mem_alloc, xrefs: 00007FFE1322B118
mem_realloc, xrefs: 00007FFE1322B130

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Heap$Process$AllocFree$fflushfwritestrlen
String ID: [D] (%s) -> %s$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$mem_realloc$sam3_send_req
API String ID: 1135201459-1870638116
Opcode ID: 8a58ce669b0104294b344b86f13099723c98185ab674a1d19de8f1b9eb60847a
Instruction ID: 5bacc307de695deac08a4f3f6d5927782e2e3e5f595197e586e3a1ee1f99b636
Opcode Fuzzy Hash: 8a58ce669b0104294b344b86f13099723c98185ab674a1d19de8f1b9eb60847a
Instruction Fuzzy Hash: 25315051A0DE468DFA60BB13FC403B96650AFE8BE0F5840B5D91E6A3B5EE2CE644C300

Function 00007FFE1024D080 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 105memorystringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE1024D11E
GetProcessHeap.KERNEL32 ref: 00007FFE1024D151
HeapAlloc.KERNEL32 ref: 00007FFE1024D162
strcpy.MSVCRT ref: 00007FFE1024D1BB
GetProcessHeap.KERNEL32 ref: 00007FFE1024D1D1
HeapFree.KERNEL32 ref: 00007FFE1024D1E2

Strings

[D] (%s) -> Logoff(name=%s,s_sid=%s,acct_expires=%x,ts_now=%llx), xrefs: 00007FFE1024D142
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1024D1F7
-LTCSES-, xrefs: 00007FFE1024D180
-LTCMAS-, xrefs: 00007FFE1024D172
XESS, xrefs: 00007FFE1024D18E
on_tick_expiry, xrefs: 00007FFE1024D13B
mem_alloc, xrefs: 00007FFE1024D1F0

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Heap$Process$AllocFreestrcpystrlen
String ID: -LTCMAS-$-LTCSES-$XESS$[D] (%s) -> Logoff(name=%s,s_sid=%s,acct_expires=%x,ts_now=%llx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$on_tick_expiry
API String ID: 925994320-1558387473
Opcode ID: 7c8d0ac939547da229ce404f06613a579137493224db218f57ae4127a199a531
Instruction ID: 6f4412178f255e912d92bdd8542a5b597c0b3bd4ef5ccb1fa9c51bb2db40edef
Opcode Fuzzy Hash: 7c8d0ac939547da229ce404f06613a579137493224db218f57ae4127a199a531
Instruction Fuzzy Hash: FA418EA1A09E4281EA44AB17D8403B96EA4EFC4BB4F5440B5EF0E873E7EE7CE445C310

Function 00007FF7BACD7023 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7BACD704E
strlen.MSVCRT ref: 00007FF7BACD7077
strlen.MSVCRT ref: 00007FF7BACD7083
strlen.MSVCRT ref: 00007FF7BACD7099

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD70E1, 00007FF7BACD7111, 00007FF7BACD7141
((*path_sz) > 0), xrefs: 00007FF7BACD7133
NULL, xrefs: 00007FF7BACD71AD
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7BACD70CC, 00007FF7BACD70FC, 00007FF7BACD712C
(path_sz != NULL), xrefs: 00007FF7BACD7103
fs_path_temp, xrefs: 00007FF7BACD70A7, 00007FF7BACD70DA, 00007FF7BACD710A, 00007FF7BACD713A, 00007FF7BACD7174
(path != NULL), xrefs: 00007FF7BACD70D3
[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x), xrefs: 00007FF7BACD717B
[I] (%s) -> Done(path=%s,path_sz=%llu), xrefs: 00007FF7BACD70AE

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: strlen
String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
API String ID: 39653677-3302659514
Opcode ID: 402c1b4db194d08799718f86fa33908b480c5625c88157872f69c697322c0f11
Instruction ID: 20d4b154d109ed36c73a576d6f1fef722d618396e1a0ebcb42b6d57f605fc8f3
Opcode Fuzzy Hash: 402c1b4db194d08799718f86fa33908b480c5625c88157872f69c697322c0f11
Instruction Fuzzy Hash: 70415F61A0864395FA20BF5CD8083B9E351AF76784FD451B2DFAD07A9DDF3CA5069320

Function 00007FFE1A452CE9 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 126networkCOMMON

Download Yara Rule

APIs

select.WS2_32 ref: 00007FFE1A452D94
accept.WS2_32 ref: 00007FFE1A452DBB
htonl.WS2_32 ref: 00007FFE1A452DEB
htons.WS2_32 ref: 00007FFE1A452DFC

Part of subcall function 00007FFE1A452709: ioctlsocket.WS2_32 ref: 00007FFE1A45272F

WSAGetLastError.WS2_32 ref: 00007FFE1A452EAE
WSAGetLastError.WS2_32 ref: 00007FFE1A452EEA

Strings

[E] (%s) -> Failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A452EFD
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A452EC1
[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u), xrefs: 00007FFE1A452E45
tcp_accept, xrefs: 00007FFE1A452E3E, 00007FFE1A452E87, 00007FFE1A452EBA, 00007FFE1A452EF6
[W] (%s) -> select timedout(sock=0x%llx), xrefs: 00007FFE1A452E8E

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLast$accepthtonlhtonsioctlsocketselect
String ID: [E] (%s) -> Failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u)$[W] (%s) -> select timedout(sock=0x%llx)$tcp_accept
API String ID: 2278979430-4175654481
Opcode ID: ddfcd42498865aed8750f33cd64a4479b183540ed0ffbad3860233e409b71f32
Instruction ID: c8be4f40c94cfbd2cd29fd6a66b62290b775a3d95599ac32974787fd0ef80dd4
Opcode Fuzzy Hash: ddfcd42498865aed8750f33cd64a4479b183540ed0ffbad3860233e409b71f32
Instruction Fuzzy Hash: BD5191B2B08A4245E760AB17E8403B96260AB44FB4F1443F3E97D17AE4EF7D9525C700

Function 00007FFE11EC9510 Relevance: 18.1, APIs: 9, Strings: 3, Instructions: 145stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE11EC95AA
strlen.MSVCRT ref: 00007FFE11EC95C6
strlen.MSVCRT ref: 00007FFE11EC95D7
strlen.MSVCRT ref: 00007FFE11EC9611
strlen.MSVCRT ref: 00007FFE11EC962D
strcpy.MSVCRT ref: 00007FFE11EC9649
strlen.MSVCRT ref: 00007FFE11EC9651
strlen.MSVCRT ref: 00007FFE11EC9660
strlen.MSVCRT ref: 00007FFE11EC9675

Strings

veK, xrefs: 00007FFE11EC9525
*, xrefs: 00007FFE11EC9656
schtasks, xrefs: 00007FFE11EC95DF

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strlen$strcpy
String ID: *$schtasks$veK
API String ID: 2790333442-3550129123
Opcode ID: a317d2316905fc7f98087aa0c4bb8d80657517462ccdb74ec008b7c0b05d0c3e
Instruction ID: 869cbb48733b572802bccfbd6f3dbc245ce3088d14d337edd7ab771b3e8aa9a5
Opcode Fuzzy Hash: a317d2316905fc7f98087aa0c4bb8d80657517462ccdb74ec008b7c0b05d0c3e
Instruction Fuzzy Hash: B151A612B0CE8345FB616B97EC503BB5699AB85364FD810B5EA4E473E6EE2DF9048700

Function 00007FFE126D1E46 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE126D1F32

Strings

(name != NULL), xrefs: 00007FFE126D1EBB
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE126D1FAB
version, xrefs: 00007FFE126D1E46, 00007FFE126D1E4A
(var != NULL), xrefs: 00007FFE126D1EEE
main, xrefs: 00007FFE126D1E49
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D1E96, 00007FFE126D1EC9, 00007FFE126D1EFC
ini_get_var, xrefs: 00007FFE126D1E8F, 00007FFE126D1EC2, 00007FFE126D1EF5, 00007FFE126D1F5C, 00007FFE126D1FA4
(sec != NULL), xrefs: 00007FFE126D1E88
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126D1E81, 00007FFE126D1EB4, 00007FFE126D1EE7
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE126D1F63
NULL, xrefs: 00007FFE126D1FC4, 00007FFE126D1FCD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
API String ID: 1004003707-636894343
Opcode ID: 7b0570f3fc05e8893923189e1b132b853666a32ff7ee4e45f27c5479a354f6e2
Instruction ID: c99d8fff69c1373cf6e8e63fbf669bf0e9894d84f3d95040372d3f77f8a38e71
Opcode Fuzzy Hash: 7b0570f3fc05e8893923189e1b132b853666a32ff7ee4e45f27c5479a354f6e2
Instruction Fuzzy Hash: 0041D9A1A08E4FDAFB109B12AD407F863A1AB04764F4441B2EA9D065F5DFFDA649C340

Function 00007FFE11ECA8B6 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE11ECA9A2

Strings

version, xrefs: 00007FFE11ECA8B6, 00007FFE11ECA8BA
ini_get_var, xrefs: 00007FFE11ECA8FF, 00007FFE11ECA932, 00007FFE11ECA965, 00007FFE11ECA9CC, 00007FFE11ECAA14
NULL, xrefs: 00007FFE11ECAA34, 00007FFE11ECAA3D
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE11ECA9D3
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11ECA8F1, 00007FFE11ECA924, 00007FFE11ECA957
main, xrefs: 00007FFE11ECA8B9
(sec != NULL), xrefs: 00007FFE11ECA8F8
(name != NULL), xrefs: 00007FFE11ECA92B
(var != NULL), xrefs: 00007FFE11ECA95E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11ECA906, 00007FFE11ECA939, 00007FFE11ECA96C
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE11ECAA1B

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
API String ID: 1004003707-636894343
Opcode ID: b95fd872987beb657bc04632a610eedb0f0ea1cda37f36d9322da4db09f6558e
Instruction ID: bd18eb5d8ea3989e3892ba1a0e3026086da3c8c0a67869b428c15fdbf8d3da4a
Opcode Fuzzy Hash: b95fd872987beb657bc04632a610eedb0f0ea1cda37f36d9322da4db09f6558e
Instruction Fuzzy Hash: CF412B65E48E9791FB109B86ED423F66268BB40368F8951B2DA5D062B5EF3CF545C300

Function 00007FFE126D1CBF Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE126D1DB3

Strings

(name != NULL), xrefs: 00007FFE126D1D34
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE126D1E11
version, xrefs: 00007FFE126D1CBF, 00007FFE126D1CC3
main, xrefs: 00007FFE126D1CC2
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D1D0F, 00007FFE126D1D42, 00007FFE126D1D75
(ini != NULL), xrefs: 00007FFE126D1D01
[D] (%s) -> Done(name=%s), xrefs: 00007FFE126D1DD3
ini_get_sec, xrefs: 00007FFE126D1D08, 00007FFE126D1D3B, 00007FFE126D1D6E, 00007FFE126D1DCC, 00007FFE126D1E0A
(sec != NULL), xrefs: 00007FFE126D1D67
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126D1CFA, 00007FFE126D1D2D, 00007FFE126D1D60
NULL, xrefs: 00007FFE126D1E2A

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
API String ID: 1004003707-4168131722
Opcode ID: 1aef3687247d6ab1c35fe33cc4892387064830156e0a07758e676d56871140b1
Instruction ID: e144f14899583b73918eaf8a97982b116594df21b80b2578542735187dfa7af1
Opcode Fuzzy Hash: 1aef3687247d6ab1c35fe33cc4892387064830156e0a07758e676d56871140b1
Instruction Fuzzy Hash: EB410DA1A08E4FDAFB109B52EC803F82251AF14368F4841F6DA9D165F5DFFDA646C340

Function 00007FFE11ECA72F Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE11ECA823

Strings

version, xrefs: 00007FFE11ECA72F, 00007FFE11ECA733
[D] (%s) -> Done(name=%s), xrefs: 00007FFE11ECA843
NULL, xrefs: 00007FFE11ECA89A
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE11ECA881
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11ECA76A, 00007FFE11ECA79D, 00007FFE11ECA7D0
ini_get_sec, xrefs: 00007FFE11ECA778, 00007FFE11ECA7AB, 00007FFE11ECA7DE, 00007FFE11ECA83C, 00007FFE11ECA87A
main, xrefs: 00007FFE11ECA732
(sec != NULL), xrefs: 00007FFE11ECA7D7
(name != NULL), xrefs: 00007FFE11ECA7A4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11ECA77F, 00007FFE11ECA7B2, 00007FFE11ECA7E5
(ini != NULL), xrefs: 00007FFE11ECA771

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
API String ID: 1004003707-4168131722
Opcode ID: 525ba5f3bf202e8e33ed72c5627b9f19f67cb6abea7e404eca9e8a277ca48769
Instruction ID: 12823cfa366a22a97cb21514f7416190e3bdf0c4e163c042d2741ebf2036f7c7
Opcode Fuzzy Hash: 525ba5f3bf202e8e33ed72c5627b9f19f67cb6abea7e404eca9e8a277ca48769
Instruction Fuzzy Hash: C9411D62E48E9792FF109B92ED543B6A368BB40368F8455B6DA1D161B1FF3CF946C300

Function 00007FFE126D298E Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE126D29A3
LeaveCriticalSection.KERNEL32 ref: 00007FFE126D2A09
GetProcessHeap.KERNEL32 ref: 00007FFE126D2A40
HeapAlloc.KERNEL32 ref: 00007FFE126D2A54

Strings

C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE126D29BA
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE126D2A2B
mem_alloc, xrefs: 00007FFE126D2A94
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE126D2ACC
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE126D2A9B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D29CF
ebus_subscribe, xrefs: 00007FFE126D29C8, 00007FFE126D2A24, 00007FFE126D2AC5
(handler != NULL), xrefs: 00007FFE126D29C1

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: 3a9cae1aa01884bae7efa0b9705455bec305580ba13712b9611d3d2762addf92
Instruction ID: 8380f90fc1c6bcdc6ea2a9982e548f5d029e4ab87cdac10abf699908afe91ca6
Opcode Fuzzy Hash: 3a9cae1aa01884bae7efa0b9705455bec305580ba13712b9611d3d2762addf92
Instruction Fuzzy Hash: 1E31E9A1E09E0F86FE25DB07EC512792361BF54BB4F5841B5C88D1B2F6EEECA9458310

Function 00007FFE1150A57E Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE1150A593
LeaveCriticalSection.KERNEL32 ref: 00007FFE1150A5F9
GetProcessHeap.KERNEL32 ref: 00007FFE1150A630
HeapAlloc.KERNEL32 ref: 00007FFE1150A644

Strings

[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1150A68B
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE1150A61B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150A5BF
(handler != NULL), xrefs: 00007FFE1150A5B1
ebus_subscribe, xrefs: 00007FFE1150A5B8, 00007FFE1150A614, 00007FFE1150A6B5
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE1150A6BC
mem_alloc, xrefs: 00007FFE1150A684
C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE1150A5AA

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: 51182e06d6a6c07dd0c69d8f58770b2ddf4b90986f4ad3826cd256bf4d6556e1
Instruction ID: 662aa070d00f04f907fdceed82a92e2ead865eabb8b5603f5aba00ee88bf4b8d
Opcode Fuzzy Hash: 51182e06d6a6c07dd0c69d8f58770b2ddf4b90986f4ad3826cd256bf4d6556e1
Instruction Fuzzy Hash: 5C311E61E0DE8381FF528B87E9503BD22AABF44B74F5841B9C84D072B0DF2DE9458301

Function 00007FFE132262BE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE132262D3
LeaveCriticalSection.KERNEL32 ref: 00007FFE13226339
GetProcessHeap.KERNEL32 ref: 00007FFE13226370
HeapAlloc.KERNEL32 ref: 00007FFE13226384

Strings

[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE132263FC
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE132263CB
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE1322635B
(handler != NULL), xrefs: 00007FFE132262F1
mem_alloc, xrefs: 00007FFE132263C4
C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE132262EA
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE132262FF
ebus_subscribe, xrefs: 00007FFE132262F8, 00007FFE13226354, 00007FFE132263F5

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: 68ee7d6c3dcbe8250ebf0b5e1c74b75c7be04cfa2e8da067a8f3604feb2f1e69
Instruction ID: 87b7699e45aad3ef3a733375695b3c345b9823de7732d47d2a10d256e4a1ec52
Opcode Fuzzy Hash: 68ee7d6c3dcbe8250ebf0b5e1c74b75c7be04cfa2e8da067a8f3604feb2f1e69
Instruction Fuzzy Hash: 06310A61A0DD0389FA31BB07FC846B96265BFE8BB4F5844B5C84D2B2B0DE6DE845C340

Function 00007FFE102415BE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE102415D3
LeaveCriticalSection.KERNEL32 ref: 00007FFE10241639
GetProcessHeap.KERNEL32 ref: 00007FFE10241670
HeapAlloc.KERNEL32 ref: 00007FFE10241684

Strings

C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE102415EA
mem_alloc, xrefs: 00007FFE102416C4
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE102416FC
ebus_subscribe, xrefs: 00007FFE102415F8, 00007FFE10241654, 00007FFE102416F5
(handler != NULL), xrefs: 00007FFE102415F1
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE102416CB
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE1024165B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE102415FF

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: 8cba05d6f9e1b72bd78fcb301e5002d50a2927f161767b6a42ce7369a5e9e9f7
Instruction ID: f3d642c0ae474f8a5ded4f87c01fb269d143b6a116cebfb1b47a75c5c6d6c307
Opcode Fuzzy Hash: 8cba05d6f9e1b72bd78fcb301e5002d50a2927f161767b6a42ce7369a5e9e9f7
Instruction Fuzzy Hash: FB314DA0F09E1381FA109B03E8503B46B65AFC0BB4F5980B5CB4D873B6EE6DE895C304

Function 00007FFE11EC15BE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE11EC15D3
LeaveCriticalSection.KERNEL32 ref: 00007FFE11EC1639
GetProcessHeap.KERNEL32 ref: 00007FFE11EC1670
HeapAlloc.KERNEL32 ref: 00007FFE11EC1684

Strings

[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11EC16CB
(handler != NULL), xrefs: 00007FFE11EC15F1
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE11EC16FC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC15FF
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE11EC165B
C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE11EC15EA
ebus_subscribe, xrefs: 00007FFE11EC15F8, 00007FFE11EC1654, 00007FFE11EC16F5
mem_alloc, xrefs: 00007FFE11EC16C4

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: d7eaba8990d9bb82a883ab9eac106acf4eb305b5d3dced1ada31524724a4bca5
Instruction ID: 6924f338594ddcf80a59e0a6c7b8134697ea9d379810d5aa05970ff0fd0a9ac9
Opcode Fuzzy Hash: d7eaba8990d9bb82a883ab9eac106acf4eb305b5d3dced1ada31524724a4bca5
Instruction Fuzzy Hash: A13105A1E0DE0381FF109B97EC503762369AF41BA4F9895B5C94E0B2B0EE2CF945D340

Function 00007FFE1150A076 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 78COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1150A091
GetLastError.KERNEL32 ref: 00007FFE1150A0D0

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

, xrefs: 00007FFE1150A0EE
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1150A19D
[I] (%s) -> %s, xrefs: 00007FFE1150A0B7
proxy_init, xrefs: 00007FFE1150A0B0, 00007FFE1150A0DB, 00007FFE1150A196
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_proxies) failed(gle=%lu), xrefs: 00007FFE1150A0E2
~, xrefs: 00007FFE1150A14B
Done, xrefs: 00007FFE1150A0A9
P, xrefs: 00007FFE1150A150

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_proxies) failed(gle=%lu)$[I] (%s) -> %s$proxy_init$~
API String ID: 3179112426-3318474754
Opcode ID: 62679cb6203fdb9ce5ed245b295c2cc3eaac5c932b8f41fb294838f1a43f0853
Instruction ID: 6a63f089aaa34b70ee286b2b6a9fc89a6a9c7c5b7e75c9745092db4ed94d49e2
Opcode Fuzzy Hash: 62679cb6203fdb9ce5ed245b295c2cc3eaac5c932b8f41fb294838f1a43f0853
Instruction Fuzzy Hash: DF312B61E0DF4392FB214792A8C03BC229E9F053B4F5002BAC50E472F2DF5DA988D396

Function 00007FFE10248FC4 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 77COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE10248FD5
GetLastError.KERNEL32 ref: 00007FFE10249014

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

P, xrefs: 00007FFE10249094
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_sam) failed(gle=%lu), xrefs: 00007FFE10249026
[I] (%s) -> %s, xrefs: 00007FFE10248FFB
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE102490E1
, xrefs: 00007FFE10249032
~, xrefs: 00007FFE1024908F
sam_init, xrefs: 00007FFE10248FF4, 00007FFE1024901F, 00007FFE102490DA
Done, xrefs: 00007FFE10248FED

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_sam) failed(gle=%lu)$[I] (%s) -> %s$sam_init$~
API String ID: 3179112426-2019511216
Opcode ID: 6d845e0d6a9590898fbd72cf9fa3a20257545eac1df6b55605c1f25e501395dc
Instruction ID: 58816fc73376b853062f03f0f2b8c9f6f419240296a01656f08953b01b95f29d
Opcode Fuzzy Hash: 6d845e0d6a9590898fbd72cf9fa3a20257545eac1df6b55605c1f25e501395dc
Instruction Fuzzy Hash: 6B310750B0CE07C2FB20571AA4C43B95A60AFD8334E6025B2C70E863B3ED9FA995D355

Function 00007FFE1A4537DB Relevance: 16.6, APIs: 7, Strings: 4, Instructions: 104memorysleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1A452F1A: recv.WS2_32 ref: 00007FFE1A452F42

Sleep.KERNEL32 ref: 00007FFE1A453833

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

LeaveCriticalSection.KERNEL32 ref: 00007FFE1A453878
memcpy.MSVCRT ref: 00007FFE1A453894
GetProcessHeap.KERNEL32 ref: 00007FFE1A4538B6
HeapAlloc.KERNEL32 ref: 00007FFE1A4538C7
memcpy.MSVCRT ref: 00007FFE1A4538E8
EnterCriticalSection.KERNEL32 ref: 00007FFE1A453940

Strings

[D] (%s) -> Got an event(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FFE1A45392D
routine_rx, xrefs: 00007FFE1A453926
mem_alloc, xrefs: 00007FFE1A45384E
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1A453855

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: CriticalHeapSectionmemcpy$AllocEnterLeaveProcessSleepfflushfwriterecv
String ID: [D] (%s) -> Got an event(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$routine_rx
API String ID: 3537583691-1494920791
Opcode ID: 31c41d8f3d353521e05e7039790eb1b398b2d1753936df8f63205f0b186b839b
Instruction ID: 346a5c17a0edfe2c8b2337add042a4ec645906ed541c52f8d066dc22ad1a1c0e
Opcode Fuzzy Hash: 31c41d8f3d353521e05e7039790eb1b398b2d1753936df8f63205f0b186b839b
Instruction Fuzzy Hash: 8B418CE6B09E4292EA15AB16E8543BA23A0FB44FA8F4444F7D91D437B4EF3CE465C300

Function 00007FFE1150C852 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE1150C8FE
fflush.MSVCRT ref: 00007FFE1150C90A
EnterCriticalSection.KERNEL32 ref: 00007FFE1150C923
LeaveCriticalSection.KERNEL32 ref: 00007FFE1150C94B
CopyFileA.KERNEL32 ref: 00007FFE1150C9A8

Strings

1, xrefs: 00007FFE1150C992
., xrefs: 00007FFE1150C98D
kernel32, xrefs: 00007FFE1150C854, 00007FFE1150C855
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log, xrefs: 00007FFE1150C96B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log$kernel32
API String ID: 513531256-1037688549
Opcode ID: 290cff32685f0655480806e3de325ceb6f6beb8475b13025fcd8d82ed4c7bc66
Instruction ID: c32afaab338c3f3c988f2508f3ffaaf74ea6de69d564bac917958625157538c6
Opcode Fuzzy Hash: 290cff32685f0655480806e3de325ceb6f6beb8475b13025fcd8d82ed4c7bc66
Instruction Fuzzy Hash: 5B41B132A0CE41C6F321AB92E8503BA675AFB897A4F4440B5DA4D43BB6CF3CE5858741

Function 00007FF7BACD2EF2 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FF7BACD2F9E
fflush.MSVCRT ref: 00007FF7BACD2FAA
EnterCriticalSection.KERNEL32(service,000002BAD3D813D0,?,00007FF7BACE8500,00007FF7BACD2027,?,?,?,?,?,?,00007FF7BACD162F), ref: 00007FF7BACD2FC3
LeaveCriticalSection.KERNEL32(?,00007FF7BACE8500,00007FF7BACD2027,?,?,?,?,?,?,00007FF7BACD162F), ref: 00007FF7BACD2FEB
CopyFileA.KERNEL32 ref: 00007FF7BACD3048

Strings

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log, xrefs: 00007FF7BACD300B
., xrefs: 00007FF7BACD302D
1, xrefs: 00007FF7BACD3032
service, xrefs: 00007FF7BACD2EF5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$service
API String ID: 513531256-4171087551
Opcode ID: ff03a3c64f5a0a3273bf4fcc8a7fdb10c483b7055a1fb86f620f71fefe6cafa4
Instruction ID: 00cccd9c940d547735f47d5daecf5c38971bd7c9b0f9431069f2b0c6e7f3c356
Opcode Fuzzy Hash: ff03a3c64f5a0a3273bf4fcc8a7fdb10c483b7055a1fb86f620f71fefe6cafa4
Instruction Fuzzy Hash: 3C415E21A086418AF320BB1CE8593AAF691FBB6780FC400B5EF4D5769DCF3CE5469764

Function 00007FFE132284C6 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 70stringCOMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE13228564
strtol.MSVCRT ref: 00007FFE1322857A
_errno.MSVCRT ref: 00007FFE13228582
_errno.MSVCRT ref: 00007FFE1322858A

Strings

[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE132285B2
ini_get_uint16, xrefs: 00007FFE13228543, 00007FFE132285AB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1322854A
(value != NULL), xrefs: 00007FFE1322853C
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE13228535

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: _errno$strtol
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
API String ID: 3596500743-1991603811
Opcode ID: 907f382a5ba98dec77372e742d60424ff237156aec945cc14e22ff214607486b
Instruction ID: d1328c19826f10a57ba20a3c6fd7f79dc6d19632ef4c3525fcb593fb7ca68555
Opcode Fuzzy Hash: 907f382a5ba98dec77372e742d60424ff237156aec945cc14e22ff214607486b
Instruction Fuzzy Hash: 0321BF22A08E4789E721AB16FC407AAB760BBE87A4F444071EE4C17674DF7DE896C700

Function 00007FFE126D236A Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE126D2406
_strtoui64.MSVCRT ref: 00007FFE126D241C
_errno.MSVCRT ref: 00007FFE126D2426
_errno.MSVCRT ref: 00007FFE126D2432

Strings

[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE126D2459
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D23EC
ini_get_uint64, xrefs: 00007FFE126D23E5, 00007FFE126D2452
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126D23D7
(value != NULL), xrefs: 00007FFE126D23DE

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 9b0511abb579528206ab036c6171041c0e158e3b6c79a86c4ac1b033516cc75b
Instruction ID: 6cd042fb1a25eb64207e1d8ee7ba047db9bdca24838fa40a7010d48385164949
Opcode Fuzzy Hash: 9b0511abb579528206ab036c6171041c0e158e3b6c79a86c4ac1b033516cc75b
Instruction Fuzzy Hash: 0C217C21A08E4A9BF710DF16EC407AA2361FB447A4F444072EE8C476B5DFBCD945C700

Function 00007FFE1150D86A Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1150D906
_strtoui64.MSVCRT ref: 00007FFE1150D91C
_errno.MSVCRT ref: 00007FFE1150D926
_errno.MSVCRT ref: 00007FFE1150D932

Strings

(value != NULL), xrefs: 00007FFE1150D8DE
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150D8EC
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE1150D959
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1150D8D7
ini_get_uint64, xrefs: 00007FFE1150D8E5, 00007FFE1150D952

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: c0b0fbd09f3da1b4c45f6ef4981d212609730e8146d06a22dced7ad410dac946
Instruction ID: eb06dd2ec1219582567cd6ad3154736d949d15424da7dfbb2ddd03f2d5acd85f
Opcode Fuzzy Hash: c0b0fbd09f3da1b4c45f6ef4981d212609730e8146d06a22dced7ad410dac946
Instruction Fuzzy Hash: 3121AB22A08F4696E3219F5AE8407AE73A9BF447A4F4400BAEE4C47670DF7DE985C700

Function 00007FFE132287BA Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE13228856
_strtoui64.MSVCRT ref: 00007FFE1322886C
_errno.MSVCRT ref: 00007FFE13228876
_errno.MSVCRT ref: 00007FFE13228882

Strings

[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE132288A9
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1322883C
ini_get_uint64, xrefs: 00007FFE13228835, 00007FFE132288A2
(value != NULL), xrefs: 00007FFE1322882E
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE13228827

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 95c28f316ae3dced59099252dd5eb60debe0ef91a749774188ed2787cb9e6fd7
Instruction ID: 5eff5825f5eea9540e6d402efd8516438e78df71e8aa30256f56d0d5c5eda632
Opcode Fuzzy Hash: 95c28f316ae3dced59099252dd5eb60debe0ef91a749774188ed2787cb9e6fd7
Instruction Fuzzy Hash: BC219421A08E468AE721AF16FC407AA7764BBE87A4F444075EE4C57774DF7CE885C700

Function 00007FFE1A451DCA Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1A451E66
_strtoui64.MSVCRT ref: 00007FFE1A451E7C
_errno.MSVCRT ref: 00007FFE1A451E86
_errno.MSVCRT ref: 00007FFE1A451E92

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A451E4C
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A451E37
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE1A451EB9
ini_get_uint64, xrefs: 00007FFE1A451E45, 00007FFE1A451EB2
(value != NULL), xrefs: 00007FFE1A451E3E

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 3a693b30f3fed3e0b5b27e4b3a7631ccc436d3eb64aac9c6a68fb11d98a42b4e
Instruction ID: e9f02320d6cd6aec39f7237fb84dc1dfc8900471a9849b6bf9de8e16916ccb63
Opcode Fuzzy Hash: 3a693b30f3fed3e0b5b27e4b3a7631ccc436d3eb64aac9c6a68fb11d98a42b4e
Instruction Fuzzy Hash: F7215961708E4286E261AF16B8407BA2370AB84BA8F4440B3EE5D47674DF7CE855C700

Function 00007FFE1024520A Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE102452A6
_strtoui64.MSVCRT ref: 00007FFE102452BC
_errno.MSVCRT ref: 00007FFE102452C6
_errno.MSVCRT ref: 00007FFE102452D2

Strings

(value != NULL), xrefs: 00007FFE1024527E
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE102452F9
ini_get_uint64, xrefs: 00007FFE10245285, 00007FFE102452F2
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE10245277
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1024528C

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: afd57179b788ab8042d738f0ecd9690e60cdbfc3fc4c221921d7512056222b8c
Instruction ID: 24d307714faae5b41ed6944d594844631ff20d161a16c18a9a2d3e6c534cabe1
Opcode Fuzzy Hash: afd57179b788ab8042d738f0ecd9690e60cdbfc3fc4c221921d7512056222b8c
Instruction Fuzzy Hash: CF218261608E46C5E6619F16F8407AA7B60BB857B4F444072EF8C87776DF7DE845C700

Function 00007FFE11ECADDA Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE11ECAE76
_strtoui64.MSVCRT ref: 00007FFE11ECAE8C
_errno.MSVCRT ref: 00007FFE11ECAE96
_errno.MSVCRT ref: 00007FFE11ECAEA2

Strings

(value != NULL), xrefs: 00007FFE11ECAE4E
ini_get_uint64, xrefs: 00007FFE11ECAE55, 00007FFE11ECAEC2
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11ECAE47
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE11ECAEC9
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11ECAE5C

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: c98d56caddfe9f1803b30f6abedb8c54f4c40d8d5babb1193f961330c0d8c415
Instruction ID: 038dd727f577a87a9d5af0e0a5f2edefc1c92d2b0f301a57e40cebef8684d60b
Opcode Fuzzy Hash: c98d56caddfe9f1803b30f6abedb8c54f4c40d8d5babb1193f961330c0d8c415
Instruction Fuzzy Hash: 4E216222A18E8699E7119F96EC407AB7368BB447A8F845072EE4C47774EF3CE885C700

Function 00007FFE1150D346 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE1150D432

Strings

[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE1150D4AB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150D396, 00007FFE1150D3C9, 00007FFE1150D3FC
(var != NULL), xrefs: 00007FFE1150D3EE
NULL, xrefs: 00007FFE1150D4C4, 00007FFE1150D4CD
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE1150D463
(sec != NULL), xrefs: 00007FFE1150D388
ini_get_var, xrefs: 00007FFE1150D38F, 00007FFE1150D3C2, 00007FFE1150D3F5, 00007FFE1150D45C, 00007FFE1150D4A4
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1150D381, 00007FFE1150D3B4, 00007FFE1150D3E7
(name != NULL), xrefs: 00007FFE1150D3BB

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: 90a1d6f335128956a62a7103d04ff1ad9150fa8fac7c4f88965bf51ef95dc4dc
Instruction ID: c7ead441ec6ab973680b06fab7902a4228b6380f4ccd26870aff1f78723a5814
Opcode Fuzzy Hash: 90a1d6f335128956a62a7103d04ff1ad9150fa8fac7c4f88965bf51ef95dc4dc
Instruction Fuzzy Hash: FF417EA1A0CE4792FB618B82E9403FC2359BF00368F4541BAEA5D065B5DFBDF646C300

Function 00007FFE13228296 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE13228382

Strings

[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE132283FB
ini_get_var, xrefs: 00007FFE132282DF, 00007FFE13228312, 00007FFE13228345, 00007FFE132283AC, 00007FFE132283F4
(var != NULL), xrefs: 00007FFE1322833E
NULL, xrefs: 00007FFE13228414, 00007FFE1322841D
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE132282E6, 00007FFE13228319, 00007FFE1322834C
(sec != NULL), xrefs: 00007FFE132282D8
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE132283B3
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE132282D1, 00007FFE13228304, 00007FFE13228337
(name != NULL), xrefs: 00007FFE1322830B

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: 2a494826ab3a02a5482b6e3f4126a8c6dab1ab56026e8cfd8e5de912d3562d2e
Instruction ID: 3b2612c384c648920c424a6786a5cd02df1af12b0bf36270a03946e2d1a43abb
Opcode Fuzzy Hash: 2a494826ab3a02a5482b6e3f4126a8c6dab1ab56026e8cfd8e5de912d3562d2e
Instruction Fuzzy Hash: DB412C61A08E4799FA20AB16FD407F86661BBB8368F4445B2EA4C271B5DF7CE945C300

Function 00007FFE1A4518A6 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE1A451992

Strings

(var != NULL), xrefs: 00007FFE1A45194E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A4518F6, 00007FFE1A451929, 00007FFE1A45195C
(sec != NULL), xrefs: 00007FFE1A4518E8
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A4518E1, 00007FFE1A451914, 00007FFE1A451947
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE1A4519C3
ini_get_var, xrefs: 00007FFE1A4518EF, 00007FFE1A451922, 00007FFE1A451955, 00007FFE1A4519BC, 00007FFE1A451A04
(name != NULL), xrefs: 00007FFE1A45191B
NULL, xrefs: 00007FFE1A451A24, 00007FFE1A451A2D
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE1A451A0B

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: 26a8aec39e63d80b3a6a2e0af29e304c521df3c4844df0dd894cc3ea5f02c8db
Instruction ID: 1486b1311a1b13421b588244e7dfb7533c3917df780573eaaa5d2060f2f13285
Opcode Fuzzy Hash: 26a8aec39e63d80b3a6a2e0af29e304c521df3c4844df0dd894cc3ea5f02c8db
Instruction Fuzzy Hash: D9414CA1B09E4795FA50AB16E8403F462B0BB44B78F4481F3DA5D075B5DF7DEA69C300

Function 00007FFE10244CE6 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE10244DD2

Strings

(sec != NULL), xrefs: 00007FFE10244D28
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE10244E4B
(var != NULL), xrefs: 00007FFE10244D8E
NULL, xrefs: 00007FFE10244E64, 00007FFE10244E6D
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE10244D21, 00007FFE10244D54, 00007FFE10244D87
(name != NULL), xrefs: 00007FFE10244D5B
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE10244E03
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE10244D36, 00007FFE10244D69, 00007FFE10244D9C
ini_get_var, xrefs: 00007FFE10244D2F, 00007FFE10244D62, 00007FFE10244D95, 00007FFE10244DFC, 00007FFE10244E44

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: 72217337c509de583f68b329069bee542afed452c8429e3a1f904cfec3f1c659
Instruction ID: 69b6ca978eebd13b924dbcacd879ca2e5036e5303fe30311fa95d1ce72ae7a89
Opcode Fuzzy Hash: 72217337c509de583f68b329069bee542afed452c8429e3a1f904cfec3f1c659
Instruction Fuzzy Hash: B3416DA2A09E57D1FA148B12A8113F46A60BF84378F8400B2DB4D867B3EF7CE659C304

Function 00007FFE1150D1BF Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE1150D2B3

Strings

ini_get_sec, xrefs: 00007FFE1150D208, 00007FFE1150D23B, 00007FFE1150D26E, 00007FFE1150D2CC, 00007FFE1150D30A
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150D20F, 00007FFE1150D242, 00007FFE1150D275
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE1150D311
NULL, xrefs: 00007FFE1150D32A
(sec != NULL), xrefs: 00007FFE1150D267
(ini != NULL), xrefs: 00007FFE1150D201
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1150D1FA, 00007FFE1150D22D, 00007FFE1150D260
(name != NULL), xrefs: 00007FFE1150D234
[D] (%s) -> Done(name=%s), xrefs: 00007FFE1150D2D3

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: 618a3ba5102a25f4a4e99f73f7530d6141bd131dabe7675f288ecb13050b53f0
Instruction ID: 9186d8b023803b5577828eea4adf64e53236d94c5f13a842584219ec9e85d62b
Opcode Fuzzy Hash: 618a3ba5102a25f4a4e99f73f7530d6141bd131dabe7675f288ecb13050b53f0
Instruction Fuzzy Hash: C4416B61A08E4792FB118F82E8507FC6359BF053B8F4441BAEA5D1A1B1DF7DEA46C304

Function 00007FFE1322810F Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE13228203

Strings

[D] (%s) -> Done(name=%s), xrefs: 00007FFE13228223
NULL, xrefs: 00007FFE1322827A
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1322815F, 00007FFE13228192, 00007FFE132281C5
(sec != NULL), xrefs: 00007FFE132281B7
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE13228261
ini_get_sec, xrefs: 00007FFE13228158, 00007FFE1322818B, 00007FFE132281BE, 00007FFE1322821C, 00007FFE1322825A
(ini != NULL), xrefs: 00007FFE13228151
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1322814A, 00007FFE1322817D, 00007FFE132281B0
(name != NULL), xrefs: 00007FFE13228184

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: 87455912ead1290854d53aadc5de93c4cc76d8ea5eb4fad9aa8be9e6bc8e3c8b
Instruction ID: 9497f7a20767cba554cf34bf9d43bb4a03552c1e2bf3ae4b31ba33d7a0b4ae4e
Opcode Fuzzy Hash: 87455912ead1290854d53aadc5de93c4cc76d8ea5eb4fad9aa8be9e6bc8e3c8b
Instruction Fuzzy Hash: 2E414F61A08E4799FE21BB57FD403B46660BBF4768F4445B2E90D2A1B1DF7CE986D300

Function 00007FFE1A45171F Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE1A451813

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A45176F, 00007FFE1A4517A2, 00007FFE1A4517D5
(sec != NULL), xrefs: 00007FFE1A4517C7
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A45175A, 00007FFE1A45178D, 00007FFE1A4517C0
(name != NULL), xrefs: 00007FFE1A451794
[D] (%s) -> Done(name=%s), xrefs: 00007FFE1A451833
NULL, xrefs: 00007FFE1A45188A
ini_get_sec, xrefs: 00007FFE1A451768, 00007FFE1A45179B, 00007FFE1A4517CE, 00007FFE1A45182C, 00007FFE1A45186A
(ini != NULL), xrefs: 00007FFE1A451761
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE1A451871

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: 4ee169d75e5fef8cee7d4765d1123835c996cd13fb81b496226cd40a7a75204a
Instruction ID: 87af22bc57a3f71f245a479fd47aa716297ecc73f760f4ac3f6c0d67caf8eca6
Opcode Fuzzy Hash: 4ee169d75e5fef8cee7d4765d1123835c996cd13fb81b496226cd40a7a75204a
Instruction Fuzzy Hash: 10416EA1B08E4795FB24AB16E8403F46370AB50B78F4481F7DA5E175B1DF7DA56AC300

Function 00007FFE10244B5F Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE10244C53

Strings

ini_get_sec, xrefs: 00007FFE10244BA8, 00007FFE10244BDB, 00007FFE10244C0E, 00007FFE10244C6C, 00007FFE10244CAA
(ini != NULL), xrefs: 00007FFE10244BA1
(sec != NULL), xrefs: 00007FFE10244C07
[D] (%s) -> Done(name=%s), xrefs: 00007FFE10244C73
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE10244CB1
NULL, xrefs: 00007FFE10244CCA
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE10244B9A, 00007FFE10244BCD, 00007FFE10244C00
(name != NULL), xrefs: 00007FFE10244BD4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE10244BAF, 00007FFE10244BE2, 00007FFE10244C15

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: 417fe31033794c81dc4fac87fe95a17616cb4ad367c15a763e8c33d239fb3119
Instruction ID: ce86bdd47b59638646e45eb52eb067ecee6f56f9f659de98044521f34ef6e7ba
Opcode Fuzzy Hash: 417fe31033794c81dc4fac87fe95a17616cb4ad367c15a763e8c33d239fb3119
Instruction Fuzzy Hash: 714100A1A09D57D1FA109B12E8553F46A50AF80378F4841B6DB0D867B3EE7DE656C304

Function 00007FF7BACD13CD Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 76stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7BACD13D8
strlen.MSVCRT ref: 00007FF7BACD13F4
strlen.MSVCRT ref: 00007FF7BACD1400
strlen.MSVCRT ref: 00007FF7BACD148A
strlen.MSVCRT ref: 00007FF7BACD14B7

Strings

.applied, xrefs: 00007FF7BACD1492
????-pat, xrefs: 00007FF7BACD144A
tch.pkg, xrefs: 00007FF7BACD1457
pkg, xrefs: 00007FF7BACD1416
update.p, xrefs: 00007FF7BACD1409

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: strlen
String ID: .applied$????-pat$pkg$tch.pkg$update.p
API String ID: 39653677-1686225151
Opcode ID: fd8be1e0bde5d4174c07ae97815dca9be3a69ec8f04d504e3e11fc7cf0860efd
Instruction ID: a2c9392835f3ab6bfc303c48f924b48b651424c19acca699758313d215e25f6b
Opcode Fuzzy Hash: fd8be1e0bde5d4174c07ae97815dca9be3a69ec8f04d504e3e11fc7cf0860efd
Instruction Fuzzy Hash: 5421D91290C78345F7217A1D991C37D99914B27BD8FC49071DF9D0B79ADE2CE854C361

Function 00007FFE126D1352 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE126D13FE
fflush.MSVCRT ref: 00007FFE126D140A
EnterCriticalSection.KERNEL32 ref: 00007FFE126D1423
LeaveCriticalSection.KERNEL32 ref: 00007FFE126D144B
CopyFileA.KERNEL32 ref: 00007FFE126D14A8

Strings

., xrefs: 00007FFE126D148D
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log, xrefs: 00007FFE126D146B
1, xrefs: 00007FFE126D1492

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log
API String ID: 513531256-2729875187
Opcode ID: 881a5b53a5bb7506d09258d8e568057d3d55aabc544c6f286c9c88e1ab55bd9f
Instruction ID: 89b017880ca03b3ccb0907d0c162e49906747514e73680881b08211b2f1455b8
Opcode Fuzzy Hash: 881a5b53a5bb7506d09258d8e568057d3d55aabc544c6f286c9c88e1ab55bd9f
Instruction Fuzzy Hash: C7415F31A0CA8A86F320DB13EC503FA6360BB957A4F5400B1DA4D577F5EFADEA858710

Function 00007FFE132277A2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE1322784E
fflush.MSVCRT ref: 00007FFE1322785A
EnterCriticalSection.KERNEL32 ref: 00007FFE13227873
LeaveCriticalSection.KERNEL32 ref: 00007FFE1322789B
CopyFileA.KERNEL32 ref: 00007FFE132278F8

Strings

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log, xrefs: 00007FFE132278BB
1, xrefs: 00007FFE132278E2
., xrefs: 00007FFE132278DD

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log
API String ID: 513531256-3034662401
Opcode ID: e9fe6dcfa54ce63d27811a76ac8203d1c50aa696a46daedf3aa209349255c63d
Instruction ID: a2cfb68fbc0288f028737a926c3e52bb87ebb2bc509109d06ca6e5bbd317b30e
Opcode Fuzzy Hash: e9fe6dcfa54ce63d27811a76ac8203d1c50aa696a46daedf3aa209349255c63d
Instruction Fuzzy Hash: BD414F61A0CA418DF320BB16F8517FAA251FBE97A0F400075DA4D677A6DF2CE985C641

Function 00007FFE1A4520C2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE1A45216E
fflush.MSVCRT ref: 00007FFE1A45217A
EnterCriticalSection.KERNEL32 ref: 00007FFE1A452193
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A4521BB
CopyFileA.KERNEL32 ref: 00007FFE1A452218

Strings

., xrefs: 00007FFE1A4521FD
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log, xrefs: 00007FFE1A4521DB
1, xrefs: 00007FFE1A452202

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log
API String ID: 513531256-1680544107
Opcode ID: c615f18cd2e190ad2369cd65d0a7030d48e7d55922bcfeb7a273152cb55ce53a
Instruction ID: ccc3de5c8e3d5f64f9d95e9a767234b0f74d13383f6ae50159ab728c2be4f47d
Opcode Fuzzy Hash: c615f18cd2e190ad2369cd65d0a7030d48e7d55922bcfeb7a273152cb55ce53a
Instruction Fuzzy Hash: AF414DB1B0CA8186F321AB12E8553BA6360AB89FA0F4444F7DA4D477A5CF3CE5A58740

Function 00007FFE102440D2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE1024417E
fflush.MSVCRT ref: 00007FFE1024418A
EnterCriticalSection.KERNEL32 ref: 00007FFE102441A3
LeaveCriticalSection.KERNEL32 ref: 00007FFE102441CB
CopyFileA.KERNEL32 ref: 00007FFE10244228

Strings

., xrefs: 00007FFE1024420D
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log, xrefs: 00007FFE102441EB
1, xrefs: 00007FFE10244212

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log
API String ID: 513531256-2115573132
Opcode ID: 0701abe5e6b4113c319c1a3fcfaf5a85de49f02ce8cf4394365a2b4eee2c185e
Instruction ID: c0301c9ff316f29333ac77477d96e8e865cff4d331c8767c5d17b6a1e7b762e3
Opcode Fuzzy Hash: 0701abe5e6b4113c319c1a3fcfaf5a85de49f02ce8cf4394365a2b4eee2c185e
Instruction Fuzzy Hash: E24152A1A0CA4296F320AB12E8543FA6A51FBD57B0F5000B5EB4D877A7DF3CE586C705

Function 00007FFE11EC9DC2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE11EC9E6E
fflush.MSVCRT ref: 00007FFE11EC9E7A
EnterCriticalSection.KERNEL32 ref: 00007FFE11EC9E93
LeaveCriticalSection.KERNEL32 ref: 00007FFE11EC9EBB
CopyFileA.KERNEL32 ref: 00007FFE11EC9F18

Strings

., xrefs: 00007FFE11EC9EFD
1, xrefs: 00007FFE11EC9F02
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log, xrefs: 00007FFE11EC9EDB

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log
API String ID: 513531256-2601447032
Opcode ID: d8a4d70d1091bcee7d7597d0687069c9020cfcc5d155bc2906374e90e94bd78c
Instruction ID: 15218be9ccc817619b14d66cf259967bd6829c71cf8751aceb6a143027e38c9e
Opcode Fuzzy Hash: d8a4d70d1091bcee7d7597d0687069c9020cfcc5d155bc2906374e90e94bd78c
Instruction Fuzzy Hash: 2A418021A0CA8186FB20AB96EC503BB22A9FB947A0F8411B5DA0D877B5DF2DE5558700

Function 00007FFE13228646 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE132286E0
_errno.MSVCRT ref: 00007FFE132286FE
_errno.MSVCRT ref: 00007FFE1322870A

Strings

ini_get_uint32, xrefs: 00007FFE132286BF, 00007FFE1322872A
[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE13228731
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE132286C6
(value != NULL), xrefs: 00007FFE132286B8
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE132286B1

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: _errno
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
API String ID: 2918714741-1670302297
Opcode ID: 91ba29964d5e43633be1b5e770adbf17932a663eca218fc6386b8ea3f266736c
Instruction ID: bd87183e19eff3f8b5f6deb218296e4e7e1a0edf7fb275e816f978ab638b1ee8
Opcode Fuzzy Hash: 91ba29964d5e43633be1b5e770adbf17932a663eca218fc6386b8ea3f266736c
Instruction Fuzzy Hash: 22218222A08E469AE721AF16FC407AA7760BBE87A4F444072EE4C57665DF7CD845CB00

Function 00007FF7BACD5BC9 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32 ref: 00007FF7BACD5C67
GetLastError.KERNEL32 ref: 00007FF7BACD5C82

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

NULL, xrefs: 00007FF7BACD5DC5, 00007FF7BACD5DD1
[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d), xrefs: 00007FF7BACD5DEE
[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x), xrefs: 00007FF7BACD5C3D
fs_file_copy, xrefs: 00007FF7BACD5C36, 00007FF7BACD5C99, 00007FF7BACD5DE7
[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu), xrefs: 00007FF7BACD5CA0

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: CopyErrorFileLastfflushfwrite
String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
API String ID: 2887799713-3464183404
Opcode ID: fd605aaf4db597eced6ced2d9d2d87b021e2d4b9aaba73da000a0e55a61a74d3
Instruction ID: f1433f093bd14d54d5d59e4ad7906142a6a9267c199d3f4c103e8c50dd996e67
Opcode Fuzzy Hash: fd605aaf4db597eced6ced2d9d2d87b021e2d4b9aaba73da000a0e55a61a74d3
Instruction Fuzzy Hash: D8418D5190C61E95FA247B0D950C375E6907F36B8CFD440B2CF8E0A69CEE6DAE819331

Function 00007FF7BACD55FD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(?,?,?,?,00007FF7BACD6361), ref: 00007FF7BACD5614
GetLastError.KERNEL32 ref: 00007FF7BACD566B

Strings

NULL, xrefs: 00007FF7BACD579A
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD5654
[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu), xrefs: 00007FF7BACD5680
[I] (%s) -> Done(path=%s), xrefs: 00007FF7BACD57B0
fs_file_delete, xrefs: 00007FF7BACD564D, 00007FF7BACD5679, 00007FF7BACD57A9

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
API String ID: 2018770650-4119452840
Opcode ID: b632b39c16b9f4b3703e6e54833c6082dbce87455845bf215ca43283f0fd4c86
Instruction ID: ef37433f52f5b116416e487c48240dcc9e9dd96d8424d00346389ee75a7a6cee
Opcode Fuzzy Hash: b632b39c16b9f4b3703e6e54833c6082dbce87455845bf215ca43283f0fd4c86
Instruction Fuzzy Hash: 54314925E0D30EC6FA207B0CA9487BDA1405F77345FE514B2CF9E06399ED1CAC869322

Function 00007FFE13221CBD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FFE13221D0B
WSAGetLastError.WS2_32 ref: 00007FFE13221D1A

Strings

[E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d), xrefs: 00007FFE13221D5E
[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE13221D2D
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE13221D7E
tcp_recv, xrefs: 00007FFE13221D77
tcp_send, xrefs: 00007FFE13221D26, 00007FFE13221D57

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLastsend
String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
API String ID: 1802528911-690514478
Opcode ID: e062259bd43d2a03cc96d2b743a1224e8478a6f9752f452444a431d641df0616
Instruction ID: 619e875e42fba6fbf887cbc577786022294f1671e65772b0883bc181cd0a9926
Opcode Fuzzy Hash: e062259bd43d2a03cc96d2b743a1224e8478a6f9752f452444a431d641df0616
Instruction Fuzzy Hash: EC21CF19B08D1289EA306B27BD40AB952416FB8BF0F6403B1DC2C7B6F5CE2CB445C700

Function 00007FFE1A452FCD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FFE1A45301B
WSAGetLastError.WS2_32 ref: 00007FFE1A45302A

Strings

[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE1A45308E
[E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d), xrefs: 00007FFE1A45306E
tcp_send, xrefs: 00007FFE1A453036, 00007FFE1A453067
tcp_recv, xrefs: 00007FFE1A453087
[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A45303D

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLastsend
String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
API String ID: 1802528911-690514478
Opcode ID: 75c57b4803f513cc00bf28dd4b7e33e098bdbc37b9468f2d07df0aead4d443a2
Instruction ID: b20483bf383a38759a956013d101573df1f0091fb9fb981992cf03249afbf3a5
Opcode Fuzzy Hash: 75c57b4803f513cc00bf28dd4b7e33e098bdbc37b9468f2d07df0aead4d443a2
Instruction Fuzzy Hash: 4721FF91B18E0241E6206727A8A06B953A0AF05FF4F4483F3ED3C47AF9DF2DB4218300

Function 00007FFE126D3F24 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE126D3F4C
setsockopt.WS2_32 ref: 00007FFE126D3F78
WSAGetLastError.WS2_32 ref: 00007FFE126D3F8F
WSAGetLastError.WS2_32 ref: 00007FFE126D3FB4

Strings

[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126D3FA6
[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126D3FCB
tcp_set_timeo, xrefs: 00007FFE126D3F9F, 00007FFE126D3FC4

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: a8a822929329817c646cbce2d4e361976d30dcb38590b87bac484261df8b9273
Instruction ID: 1f8346aac7f068e2429bb9035cf412927d6a82c0e96b5bba0e2eed78c724cdce
Opcode Fuzzy Hash: a8a822929329817c646cbce2d4e361976d30dcb38590b87bac484261df8b9273
Instruction Fuzzy Hash: DD113371A1894A87F760DB17AC044796660AF88774F1042B5E9AD83BF4DFFCD5198B00

Function 00007FFE1150ABF4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1150AC1C
setsockopt.WS2_32 ref: 00007FFE1150AC48
WSAGetLastError.WS2_32 ref: 00007FFE1150AC5F
WSAGetLastError.WS2_32 ref: 00007FFE1150AC84

Strings

[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1150AC76
tcp_set_timeo, xrefs: 00007FFE1150AC6F, 00007FFE1150AC94
[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1150AC9B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: 3ba9905c85f0b21fd7e894e96f07bcb23402eeca7c15dd9aa80b4b2fa724bb98
Instruction ID: 87509217975cf1b4493ef45a30c91ba02e85c2175e4ea8b3d598f2e455393d8b
Opcode Fuzzy Hash: 3ba9905c85f0b21fd7e894e96f07bcb23402eeca7c15dd9aa80b4b2fa724bb98
Instruction Fuzzy Hash: 4011E271A0CA8286E3209B67E8000696668FF88770F104379E96E83BF4DFBCD5498B01

Function 00007FFE13221344 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1322136C
setsockopt.WS2_32 ref: 00007FFE13221398
WSAGetLastError.WS2_32 ref: 00007FFE132213AF
WSAGetLastError.WS2_32 ref: 00007FFE132213D4

Strings

[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE132213C6
[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE132213EB
tcp_set_timeo, xrefs: 00007FFE132213BF, 00007FFE132213E4

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: 6379c91b5731d717c0f3b6262f2420aa8a6b144e231e77b39eb1e399a8ede991
Instruction ID: 428733479d68b223181de4be78af5e6b512d97d686d0aaea3e682ad4d277dd33
Opcode Fuzzy Hash: 6379c91b5731d717c0f3b6262f2420aa8a6b144e231e77b39eb1e399a8ede991
Instruction Fuzzy Hash: C2113675A189428AF320BB17F8005A9A661AFE8764F104275E95DA3AB4DF7CD549CB00

Function 00007FFE1A452654 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1A45267C
setsockopt.WS2_32 ref: 00007FFE1A4526A8
WSAGetLastError.WS2_32 ref: 00007FFE1A4526BF
WSAGetLastError.WS2_32 ref: 00007FFE1A4526E4

Strings

[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A4526D6
[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A4526FB
tcp_set_timeo, xrefs: 00007FFE1A4526CF, 00007FFE1A4526F4

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: efe5f0d0443900c824ac0ecae0eee080c4f220c923adaaa28da585d9a2211f5d
Instruction ID: e30d174d36040ecd6e0fdc7726ab83708345d9661f68512abf477711045edfba
Opcode Fuzzy Hash: efe5f0d0443900c824ac0ecae0eee080c4f220c923adaaa28da585d9a2211f5d
Instruction Fuzzy Hash: 8A1121B1B0894646E250AB17A8005B66770EF98B64F5042B7EA6D83AB4DF7CD51ACB00

Function 00007FFE10245674 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1024569C
setsockopt.WS2_32 ref: 00007FFE102456C8
WSAGetLastError.WS2_32 ref: 00007FFE102456DF
WSAGetLastError.WS2_32 ref: 00007FFE10245704

Strings

[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE102456F6
[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1024571B
tcp_set_timeo, xrefs: 00007FFE102456EF, 00007FFE10245714

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: 595f278b8cb7e5ecd8ef4898eedba44af6b209527af487a0ff7d6983d01de273
Instruction ID: 34a56ad31dee3a41f1b3141fe95341e68a7835429ff6c0a63ac6c4c38ad9604d
Opcode Fuzzy Hash: 595f278b8cb7e5ecd8ef4898eedba44af6b209527af487a0ff7d6983d01de273
Instruction Fuzzy Hash: 1A11D670618D4286F3209B17A444076AA61AFC8774F104275EB6D83BF3DF7CD509CB00

Function 00007FFE11EC1CE4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE11EC1D0C
setsockopt.WS2_32 ref: 00007FFE11EC1D38
WSAGetLastError.WS2_32 ref: 00007FFE11EC1D4F
WSAGetLastError.WS2_32 ref: 00007FFE11EC1D74

Strings

[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11EC1D8B
tcp_set_timeo, xrefs: 00007FFE11EC1D5F, 00007FFE11EC1D84
[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11EC1D66

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: 965785d7ab7d92e0704bde05fb8876d09001233a2ee5dad71bbbf6162b0393d8
Instruction ID: f7283f629b7c5daacf95ceda7177fd133839d824f97f78351d3dad6f755dc1cd
Opcode Fuzzy Hash: 965785d7ab7d92e0704bde05fb8876d09001233a2ee5dad71bbbf6162b0393d8
Instruction Fuzzy Hash: 7011B671A1C94286E710AB9BEC00567AAA4FF887A4F505271EA6D837F4DF7CD5068B01

Function 00007FFE1A45341F Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32 ref: 00007FFE1A453451
GetProcessHeap.KERNEL32 ref: 00007FFE1A45345C
HeapFree.KERNEL32 ref: 00007FFE1A45346D
EnterCriticalSection.KERNEL32 ref: 00007FFE1A453491
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A4534B4
EnterCriticalSection.KERNEL32 ref: 00007FFE1A453521

Strings

[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FFE1A45350E
routine_tx, xrefs: 00007FFE1A453507

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: CriticalSection$EnterHeapLeave$FreeProcess
String ID: [D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
API String ID: 2539320189-3555278722
Opcode ID: 89816472452a277170d6f847842745fb66cf2df46b1e7d352c300a1510bda61f
Instruction ID: 8fe737fac6b781984dc669e606477c656391dcbf654ecfb2e3d109397ccc5ddf
Opcode Fuzzy Hash: 89816472452a277170d6f847842745fb66cf2df46b1e7d352c300a1510bda61f
Instruction Fuzzy Hash: 2031F9B1B08E4282EA259B12E89027963B0EB45FA4F1441F7DA6E43B74DF3CF4618340

Function 00007FFE1322C445 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 127sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FFE1322C478
Sleep.KERNEL32 ref: 00007FFE1322C4F4

Strings

[W] (%s) -> Not a valid packet received(size=%u,suid=%llx), xrefs: 00007FFE1322C5A9
/, xrefs: 00007FFE1322C5D7
[W] (%s) -> Not a valid event received(size=%u,suid=%llx,packed_event_sz=%u,event_sz=%u), xrefs: 00007FFE1322C577
routine_rx, xrefs: 00007FFE1322C570, 00007FFE1322C5A2

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Sleep
String ID: /$[W] (%s) -> Not a valid event received(size=%u,suid=%llx,packed_event_sz=%u,event_sz=%u)$[W] (%s) -> Not a valid packet received(size=%u,suid=%llx)$routine_rx
API String ID: 3472027048-1600310168
Opcode ID: bd8907607193d04b0b746e095c4958e2ce26e3d534a5acf4106b3ad7b865447c
Instruction ID: 3648b7db0e1db63fbe9d725991f8e4ab5472636aa3aa213524d5337289e23ce9
Opcode Fuzzy Hash: bd8907607193d04b0b746e095c4958e2ce26e3d534a5acf4106b3ad7b865447c
Instruction Fuzzy Hash: A0514A21E0CE534DFE30AB66BC403BA6251AFE8378F5042B1E56E676F5DE6CE945C600

Function 00007FFE132256C7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FFE132256D0
GetLastError.KERNEL32 ref: 00007FFE13225715

Strings

(path != NULL), xrefs: 00007FFE132256F4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE13225702
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE132256ED
fs_path_exists, xrefs: 00007FFE132256FB

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
API String ID: 1799206407-4111913120
Opcode ID: f4f8ca6e4fc1f669f841e132278fecc6c365d377e5f726a2308636182496b49a
Instruction ID: 2a25bc3466328c13f593130cfc1020b6f81a59c49f6e675ecf27ea88b3cc97f4
Opcode Fuzzy Hash: f4f8ca6e4fc1f669f841e132278fecc6c365d377e5f726a2308636182496b49a
Instruction Fuzzy Hash: F921BA50E4DD43CAFB346A5AB844779A1409FB0379FB085B2D50FA91F0DE2CEC85D642

Function 00007FFE11EC82D7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FFE11EC82E0
GetLastError.KERNEL32 ref: 00007FFE11EC8325

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11EC82FD
fs_path_exists, xrefs: 00007FFE11EC830B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC8312
(path != NULL), xrefs: 00007FFE11EC8304

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
API String ID: 1799206407-4111913120
Opcode ID: 5791759264d75a3a417900a43a506217477ce90d88af35a370718004647d8d75
Instruction ID: bdbfcf5ee682757445da6942159dfe1d88cd1ab64e0e33dc45ea36ca3933022f
Opcode Fuzzy Hash: 5791759264d75a3a417900a43a506217477ce90d88af35a370718004647d8d75
Instruction Fuzzy Hash: 6621E770E0CC9382FB2446DAAE48B7F91599F02735FA465B2E40E8A1F1CF5CFC859246

Function 00007FF7BACD6ED7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,?,?,?,?,?,00007FF7BACD1425), ref: 00007FF7BACD6EE0
GetLastError.KERNEL32(?,?,?,?,?,?,00007FF7BACD1425), ref: 00007FF7BACD6F25

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7BACD6F12
fs_path_exists, xrefs: 00007FF7BACD6F0B
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7BACD6EFD
(path != NULL), xrefs: 00007FF7BACD6F04

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
API String ID: 1799206407-4111913120
Opcode ID: a3926301e1c0742d2235a749b79f787c5beb0c834c74044c1e987ba9a7664592
Instruction ID: 32a8b0e0ce6ddfd8df68f618f35abfefa04a2c7a21b3f0326caebc9b2ec049f9
Opcode Fuzzy Hash: a3926301e1c0742d2235a749b79f787c5beb0c834c74044c1e987ba9a7664592
Instruction Fuzzy Hash: 7021B650E2C48386FB20765C945C37991915F32309FE459B2EFAEC99D9CE3CF8859262

Function 00007FFE126D47EA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE126D4812
WSAGetLastError.WS2_32 ref: 00007FFE126D482C

Strings

[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE126D4865
tcp_recv, xrefs: 00007FFE126D4846, 00007FFE126D485E, 00007FFE126D4883
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126D484D
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE126D488A

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: fc40e6edaa8fa7b1080357af52e10cb7cea27ec9b135f9fc78f50a74537f11a8
Instruction ID: d8d9a2b6924d63b6f2a7c24f9d2990bc8af4375195e88f1748505be17e0d367b
Opcode Fuzzy Hash: fc40e6edaa8fa7b1080357af52e10cb7cea27ec9b135f9fc78f50a74537f11a8
Instruction Fuzzy Hash: BC116A50E4CD8F82FA209767AC902B81250AF557F0F4113B0DCBD8A6F5EEDCE9568300

Function 00007FFE1150B4BA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE1150B4E2
WSAGetLastError.WS2_32 ref: 00007FFE1150B4FC

Strings

[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE1150B55A
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE1150B535
tcp_recv, xrefs: 00007FFE1150B516, 00007FFE1150B52E, 00007FFE1150B553
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1150B51D

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: 0e96e8ceabe4403754de825ae533e2122814fe55cf48ca520f1a4bc828f32c8d
Instruction ID: 59fcde386241d4ba033d88f6b88787e69fd55ee88f9f044b5ba0fd6e47bb3287
Opcode Fuzzy Hash: 0e96e8ceabe4403754de825ae533e2122814fe55cf48ca520f1a4bc828f32c8d
Instruction Fuzzy Hash: 65115164E0CE1791F7215B97A88167C125EAF067B4F5153F8DC3D876F2EE5CAA468300

Function 00007FFE13221C0A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE13221C32
WSAGetLastError.WS2_32 ref: 00007FFE13221C4C

Strings

[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE13221C85
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE13221CAA
tcp_recv, xrefs: 00007FFE13221C66, 00007FFE13221C7E, 00007FFE13221CA3
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE13221C6D

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: 76ea935c0bce3dd6aec93ac844d92415e9719370cc7bb794730bde63caadc0b7
Instruction ID: fdda6d77dac98894389c95f32b6be76e1ced30e4174b442a3a815c47f9edb7e3
Opcode Fuzzy Hash: 76ea935c0bce3dd6aec93ac844d92415e9719370cc7bb794730bde63caadc0b7
Instruction Fuzzy Hash: 26115B6CE0CD1649FA307717BC426B512406FF4BB4E6013B1D82DB66F6DE1CA546C301

Function 00007FFE1A452F1A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE1A452F42
WSAGetLastError.WS2_32 ref: 00007FFE1A452F5C

Strings

[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE1A452FBA
tcp_recv, xrefs: 00007FFE1A452F76, 00007FFE1A452F8E, 00007FFE1A452FB3
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A452F7D
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE1A452F95

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: ba4425752d638a4246313bb9637b71cb7cad2bd656f8008d4fc390104ada7b7c
Instruction ID: 8cab349bb5fea979eada7369b7f1960fcb33bc3997aa44f0f905e372d138b212
Opcode Fuzzy Hash: ba4425752d638a4246313bb9637b71cb7cad2bd656f8008d4fc390104ada7b7c
Instruction Fuzzy Hash: 3111BF92B0DE0351E5106757B8406B81260AF94FB4F4083F3F93D97AF1EE6CA922D700

Function 00007FFE11EC25AA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE11EC25D2
WSAGetLastError.WS2_32 ref: 00007FFE11EC25EC

Strings

[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE11EC264A
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE11EC2625
tcp_recv, xrefs: 00007FFE11EC2606, 00007FFE11EC261E, 00007FFE11EC2643
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE11EC260D

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: 0a37630b3d380bdfb3f3fd602d5d7a95be8cc216344c10ecf61644671f1c9a02
Instruction ID: c1234c4bba00ae3bf777ca1c4c50d7e5f42740b075ed20207bd49dda22ee1675
Opcode Fuzzy Hash: 0a37630b3d380bdfb3f3fd602d5d7a95be8cc216344c10ecf61644671f1c9a02
Instruction Fuzzy Hash: A5116A90F0CD5351EB20A7A6AC503BB1248AF107B0F8053B0D92E9AAF1EE1CF9068302

Function 00007FF7BACD2304 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,service,000002BAD3D813D0,00007FF7BACD2910), ref: 00007FF7BACD2312

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

GetLastError.KERNEL32(?,?,service,000002BAD3D813D0,00007FF7BACD2910), ref: 00007FF7BACD233E

Strings

module_load, xrefs: 00007FF7BACD2326, 00007FF7BACD234A
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FF7BACD2351
[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FF7BACD232D
service, xrefs: 00007FF7BACD2305

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load$service
API String ID: 4085810780-4145076245
Opcode ID: afa2715ad1d40dcdb6138738783ab23cee6b69dc419e77c1a9849a41664b9388
Instruction ID: 20c806460dff43d357d60df0ab5182029ad9a583b20075878c538fc4f2517c57
Opcode Fuzzy Hash: afa2715ad1d40dcdb6138738783ab23cee6b69dc419e77c1a9849a41664b9388
Instruction Fuzzy Hash: 2EF0E974E4A607A0FD61BB5DE8481B4A254AF77784FC800B1CE4C17B5CED2CB5429330

Function 00007FFE126D4BAE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE126D4BC0

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

net_init, xrefs: 00007FFE126D4BD1, 00007FFE126D4BF5
[I] (%s) -> %s, xrefs: 00007FFE126D4BD8
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE126D4BFF
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE126D4C14
Done, xrefs: 00007FFE126D4BCA

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: bab2e39ec6692b915c421a0e347685575d46c63aa9fb390bc6655246fc116005
Instruction ID: 66f462eb510a47152c703d3323b3e21163dcff52521dc65cc67adda6fa3a49cb
Opcode Fuzzy Hash: bab2e39ec6692b915c421a0e347685575d46c63aa9fb390bc6655246fc116005
Instruction Fuzzy Hash: 32F01D64B08D4BD2FB10EB12EC853F92350AF607A4F4401F6D45E4A5F5EEDDE5598700

Function 00007FFE1150B87E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE1150B890

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE1150B8CF
Done, xrefs: 00007FFE1150B89A
[I] (%s) -> %s, xrefs: 00007FFE1150B8A8
net_init, xrefs: 00007FFE1150B8A1, 00007FFE1150B8C5
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1150B8E4

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: 5867243fe78a8a9678cdcbe041f3a43d3773ff52e058a36803f4b046501692db
Instruction ID: a2aafd08f44e5e81993b0f93b815cef2ca437301e010f37a69017197128f2199
Opcode Fuzzy Hash: 5867243fe78a8a9678cdcbe041f3a43d3773ff52e058a36803f4b046501692db
Instruction Fuzzy Hash: F9F03A60F08D0391FB12AF52E8947F8232AEF153A4F4800BAD44D4A2B2EF5CE6498740

Function 00007FFE13221FCE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE13221FE0

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

net_init, xrefs: 00007FFE13221FF1, 00007FFE13222015
Done, xrefs: 00007FFE13221FEA
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE1322201F
[I] (%s) -> %s, xrefs: 00007FFE13221FF8
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE13222034

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: e148c1505a25f62cb7a05b63b51d8fd1f84f4de33bb0dfc63fbfd9e7fb4bd7dc
Instruction ID: da64f56b355b646484032f324aa8ea547dde2681b5f70a4c9d6f3325b86dd8e3
Opcode Fuzzy Hash: e148c1505a25f62cb7a05b63b51d8fd1f84f4de33bb0dfc63fbfd9e7fb4bd7dc
Instruction Fuzzy Hash: 4FF0F969A18D4699FB20B717FC443F55250AFF97A4F4440B2D80D761B6EE2DE649C700

Function 00007FFE1A4532DE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE1A4532F0

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

Strings

[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A453344
net_init, xrefs: 00007FFE1A453301, 00007FFE1A453325
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE1A45332F
[I] (%s) -> %s, xrefs: 00007FFE1A453308
Done, xrefs: 00007FFE1A4532FA

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: 2585bac7f94ac208da8aed220b95251551914fdb0870a766e68bdde5b4c7b006
Instruction ID: e1768f3548b32c91442fd5a2420493970ee3c15fa27d407145284440494cb77d
Opcode Fuzzy Hash: 2585bac7f94ac208da8aed220b95251551914fdb0870a766e68bdde5b4c7b006
Instruction Fuzzy Hash: BCF049A0B49D0281FB10AB12E8403F82370AF90FB4F8444F3D41D4B5B2EE6DE569C310

Function 00007FFE102462FE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE10246310

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE1024634F
Done, xrefs: 00007FFE1024631A
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE10246364
net_init, xrefs: 00007FFE10246321, 00007FFE10246345
[I] (%s) -> %s, xrefs: 00007FFE10246328

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: 7f8974921c108dd6a4f51004028284d201da0f61c2f87654e5b1ad4d1f08ae34
Instruction ID: a1654836ba1f4f93d476cb0c0b525dceaeaca95bddb653be3076083c5911d585
Opcode Fuzzy Hash: 7f8974921c108dd6a4f51004028284d201da0f61c2f87654e5b1ad4d1f08ae34
Instruction Fuzzy Hash: 7BF03C90A09C46D1FB209B12E8483F55A506FC8764F4400B6DB0D873B3AE5DE558C300

Function 00007FFE11EC296E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE11EC2980

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

net_init, xrefs: 00007FFE11EC2991, 00007FFE11EC29B5
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE11EC29BF
Done, xrefs: 00007FFE11EC298A
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11EC29D4
[I] (%s) -> %s, xrefs: 00007FFE11EC2998

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: e3dde975791e3de8b401d5cfbee0aeead71d3cb9e73e6ec49a542f101dd95df3
Instruction ID: c930110f3009d4a667ed1e1bda237866eab9658782d227b5580edf3fb375176b
Opcode Fuzzy Hash: e3dde975791e3de8b401d5cfbee0aeead71d3cb9e73e6ec49a542f101dd95df3
Instruction Fuzzy Hash: 4AF017A1B0DE4391FF109B97EC453F62318AF107A4F8424B2D80E4A2B6EE2CE5498720

Function 00007FF7BACD14EF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7BACD1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7BACD162F), ref: 00007FF7BACD1FEE

_mbscpy.MSVCRT ref: 00007FF7BACD155C

Part of subcall function 00007FF7BACD13CD: strlen.MSVCRT ref: 00007FF7BACD13D8
Part of subcall function 00007FF7BACD13CD: strlen.MSVCRT ref: 00007FF7BACD13F4
Part of subcall function 00007FF7BACD13CD: strlen.MSVCRT ref: 00007FF7BACD1400

Strings

[I] (%s) -> Done(pkg_path=%s,tgt_path=%s), xrefs: 00007FF7BACD1605
[E] (%s) -> Failed(pkg_path=%s,tgt_path=%s,err=%08x), xrefs: 00007FF7BACD1595
service, xrefs: 00007FF7BACD14F0
package_install, xrefs: 00007FF7BACD158E, 00007FF7BACD15FE

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: strlen$HandleModule_mbscpy
String ID: [E] (%s) -> Failed(pkg_path=%s,tgt_path=%s,err=%08x)$[I] (%s) -> Done(pkg_path=%s,tgt_path=%s)$package_install$service
API String ID: 3656010895-1379287937
Opcode ID: 243bcceac2b2cf495365e14ed80776c3980eeb34683763cf197341da1b5c127a
Instruction ID: dcbe5fc0ea45ad07b6185f76493258af2cbe588ab5a829480588015131023842
Opcode Fuzzy Hash: 243bcceac2b2cf495365e14ed80776c3980eeb34683763cf197341da1b5c127a
Instruction Fuzzy Hash: 9C31953260CA8791FB60BB58E4883E9A351EBA6344FD01472EB8E4768DEE7DD505C750

Function 00007FFE126D3D83 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE126D3DA3

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

GetLastError.KERNEL32 ref: 00007FFE126D3DD6

Strings

[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE126D3DC3
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE126D3DED
module_get_proc, xrefs: 00007FFE126D3DBC, 00007FFE126D3DE6

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 841548102f0441e2b449492bf23c60b6e7a9478fbae2933be7f6227edc1bcd85
Instruction ID: 1b2b96bc154280881e2ab5a7af7af2aa6a88ef47cb4187e08c9338cfa02beba8
Opcode Fuzzy Hash: 841548102f0441e2b449492bf23c60b6e7a9478fbae2933be7f6227edc1bcd85
Instruction Fuzzy Hash: 27F06D90A09B8A92FA518B47AC015B967116F84BE4F1840B1DC8C0BBE5EEACA5568B00

Function 00007FFE1150BBE3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE1150BC03

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

GetLastError.KERNEL32 ref: 00007FFE1150BC36

Strings

[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE1150BC23
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE1150BC4D
module_get_proc, xrefs: 00007FFE1150BC1C, 00007FFE1150BC46

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: fafc799aa92d9d60547a22b758ba0d3b5ae50fba84d732ef87da3ca2ea9f435e
Instruction ID: b4665eb7d5bf7c9b333cabbcc54a0b4b50e5e46566550dc777c0ab7d9078823f
Opcode Fuzzy Hash: fafc799aa92d9d60547a22b758ba0d3b5ae50fba84d732ef87da3ca2ea9f435e
Instruction Fuzzy Hash: D4F08691A0DF4791FB524B87E8401A9536A7F04BF5F4841B5DC4D077B5EE6CD6468300

Function 00007FFE132276B3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE132276D3

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

GetLastError.KERNEL32 ref: 00007FFE13227706

Strings

[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE132276F3
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE1322771D
module_get_proc, xrefs: 00007FFE132276EC, 00007FFE13227716

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 3eb3fec21974d1c33607cd9f0875c61634fd29d425503903a865395fab3e12b1
Instruction ID: a35ac7f2ec86a6dd66502398595143512d0fdda740bb28caceaf081be69fafcd
Opcode Fuzzy Hash: 3eb3fec21974d1c33607cd9f0875c61634fd29d425503903a865395fab3e12b1
Instruction Fuzzy Hash: 45F0AD90A0DE0389FE62670BBC002B59251AFE8BE4F1880B1CC4D6B7B5EF2CA542D300

Function 00007FFE1A455123 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE1A455143

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

GetLastError.KERNEL32 ref: 00007FFE1A455176

Strings

module_get_proc, xrefs: 00007FFE1A45515C, 00007FFE1A455186
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE1A45518D
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE1A455163

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: dd80609e35f32fcee8c8c732da1e7394ae43990534841add2fd081b06968f394
Instruction ID: e6e376b8083a313f809dcaa3103c8cf13c6aacf133c8b774b69b88c776d893f9
Opcode Fuzzy Hash: dd80609e35f32fcee8c8c732da1e7394ae43990534841add2fd081b06968f394
Instruction Fuzzy Hash: 8BF06D90F09B4782FA15AB5BA8006B957616F44FE4F1840F3DD6E4B7B9EE2CA5668300

Function 00007FFE102429B3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE102429D3

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

GetLastError.KERNEL32 ref: 00007FFE10242A06

Strings

[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE10242A1D
module_get_proc, xrefs: 00007FFE102429EC, 00007FFE10242A16
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE102429F3

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: d6f635ec5a0df26ccf6e6996869f1d90831f24c58e261922a5a0457e10abdacb
Instruction ID: 7da05196de2f9ce015e5f45b19a14c5a65559a9f6eb265ed910eaae36c3050e1
Opcode Fuzzy Hash: d6f635ec5a0df26ccf6e6996869f1d90831f24c58e261922a5a0457e10abdacb
Instruction Fuzzy Hash: 1AF0AD90B09A5381FA158B47E8001E6AA216FC4BF8F4840B1DF0C4B7B6FE2DA56AC304

Function 00007FFE11EC4D73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE11EC4D93

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

GetLastError.KERNEL32 ref: 00007FFE11EC4DC6

Strings

[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE11EC4DDD
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE11EC4DB3
module_get_proc, xrefs: 00007FFE11EC4DAC, 00007FFE11EC4DD6

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 0279ee0fba7c6e178516fd32448990f9dbb55b2387454419a162d72c715561de
Instruction ID: cd190a78cc78940587662a6f917e353ebeeae1a993397093ebc04b5e94364ed8
Opcode Fuzzy Hash: 0279ee0fba7c6e178516fd32448990f9dbb55b2387454419a162d72c715561de
Instruction Fuzzy Hash: 8BF08150A09E5352FF119BD7AD006A767696F04BE0F8855B1DD4D0B7B4EE2CE5468300

Function 00007FF7BACD2283 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?,00000000,000002BAD3D813D0,?,00007FF7BACD292B), ref: 00007FF7BACD22A3

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

GetLastError.KERNEL32(?,?,00000000,000002BAD3D813D0,?,00007FF7BACD292B), ref: 00007FF7BACD22D6

Strings

[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FF7BACD22C3
module_get_proc, xrefs: 00007FF7BACD22BC, 00007FF7BACD22E6
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FF7BACD22ED

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 1fc9960f30abe22bcb097999b6fdb8156779ff557b7e3ad85cbb521ca77be5c5
Instruction ID: 68955a5ac44da5bcf8b15e2509ea1159b75cbde148c44a100edfef685a9de5e3
Opcode Fuzzy Hash: 1fc9960f30abe22bcb097999b6fdb8156779ff557b7e3ad85cbb521ca77be5c5
Instruction Fuzzy Hash: 87F0D661A49647A1FA517B4DF8082B5D255BF76BD0F844071DE8C0BB5DEE2CE542A320

Function 00007FFE126D3E04 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE126D3E12

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

GetLastError.KERNEL32 ref: 00007FFE126D3E3E

Strings

[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE126D3E2D
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE126D3E51
module_load, xrefs: 00007FFE126D3E26, 00007FFE126D3E4A

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 5fddbdf422b911f2cfa20be25fea559564566e4750bc4449b058397c527fc971
Instruction ID: 6fff45a808bb1a81469a3a777170e3e1a1d2dfa2c2ccb0d1f64d1185cdab0659
Opcode Fuzzy Hash: 5fddbdf422b911f2cfa20be25fea559564566e4750bc4449b058397c527fc971
Instruction Fuzzy Hash: F2F05850E0AE8F92FE55E76BAC408B412506F44BB0B4805F2CC4D1A7F5EEECA99A8300

Function 00007FFE1150BC64 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE1150BC72

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

GetLastError.KERNEL32 ref: 00007FFE1150BC9E

Strings

[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE1150BCB1
module_load, xrefs: 00007FFE1150BC86, 00007FFE1150BCAA
[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE1150BC8D

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 697fd883e4c98c3a111c703db0c1e2690921e3af5536f40dc2a3e64cf62ec6d9
Instruction ID: e4343cef7585882ab76bc06dbbd6aab6aabd1295e0c8134ca3afff971ccaf231
Opcode Fuzzy Hash: 697fd883e4c98c3a111c703db0c1e2690921e3af5536f40dc2a3e64cf62ec6d9
Instruction Fuzzy Hash: 79F08265E0DE4791FF52AB97F8904B81369AF19BB5F4804F5CC0D17B71EE5CA6858300

Function 00007FFE13227734 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE13227742

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

GetLastError.KERNEL32 ref: 00007FFE1322776E

Strings

module_load, xrefs: 00007FFE13227756, 00007FFE1322777A
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE13227781
[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE1322775D

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 2d904e0336c752fe2b4ec070d29754f63c154fb52a4c8fd111e034c049b23102
Instruction ID: 4b2ab46a27879a7da7d6ad28544922ad37eb48a3eaa94028baccab3bb98353ed
Opcode Fuzzy Hash: 2d904e0336c752fe2b4ec070d29754f63c154fb52a4c8fd111e034c049b23102
Instruction Fuzzy Hash: 8AF03A54A0EE0788FE61B75FBC408B452506FF9BA4F4955B1C80D36376EE2CA586C300

Function 00007FFE1A4551A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE1A4551B2

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

GetLastError.KERNEL32 ref: 00007FFE1A4551DE

Strings

[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE1A4551F1
[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE1A4551CD
module_load, xrefs: 00007FFE1A4551C6, 00007FFE1A4551EA

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 510dd79922be8292572f51b1a03c4048553ca2c394016cbcf0cbdc80bd490f0b
Instruction ID: ea48477884a7cb98cd2fb153a6561f8532630acffbfd867b04848d83246a56d6
Opcode Fuzzy Hash: 510dd79922be8292572f51b1a03c4048553ca2c394016cbcf0cbdc80bd490f0b
Instruction Fuzzy Hash: 48F03A90F0AF0750EA11A76BA8405B026606F15FE4B4804F3CD1E57775FD2CA9A68350

Function 00007FFE10242A34 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE10242A42

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

GetLastError.KERNEL32 ref: 00007FFE10242A6E

Strings

[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE10242A5D
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE10242A81
module_load, xrefs: 00007FFE10242A56, 00007FFE10242A7A

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: ec556a9ea55f9255c441b329aff869bbd06fcc73dad67f2e20d2d58b0e07e6e5
Instruction ID: e4b5cb0212b8b0f9851376f9231c6a3e0afdb657405614741284d66192a2e6ed
Opcode Fuzzy Hash: ec556a9ea55f9255c441b329aff869bbd06fcc73dad67f2e20d2d58b0e07e6e5
Instruction Fuzzy Hash: 36F09A90B0AE1781F9519B17A8414E86E106F89BB4F8800B1CF0C97373FD9CA5AAC300

Function 00007FFE11EC4DF4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE11EC4E02

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

GetLastError.KERNEL32 ref: 00007FFE11EC4E2E

Strings

[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE11EC4E1D
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE11EC4E41
module_load, xrefs: 00007FFE11EC4E16, 00007FFE11EC4E3A

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 5fbb28a5f4c7af40752bc095f375c462acbc214c46beb02d6261729f1a54ccff
Instruction ID: b61386176c2584c8444e8ee932afc73a2809ceb6fea62dbf1d27c2ecf3099d5e
Opcode Fuzzy Hash: 5fbb28a5f4c7af40752bc095f375c462acbc214c46beb02d6261729f1a54ccff
Instruction Fuzzy Hash: 05F05E10E0EE5794EF11ABEBAC406B217685F05BA4F8864B1DD0D1B7B5FD1CB5868740

Function 00007FFE11505DD0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 50stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE11505192: RegOpenKeyExA.ADVAPI32 ref: 00007FFE115051EC

strlen.MSVCRT ref: 00007FFE11505E22
strcmp.MSVCRT ref: 00007FFE11505E57

Strings

SYSTEM\CurrentControlSet\Services\TermService\Parameters, xrefs: 00007FFE11505E00
termsrv.dll, xrefs: 00007FFE11505E50
ServiceDll, xrefs: 00007FFE11505DF9

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Openstrcmpstrlen
String ID: SYSTEM\CurrentControlSet\Services\TermService\Parameters$ServiceDll$termsrv.dll
API String ID: 679246061-1413152910
Opcode ID: a669b3e55fb7fbdb9034081471d1f4139a13afc1e2d4e3c1df5cfdd1dd9f6d6b
Instruction ID: fd8d6ac1599e3906aa63dae4fad54b6c528548ee8e63835cb8c2839677fdd835
Opcode Fuzzy Hash: a669b3e55fb7fbdb9034081471d1f4139a13afc1e2d4e3c1df5cfdd1dd9f6d6b
Instruction Fuzzy Hash: E2217271A1CE8394EB319752A8803FE6359EF50368F8440B6E6DD465B9DF3CDA49C700

Function 00007FFE126D3FD9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE126D3FFF
WSAGetLastError.WS2_32 ref: 00007FFE126D401D

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

sock_set_blocking, xrefs: 00007FFE126D402D
[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126D4034

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: 997ea10e0a0afaa560f16a201e8a6b0979890f832b0c0f9fc0be994573b025cc
Instruction ID: fbc918217d8ac7550a4f5dabd8ecba86b9fd5886864228cce339df898eec9984
Opcode Fuzzy Hash: 997ea10e0a0afaa560f16a201e8a6b0979890f832b0c0f9fc0be994573b025cc
Instruction Fuzzy Hash: BDF09661F0CA4A83F710976BAC001B95660EB947B8F5481B1EC6DC77F4EDBCE84A8B01

Function 00007FFE1150ACA9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE1150ACCF
WSAGetLastError.WS2_32 ref: 00007FFE1150ACED

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1150AD04
sock_set_blocking, xrefs: 00007FFE1150ACFD

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: a1b16873526868662f2b8e44185e2007aaa97beb29f34de54a1bb7cc9e5aaaa1
Instruction ID: 7b48cc1ceb76bd9f9795f171d2bfc123979f3096147873b0a23483c5ecb9b641
Opcode Fuzzy Hash: a1b16873526868662f2b8e44185e2007aaa97beb29f34de54a1bb7cc9e5aaaa1
Instruction Fuzzy Hash: 06F06261F0CD0297F3505BABA8001A96668BB947B4F118375EC2E837B5EE7C9946C701

Function 00007FFE132213F9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE1322141F
WSAGetLastError.WS2_32 ref: 00007FFE1322143D

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE13221454
sock_set_blocking, xrefs: 00007FFE1322144D

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: b354aedee55958963019c6122c39cc69e1555e929ecb80dac140b4e119317628
Instruction ID: 5593005df048fb39d5df83bab265a827e635958a619582207ea4eb6f690381a5
Opcode Fuzzy Hash: b354aedee55958963019c6122c39cc69e1555e929ecb80dac140b4e119317628
Instruction Fuzzy Hash: 2CF04F65B08D028AF320676BBC005A55560AFE4BB4F6082B1ED5DA77B4EE7CE946C700

Function 00007FFE1A452709 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE1A45272F
WSAGetLastError.WS2_32 ref: 00007FFE1A45274D

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

Strings

[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A452764
sock_set_blocking, xrefs: 00007FFE1A45275D

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: 135a6f05bdc116822d5e610c2f15010f3701e696d6330d2acb47104c4ec000a3
Instruction ID: eb8133894a8324ec783c52aeba32cf9865608eea71a609a8709409581a3e0231
Opcode Fuzzy Hash: 135a6f05bdc116822d5e610c2f15010f3701e696d6330d2acb47104c4ec000a3
Instruction Fuzzy Hash: DDF068E1F08D0246F7106727A4005B55270AB94FB4F1481F3ED2D537B4DD3C99568701

Function 00007FFE10245729 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE1024574F
WSAGetLastError.WS2_32 ref: 00007FFE1024576D

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

sock_set_blocking, xrefs: 00007FFE1024577D
[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE10245784

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: 72c6b5354f39e4f60dc1d2ca6b54408bdd8efb7eb36cfdec92208a0580954f27
Instruction ID: a4c4394170df1a6a09e99c0f42454aa798263eb7a26d00a7d6a4458467bc9154
Opcode Fuzzy Hash: 72c6b5354f39e4f60dc1d2ca6b54408bdd8efb7eb36cfdec92208a0580954f27
Instruction Fuzzy Hash: 51F06861B18A12C6F3105727A8401AA6A60ABD4BB4F144171EE6DC77B7EE7C9946C701

Function 00007FFE11EC1D99 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE11EC1DBF
WSAGetLastError.WS2_32 ref: 00007FFE11EC1DDD

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

sock_set_blocking, xrefs: 00007FFE11EC1DED
[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11EC1DF4

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: 2d33a153289c306b5fce3851330099b23ac3c9fe11635c37375803fd0bd15f23
Instruction ID: c3059832a71ca8f3b37614c4c8419c76f4f62a31cc914f441e6dc103e457814d
Opcode Fuzzy Hash: 2d33a153289c306b5fce3851330099b23ac3c9fe11635c37375803fd0bd15f23
Instruction Fuzzy Hash: FFF0FC65F0CD4382F710AB9BAC002B75664AB84774F505171ED2D433F4DE3CE8468701

Function 00007FFE126D410A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE126D413A
WSAGetLastError.WS2_32 ref: 00007FFE126D4151

Strings

[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126D4168
tcp_set_nodelay, xrefs: 00007FFE126D4161

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: 2def49b3e8dde4bc52cc6a915181034d1c7b828b8fc5a8572d795ea2fbbfeffa
Instruction ID: c6564845dc5e21386c5c28fcf1e322fc16817f54ec005f5f4b35ca4535875068
Opcode Fuzzy Hash: 2def49b3e8dde4bc52cc6a915181034d1c7b828b8fc5a8572d795ea2fbbfeffa
Instruction Fuzzy Hash: E6F09661B1894686F7109B27AC045BA6660EB987B4F148271ED6D837F8DEBCD949C700

Function 00007FFE1150ADDA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1150AE0A
WSAGetLastError.WS2_32 ref: 00007FFE1150AE21

Strings

[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1150AE38
tcp_set_nodelay, xrefs: 00007FFE1150AE31

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: bb85fe7d9bbd166f945c4a08f9790791af09f0990742d847ed14dacead1f49e5
Instruction ID: 0adf58bc627a9dd790d5a8de38f09fbbdc452e3e6d2703aaa213675387d4b633
Opcode Fuzzy Hash: bb85fe7d9bbd166f945c4a08f9790791af09f0990742d847ed14dacead1f49e5
Instruction Fuzzy Hash: 8DF02B71B0C9428AF3105F67B8001AA2665AB88770F008375ED1D83BB4DF7CD949CB00

Function 00007FFE1322152A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1322155A
WSAGetLastError.WS2_32 ref: 00007FFE13221571

Strings

[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE13221588
tcp_set_nodelay, xrefs: 00007FFE13221581

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: 57e81dc25d0e2735cd4f3f4553f12b00c4549c20b6b19b168c977355f186c27b
Instruction ID: d61ecf7a0446121ec8eb3cd3ad1e95fecaeb7c63b1900d4777987dcfda5592cc
Opcode Fuzzy Hash: 57e81dc25d0e2735cd4f3f4553f12b00c4549c20b6b19b168c977355f186c27b
Instruction Fuzzy Hash: 29F09C65A0C9428DF3206F17BC005A55660AFE8774F1082B1ED5DA37B4DF7CD545C700

Function 00007FFE1A45283A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1A45286A
WSAGetLastError.WS2_32 ref: 00007FFE1A452881

Strings

[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A452898
tcp_set_nodelay, xrefs: 00007FFE1A452891

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: 6f296f5ef29b4410b5240992c365a66909ad1a2542281a2a36cd03236096ca54
Instruction ID: 631307848caffcb4ed937b8a1a3f7f1b0d882e64e8a516b66d6a5fdc4a73c202
Opcode Fuzzy Hash: 6f296f5ef29b4410b5240992c365a66909ad1a2542281a2a36cd03236096ca54
Instruction Fuzzy Hash: 7BF09CA1B0890246E3106B57B8005B55670FB94BB5F4482B7ED6D837B4DE7CD956CB00

Function 00007FFE1024585A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1024588A
WSAGetLastError.WS2_32 ref: 00007FFE102458A1

Strings

tcp_set_nodelay, xrefs: 00007FFE102458B1
[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE102458B8

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: a117d3b95be01c1d26287a382867f1caf9ae502f2f2b167c9d15ce388bd83f4f
Instruction ID: a18bcc63e48f795767897db361da633e24d01c4671178657a705d1ae5d27fd7f
Opcode Fuzzy Hash: a117d3b95be01c1d26287a382867f1caf9ae502f2f2b167c9d15ce388bd83f4f
Instruction Fuzzy Hash: 47F0F6A1A0891286F3105B17B8042A66A61ABC8770F0442B5FF6DC3BF7DF7CD989CB00

Function 00007FFE11EC1ECA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE11EC1EFA
WSAGetLastError.WS2_32 ref: 00007FFE11EC1F11

Strings

tcp_set_nodelay, xrefs: 00007FFE11EC1F21
[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11EC1F28

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: a7b5a3e27d61408e24ef4262097601e5cd0ffd2068a5939ebe3b84e33d613beb
Instruction ID: cb2a71b02602d0ab2c0e725a7831b0356faab133829673c196dbf2f364ce400f
Opcode Fuzzy Hash: a7b5a3e27d61408e24ef4262097601e5cd0ffd2068a5939ebe3b84e33d613beb
Instruction Fuzzy Hash: 6CF0F6A2B0C94286F7109BABAC006A76664EB84774F445271EE6D837F4DF3CD546C700

Function 00007FFE13221596 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE132215BE
WSAGetLastError.WS2_32 ref: 00007FFE132215D5

Strings

[E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE132215EC
tcp_set_keepalive, xrefs: 00007FFE132215E5

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_keepalive
API String ID: 1729277954-536111009
Opcode ID: 83077c85c346e4cc9edd0ec430fc601c2b0a2a9c7ae86faeb29d9e23a9128367
Instruction ID: 8ba155dd722f38b90a82489187d25bb9daacaf59d3c5a6ae8137a9542f7de18c
Opcode Fuzzy Hash: 83077c85c346e4cc9edd0ec430fc601c2b0a2a9c7ae86faeb29d9e23a9128367
Instruction Fuzzy Hash: F4F09661A1C9428DF3206B17B800565A660AFE87B4F1082B1E96DA37B4DE3CD549CB00

Function 00007FFE1322B182 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 70stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FFE1322B1BB
strchr.MSVCRT ref: 00007FFE1322B1F2

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

sam3_recv_rsp, xrefs: 00007FFE1322B221
[D] (%s) -> %s, xrefs: 00007FFE1322B228

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: fflushfwritememsetstrchr
String ID: [D] (%s) -> %s$sam3_recv_rsp
API String ID: 3817172176-4292814133
Opcode ID: 2227c43b3338bd450b4eae028e79698311915104578b8c364eb7ae355b9b6c9a
Instruction ID: 581eef5082f989ba1fc35c9584c09778c025f12c0292cb72e9f30b36b9af39b4
Opcode Fuzzy Hash: 2227c43b3338bd450b4eae028e79698311915104578b8c364eb7ae355b9b6c9a
Instruction Fuzzy Hash: AA21AE11B0CF4649FA35756BAC1437D55404FA6BB4E1843B0EE7D6ABE1DE2CA481D341

Function 00007FFE1150A250 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE1150A289
LeaveCriticalSection.KERNEL32 ref: 00007FFE1150A30B

Strings

ebus_dispatch, xrefs: 00007FFE1150A2EF
[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE1150A2F6

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: ec7771e1e83ac3cc9bd1e3336a2124f394ccde0f83b3c0cf51d2ad677df23565
Instruction ID: 38c0cacfbadb942daf38755e26697fd5eda955bc85a06557e815c65f6d44d3ea
Opcode Fuzzy Hash: ec7771e1e83ac3cc9bd1e3336a2124f394ccde0f83b3c0cf51d2ad677df23565
Instruction Fuzzy Hash: D4215E32A08E82C1EB618F96E84016D73A9FB54BA4F184275DE8D47BB8DF3CE841C700

Function 00007FFE13225F90 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE13225FC9
LeaveCriticalSection.KERNEL32 ref: 00007FFE1322604B

Strings

[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE13226036
ebus_dispatch, xrefs: 00007FFE1322602F

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: 0d2c5e85bbeec01ed5dbfb1c4b04cb0874fbcf1eb32e2e4c82c4743cf51419ed
Instruction ID: a3db5600d691aecb1211b00a7d296438a4ad0e50d1e99d6a515540998d02c271
Opcode Fuzzy Hash: 0d2c5e85bbeec01ed5dbfb1c4b04cb0874fbcf1eb32e2e4c82c4743cf51419ed
Instruction Fuzzy Hash: E0213E32A08E46C9E760AF16F880169A360FBE8BB4F148171DA5E676B4DF3CE855C700

Function 00007FFE10241290 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE102412C9
LeaveCriticalSection.KERNEL32 ref: 00007FFE1024134B

Strings

ebus_dispatch, xrefs: 00007FFE1024132F
[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE10241336

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: a54e1ac1fbeda3552c73b3bf99aa8b967ebb31501520f89eb189004cd740223f
Instruction ID: 923a425b5dc2b19c2f2d099aaddc3e99a46db9e109d9e1d1b963e331541dd8df
Opcode Fuzzy Hash: a54e1ac1fbeda3552c73b3bf99aa8b967ebb31501520f89eb189004cd740223f
Instruction Fuzzy Hash: C8212C72A09E42C2EB64DF16E8402697B60EB84BB4F144171DB5D877B5DF3CD856C700

Function 00007FFE11EC1290 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE11EC12C9
LeaveCriticalSection.KERNEL32 ref: 00007FFE11EC134B

Strings

[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE11EC1336
ebus_dispatch, xrefs: 00007FFE11EC132F

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: 7f831e8638b2e21ef89d0a88fef1dfe03948884cf0943f83d1e1e332d764cd1f
Instruction ID: d1802466f999ca27a23f750e49e627106a8b5deefce7c3fd6ad3e9a0a0182231
Opcode Fuzzy Hash: 7f831e8638b2e21ef89d0a88fef1dfe03948884cf0943f83d1e1e332d764cd1f
Instruction Fuzzy Hash: 59215132A08E42C1EB14DF97EC4026A67A8FB45BA4F545275DA5D877B4DF3CE851C700

Function 00007FF7BACD53E6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 4baa850ea32367f99f564dbd85c6b8d89eb68a121a44affb4fcb460d545b763e
Instruction ID: 243c65e8020480ae8509c53fd5f560e332456d1ca163a5e0c9912908f509b8db
Opcode Fuzzy Hash: 4baa850ea32367f99f564dbd85c6b8d89eb68a121a44affb4fcb460d545b763e
Instruction Fuzzy Hash: 38F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F990A6D9BE3EAC969220

Function 00007FF7BACD53DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1fa99dbfe3c0ae3303e941b713d6245083e29630d68c19c4364f68e429e4d30a
Instruction ID: ec380cc5c285f19dc7ed61e440c195cd0d550a018cbe7623b2d27e2da0ef7fda
Opcode Fuzzy Hash: 1fa99dbfe3c0ae3303e941b713d6245083e29630d68c19c4364f68e429e4d30a
Instruction Fuzzy Hash: 15F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F9D0A6D9BE3EAC969220

Function 00007FF7BACD53D2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 47be94292563895e537d5cde29b61123ba99bab4bc184283351cc113b9d5a01b
Instruction ID: 919015c4e7133e443f385b4e4556740eaa103b65cd24d4843d02912b9576e7a9
Opcode Fuzzy Hash: 47be94292563895e537d5cde29b61123ba99bab4bc184283351cc113b9d5a01b
Instruction Fuzzy Hash: BEF05463B0810651FD53BA0CB4457B992421F723B5F8D09B28F990B6D9BE3EAC969220

Function 00007FF7BACD53C8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 2796a4fda047bc9d9d8d2092542dfd42e2adf876a0c4b6754514bb1db6429f31
Instruction ID: 73d68e883f5c849d07aa08f80aa4878cd88439adaca888265e8e5d4e14520d54
Opcode Fuzzy Hash: 2796a4fda047bc9d9d8d2092542dfd42e2adf876a0c4b6754514bb1db6429f31
Instruction Fuzzy Hash: D1F05B53B0810655FD53BA0CB44477991421F72375F8D09B28F990A6D9BE3DAC969210

Function 00007FF7BACD53BE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: fb890878b09f2417daf7a18940c6da63fc9dd87647a05d628e5655eae9bb3537
Instruction ID: 144ff9696bddf674486843b26727b8c85d75b127c2bd5cffa83802367e29f833
Opcode Fuzzy Hash: fb890878b09f2417daf7a18940c6da63fc9dd87647a05d628e5655eae9bb3537
Instruction Fuzzy Hash: 4AF05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F9D0A6D9BE3EAC969220

Function 00007FF7BACD51F2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 2796a4fda047bc9d9d8d2092542dfd42e2adf876a0c4b6754514bb1db6429f31
Instruction ID: 73d68e883f5c849d07aa08f80aa4878cd88439adaca888265e8e5d4e14520d54
Opcode Fuzzy Hash: 2796a4fda047bc9d9d8d2092542dfd42e2adf876a0c4b6754514bb1db6429f31
Instruction Fuzzy Hash: D1F05B53B0810655FD53BA0CB44477991421F72375F8D09B28F990A6D9BE3DAC969210

Function 00007FF7BACD51E8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: fb890878b09f2417daf7a18940c6da63fc9dd87647a05d628e5655eae9bb3537
Instruction ID: 144ff9696bddf674486843b26727b8c85d75b127c2bd5cffa83802367e29f833
Opcode Fuzzy Hash: fb890878b09f2417daf7a18940c6da63fc9dd87647a05d628e5655eae9bb3537
Instruction Fuzzy Hash: 4AF05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F9D0A6D9BE3EAC969220

Function 00007FF7BACD5210 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 4baa850ea32367f99f564dbd85c6b8d89eb68a121a44affb4fcb460d545b763e
Instruction ID: 243c65e8020480ae8509c53fd5f560e332456d1ca163a5e0c9912908f509b8db
Opcode Fuzzy Hash: 4baa850ea32367f99f564dbd85c6b8d89eb68a121a44affb4fcb460d545b763e
Instruction Fuzzy Hash: 38F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F990A6D9BE3EAC969220

Function 00007FF7BACD5206 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1fa99dbfe3c0ae3303e941b713d6245083e29630d68c19c4364f68e429e4d30a
Instruction ID: ec380cc5c285f19dc7ed61e440c195cd0d550a018cbe7623b2d27e2da0ef7fda
Opcode Fuzzy Hash: 1fa99dbfe3c0ae3303e941b713d6245083e29630d68c19c4364f68e429e4d30a
Instruction Fuzzy Hash: 15F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F9D0A6D9BE3EAC969220

Function 00007FF7BACD51FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 47be94292563895e537d5cde29b61123ba99bab4bc184283351cc113b9d5a01b
Instruction ID: 919015c4e7133e443f385b4e4556740eaa103b65cd24d4843d02912b9576e7a9
Opcode Fuzzy Hash: 47be94292563895e537d5cde29b61123ba99bab4bc184283351cc113b9d5a01b
Instruction Fuzzy Hash: BEF05463B0810651FD53BA0CB4457B992421F723B5F8D09B28F990B6D9BE3EAC969220

Function 00007FF7BACD51B1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 47be94292563895e537d5cde29b61123ba99bab4bc184283351cc113b9d5a01b
Instruction ID: 919015c4e7133e443f385b4e4556740eaa103b65cd24d4843d02912b9576e7a9
Opcode Fuzzy Hash: 47be94292563895e537d5cde29b61123ba99bab4bc184283351cc113b9d5a01b
Instruction Fuzzy Hash: BEF05463B0810651FD53BA0CB4457B992421F723B5F8D09B28F990B6D9BE3EAC969220

Function 00007FF7BACD51A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 2796a4fda047bc9d9d8d2092542dfd42e2adf876a0c4b6754514bb1db6429f31
Instruction ID: 73d68e883f5c849d07aa08f80aa4878cd88439adaca888265e8e5d4e14520d54
Opcode Fuzzy Hash: 2796a4fda047bc9d9d8d2092542dfd42e2adf876a0c4b6754514bb1db6429f31
Instruction Fuzzy Hash: D1F05B53B0810655FD53BA0CB44477991421F72375F8D09B28F990A6D9BE3DAC969210

Function 00007FF7BACD519D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: fb890878b09f2417daf7a18940c6da63fc9dd87647a05d628e5655eae9bb3537
Instruction ID: 144ff9696bddf674486843b26727b8c85d75b127c2bd5cffa83802367e29f833
Opcode Fuzzy Hash: fb890878b09f2417daf7a18940c6da63fc9dd87647a05d628e5655eae9bb3537
Instruction Fuzzy Hash: 4AF05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F9D0A6D9BE3EAC969220

Function 00007FF7BACD55CB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 7ff4f935a0e7efc509331f44364ecea8fb99d43b10d137736ca2d1964f8f1081
Instruction ID: 22861003e376fe72eed57583a681a6b7125b7a1b64abe501e3246b873d8e1ae7
Opcode Fuzzy Hash: 7ff4f935a0e7efc509331f44364ecea8fb99d43b10d137736ca2d1964f8f1081
Instruction Fuzzy Hash: CFF05B53B0810651FD53BA0CB44477991421F72364F8D09B28F9D0B6D9BE3DAC969210

Function 00007FF7BACD51C5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 4baa850ea32367f99f564dbd85c6b8d89eb68a121a44affb4fcb460d545b763e
Instruction ID: 243c65e8020480ae8509c53fd5f560e332456d1ca163a5e0c9912908f509b8db
Opcode Fuzzy Hash: 4baa850ea32367f99f564dbd85c6b8d89eb68a121a44affb4fcb460d545b763e
Instruction Fuzzy Hash: 38F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F990A6D9BE3EAC969220

Function 00007FF7BACD51BB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1fa99dbfe3c0ae3303e941b713d6245083e29630d68c19c4364f68e429e4d30a
Instruction ID: ec380cc5c285f19dc7ed61e440c195cd0d550a018cbe7623b2d27e2da0ef7fda
Opcode Fuzzy Hash: 1fa99dbfe3c0ae3303e941b713d6245083e29630d68c19c4364f68e429e4d30a
Instruction Fuzzy Hash: 15F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F9D0A6D9BE3EAC969220

Function 00007FF7BACD555C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 9303b2e73d1f21f3a53bf0e74cb2595b6792b49952dc4c628fb5bbef4c6401bd
Instruction ID: 7429711888b8113e56f8c9459e243e8752fbdb95d4e1329ce7ca301305cd8f1b
Opcode Fuzzy Hash: 9303b2e73d1f21f3a53bf0e74cb2595b6792b49952dc4c628fb5bbef4c6401bd
Instruction Fuzzy Hash: E5F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F990A6D9BE3EAC969220

Function 00007FF7BACD5555 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 9303b2e73d1f21f3a53bf0e74cb2595b6792b49952dc4c628fb5bbef4c6401bd
Instruction ID: 7429711888b8113e56f8c9459e243e8752fbdb95d4e1329ce7ca301305cd8f1b
Opcode Fuzzy Hash: 9303b2e73d1f21f3a53bf0e74cb2595b6792b49952dc4c628fb5bbef4c6401bd
Instruction Fuzzy Hash: E5F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F990A6D9BE3EAC969220

Function 00007FF7BACD554E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 9303b2e73d1f21f3a53bf0e74cb2595b6792b49952dc4c628fb5bbef4c6401bd
Instruction ID: 7429711888b8113e56f8c9459e243e8752fbdb95d4e1329ce7ca301305cd8f1b
Opcode Fuzzy Hash: 9303b2e73d1f21f3a53bf0e74cb2595b6792b49952dc4c628fb5bbef4c6401bd
Instruction Fuzzy Hash: E5F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F990A6D9BE3EAC969220

Function 00007FF7BACD52B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 2796a4fda047bc9d9d8d2092542dfd42e2adf876a0c4b6754514bb1db6429f31
Instruction ID: 73d68e883f5c849d07aa08f80aa4878cd88439adaca888265e8e5d4e14520d54
Opcode Fuzzy Hash: 2796a4fda047bc9d9d8d2092542dfd42e2adf876a0c4b6754514bb1db6429f31
Instruction Fuzzy Hash: D1F05B53B0810655FD53BA0CB44477991421F72375F8D09B28F990A6D9BE3DAC969210

Function 00007FF7BACD52A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: fb890878b09f2417daf7a18940c6da63fc9dd87647a05d628e5655eae9bb3537
Instruction ID: 144ff9696bddf674486843b26727b8c85d75b127c2bd5cffa83802367e29f833
Opcode Fuzzy Hash: fb890878b09f2417daf7a18940c6da63fc9dd87647a05d628e5655eae9bb3537
Instruction Fuzzy Hash: 4AF05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F9D0A6D9BE3EAC969220

Function 00007FF7BACD52D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 4baa850ea32367f99f564dbd85c6b8d89eb68a121a44affb4fcb460d545b763e
Instruction ID: 243c65e8020480ae8509c53fd5f560e332456d1ca163a5e0c9912908f509b8db
Opcode Fuzzy Hash: 4baa850ea32367f99f564dbd85c6b8d89eb68a121a44affb4fcb460d545b763e
Instruction Fuzzy Hash: 38F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F990A6D9BE3EAC969220

Function 00007FF7BACD52C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1fa99dbfe3c0ae3303e941b713d6245083e29630d68c19c4364f68e429e4d30a
Instruction ID: ec380cc5c285f19dc7ed61e440c195cd0d550a018cbe7623b2d27e2da0ef7fda
Opcode Fuzzy Hash: 1fa99dbfe3c0ae3303e941b713d6245083e29630d68c19c4364f68e429e4d30a
Instruction Fuzzy Hash: 15F05463B0810651FD53BA0CB4447B992421F723B5F8D09B28F9D0A6D9BE3EAC969220

Function 00007FF7BACD52BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7BACD5570

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7BACD55AC
fs_file_read, xrefs: 00007FF7BACD55A5

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 47be94292563895e537d5cde29b61123ba99bab4bc184283351cc113b9d5a01b
Instruction ID: 919015c4e7133e443f385b4e4556740eaa103b65cd24d4843d02912b9576e7a9
Opcode Fuzzy Hash: 47be94292563895e537d5cde29b61123ba99bab4bc184283351cc113b9d5a01b
Instruction Fuzzy Hash: BEF05463B0810651FD53BA0CB4457B992421F723B5F8D09B28F990B6D9BE3EAC969220

Function 00007FFE126DBCD7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DBD7D

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

registry_get_value, xrefs: 00007FFE126DBDC6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126DBDCD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 3787b264349805c3f2e146bafce26e6071b31fa2ce125b22b29e845be593ce53
Instruction ID: 1b693a6134813ed3472029db86e7dcbdcea410f3aee1c3ab9e9fecb8210a8be2
Opcode Fuzzy Hash: 3787b264349805c3f2e146bafce26e6071b31fa2ce125b22b29e845be593ce53
Instruction Fuzzy Hash: 15F09662608F4E83E5528F02FC403BD6255AF417B4F4801B6ED9D466F4EFADD9899700

Function 00007FFE126DBCCD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DBD7D

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

registry_get_value, xrefs: 00007FFE126DBDC6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126DBDCD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 6470fc9d1d3c22d2aeb0edb3da20f8fec96e8fd10e0b1d1327b3b09f566962b1
Instruction ID: fbbb3cc7762fe6d4bd8f238b55b4c16905cc0d79932ec4baf73042a1753fcd11
Opcode Fuzzy Hash: 6470fc9d1d3c22d2aeb0edb3da20f8fec96e8fd10e0b1d1327b3b09f566962b1
Instruction Fuzzy Hash: 0FF0F622608F0E83E552CF02FC403BD2244AF407B4F4802B6ED8D466F4EFADD9898700

Function 00007FFE126DBD6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DBD7D

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

registry_get_value, xrefs: 00007FFE126DBDC6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126DBDCD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 9693e49df37661324c830eed715e65ea3fab7e6ae61be3aa30e6675c6512d582
Instruction ID: 7764d6c81d1a13a2baf8f6acc434ffc37cb5b70e6684aae824ab5b249e88acd8
Opcode Fuzzy Hash: 9693e49df37661324c830eed715e65ea3fab7e6ae61be3aa30e6675c6512d582
Instruction Fuzzy Hash: B0F09662608F4E83E552CF02FC403BD6255AF417B4F4801B6ED9D466F4EFADD9899700

Function 00007FFE126DBD5E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DBD7D

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

registry_get_value, xrefs: 00007FFE126DBDC6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126DBDCD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 60c5f8e22a2949e27c745340d96f2c89e003dc503e943f142536a8d784ae8074
Instruction ID: 7ea5394a2f6877cc38d093b00948661793f08788da6791993a101381e52d796e
Opcode Fuzzy Hash: 60c5f8e22a2949e27c745340d96f2c89e003dc503e943f142536a8d784ae8074
Instruction Fuzzy Hash: 7EF06262608B4E82E5528F02BC403B96255AF417B4F4801B6ED9D466F4EFADDA899700

Function 00007FFE126DBDE8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DBD7D

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

registry_get_value, xrefs: 00007FFE126DBDC6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126DBDCD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: ddd441fecf9825be158138d3e89adceed430b0210fddd248ec8933bdfd9c2ef5
Instruction ID: 7d7ff70dddbc197dda84e41745796c091da43f0b5e5278653c37817144c0e823
Opcode Fuzzy Hash: ddd441fecf9825be158138d3e89adceed430b0210fddd248ec8933bdfd9c2ef5
Instruction Fuzzy Hash: 1AF09662608F4E83E652CF12FC403BD6255AF407B4F4802B6ED9D466F4EFADD9899700

Function 00007FFE1150544C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1150545D

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE115054AD
registry_get_value, xrefs: 00007FFE115054A6

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 090d597a9b1f28875ad6d45f6679cbd5da47c45444663eb49efbe71bafab15ff
Instruction ID: f692ff175ee90543bc815fb776beeafad38dbfe42db2873a4859dc4cf4e2fa49
Opcode Fuzzy Hash: 090d597a9b1f28875ad6d45f6679cbd5da47c45444663eb49efbe71bafab15ff
Instruction Fuzzy Hash: 6DF0F622618F4A42E7528F41BC403BD624DAF417B8F08027ADD5D466B0DF3CD9898300

Function 00007FFE1150543E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1150545D

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE115054AD
registry_get_value, xrefs: 00007FFE115054A6

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 7540e1a66fc6686d969aba4d5a662a22a3092066e406f677bd1371b9416a87bc
Instruction ID: fecfa64ad0af38932b7d1d1f6166b3944b3b1c3245c8cbe1313e8dbbea51b651
Opcode Fuzzy Hash: 7540e1a66fc6686d969aba4d5a662a22a3092066e406f677bd1371b9416a87bc
Instruction Fuzzy Hash: D3F0F622618F4A42E7538F41BC403BD224DAF417B8F08027ADD5D462B0DF3CDA898300

Function 00007FFE115054C8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1150545D

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE115054AD
registry_get_value, xrefs: 00007FFE115054A6

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 9569925857baad9d83274aefa34eeb2a47794240e04e45bf96f4fb7c4f6da266
Instruction ID: 1e05dcf8ac2761afd10b0c8a3f9f4ba33463a697f37f97a76b901b30f65d2989
Opcode Fuzzy Hash: 9569925857baad9d83274aefa34eeb2a47794240e04e45bf96f4fb7c4f6da266
Instruction Fuzzy Hash: 62F09662618F4642E7529F41BC403BD625DAF457B8F08027ADD5D466B1DF3DD9899300

Function 00007FFE115053B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1150545D

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE115054AD
registry_get_value, xrefs: 00007FFE115054A6

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: e638fd45968e93b56570e475a3f40e1af91e8fb340a94d33487af47f6295cefe
Instruction ID: bded6a29cc02af10a85ab1fc2be91c8b804111a4155266df5ef31ffa9e7a790b
Opcode Fuzzy Hash: e638fd45968e93b56570e475a3f40e1af91e8fb340a94d33487af47f6295cefe
Instruction Fuzzy Hash: D9F0F622618E4A42E7628F41BC403BD224DAF417B8F08027ADD5D462B0DF3CD9898300

Function 00007FFE115053AD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1150545D

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE115054AD
registry_get_value, xrefs: 00007FFE115054A6

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 1f1443341065272b26f8778fb621d4f4bce8ddecc7e485dcee93d47f1416b181
Instruction ID: 088b38f2320aee107fc4ebe3ea104e9abd9be5d9dd5255652d229cbb74f9f1d9
Opcode Fuzzy Hash: 1f1443341065272b26f8778fb621d4f4bce8ddecc7e485dcee93d47f1416b181
Instruction Fuzzy Hash: 0EF0F622718F4A42E7528F41BC403BD224DAF417B8F08027ADD5D462B1EF3CD9898300

Function 00007FFE1322D758 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1322D6ED

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1322D73D
registry_get_value, xrefs: 00007FFE1322D736

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 50bce3b7bf616760c42d00d66563879c40cc30f9e69380af2d925f2cf431fad1
Instruction ID: 0dac8e801666b9eea4159cbe542188dcbe3cff411adae91050eac767b8326164
Opcode Fuzzy Hash: 50bce3b7bf616760c42d00d66563879c40cc30f9e69380af2d925f2cf431fad1
Instruction Fuzzy Hash: 1DF0F662A08F064AE662AF12BC407B96254FFE47B4F080275ED5D566F0DF3CD98AD301

Function 00007FFE1322D647 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1322D6ED

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1322D73D
registry_get_value, xrefs: 00007FFE1322D736

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 1d38aa518cd8cb70aaa1eb48d605735a9ea8bfb1ae1be2480bc1e9ba4e74c517
Instruction ID: 4abc9d7a8cd6f34b317bf1b6264df924ce69ec3af61e6bf20459c35f7f7256d7
Opcode Fuzzy Hash: 1d38aa518cd8cb70aaa1eb48d605735a9ea8bfb1ae1be2480bc1e9ba4e74c517
Instruction Fuzzy Hash: 3CF0F662A08E064AE662AF12BC407B96254FFE47B4F080175ED5C562F0DF3CD98AC300

Function 00007FFE1322D6CE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1322D6ED

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1322D73D
registry_get_value, xrefs: 00007FFE1322D736

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 55f2d8677f6c725d11c004d8530db456bcec3bb002d427c848e4a1a5171d9bf3
Instruction ID: 566f4d687a2ff1f3339ea744e0d0696f66f9b12d86768362beaef9427c07e729
Opcode Fuzzy Hash: 55f2d8677f6c725d11c004d8530db456bcec3bb002d427c848e4a1a5171d9bf3
Instruction Fuzzy Hash: 37F0F662A08F064AE662AF12BC407B96254FFE47B4F080176ED5D562F0DF3CD98AC301

Function 00007FFE1322D6DC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1322D6ED

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1322D73D
registry_get_value, xrefs: 00007FFE1322D736

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 99d068cd179612c1ac27f654ff5c3bffab30fe45e6ed73a2eb49f776a9b7b215
Instruction ID: adf63701abc5844a4187a6c0a5e873ac77856ce08228ad40cab823fe119aee82
Opcode Fuzzy Hash: 99d068cd179612c1ac27f654ff5c3bffab30fe45e6ed73a2eb49f776a9b7b215
Instruction Fuzzy Hash: 7AF0F662A08F064AE662AF12BC407B96254FFE47B4F080176ED5D566F0DF3CD98AC301

Function 00007FFE1322D63D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1322D6ED

Part of subcall function 00007FFE132277A2: fwrite.MSVCRT ref: 00007FFE1322784E
Part of subcall function 00007FFE132277A2: fflush.MSVCRT ref: 00007FFE1322785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1322D73D
registry_get_value, xrefs: 00007FFE1322D736

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: cc24d5a41572f0b9054779423aa4415a2b35953dfb0d16ce3bc8e918d1e42980
Instruction ID: ad21fee1d9a13c1fdeef967e0fe60f114723f0d0a15c61f87366b328c94e6d2b
Opcode Fuzzy Hash: cc24d5a41572f0b9054779423aa4415a2b35953dfb0d16ce3bc8e918d1e42980
Instruction Fuzzy Hash: AFF0C262A08B0A4AE662AB12BC407B96254AFE47B4F080275ED5D562B0DF2CD98AC301

Function 00007FFE1A459E58 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A459DED

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A459E3D
registry_get_value, xrefs: 00007FFE1A459E36

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: d7883f0e83be7938c30f7875dd83222e5db045926900550beb03412174322eaa
Instruction ID: 2d7139fb26cb7ee87a920331071c1f136cff884d1e2a556c5f54bfbbac52cbdb
Opcode Fuzzy Hash: d7883f0e83be7938c30f7875dd83222e5db045926900550beb03412174322eaa
Instruction Fuzzy Hash: A1F0F6A3708B0A42EA529F41BD403B56255BF41FB8F0802F7EE5D876A1EF3DD9998300

Function 00007FFE1A459D3D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A459DED

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A459E3D
registry_get_value, xrefs: 00007FFE1A459E36

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 1314e7eb479eee44c360a1dda5ebfda798b09de611a92089ca54b1cad1582c1c
Instruction ID: 1fffdaf3e64a93d209db71afc0426122688f924cd168c1e922b326b9dec8e544
Opcode Fuzzy Hash: 1314e7eb479eee44c360a1dda5ebfda798b09de611a92089ca54b1cad1582c1c
Instruction Fuzzy Hash: 12F0F6A3708B0A42E9529F41BD403B56255AF41FB8F4802F7EE5D876A2EF3DD9598300

Function 00007FFE1A459D47 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A459DED

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A459E3D
registry_get_value, xrefs: 00007FFE1A459E36

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 52ca38a0f41c609ff6feed84d880264454f237d8eec51bd4b63ad4a758567895
Instruction ID: cb5140a8a775e954e1c9b8c7a1ece8b9225c0ebf0e7c9d347ca6944117467fd3
Opcode Fuzzy Hash: 52ca38a0f41c609ff6feed84d880264454f237d8eec51bd4b63ad4a758567895
Instruction Fuzzy Hash: 54F0F6A3708A0A42E9529F41BD403B56255BF41FB4F4802F7EE5C876E1EF3DD9598300

Function 00007FFE1A459DCE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A459DED

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A459E3D
registry_get_value, xrefs: 00007FFE1A459E36

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 542d86327ba9c28ab8ec20c7288c7cbdfa14ef08d990c92e9d9a782d7052aa8a
Instruction ID: 2c01c13bcdee6257a0101692140429094ed1b1bd5b9d87d2b7289f4dbfadb51a
Opcode Fuzzy Hash: 542d86327ba9c28ab8ec20c7288c7cbdfa14ef08d990c92e9d9a782d7052aa8a
Instruction Fuzzy Hash: 4BF0F6A7708B0A42E9529F41BD403B56255EF41FB8F4802F7EE5D876A1EF3DDA598300

Function 00007FFE1A459DDC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A459DED

Part of subcall function 00007FFE1A4520C2: fwrite.MSVCRT ref: 00007FFE1A45216E
Part of subcall function 00007FFE1A4520C2: fflush.MSVCRT ref: 00007FFE1A45217A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A459E3D
registry_get_value, xrefs: 00007FFE1A459E36

Memory Dump Source

Source File: 0000000E.00000002.2485076859.00007FFE1A451000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A450000, based on PE: true

Associated: 0000000E.00000002.2485026464.00007FFE1A450000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485112540.00007FFE1A460000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485132730.00007FFE1A468000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485218789.00007FFE1A46B000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 0000000E.00000002.2485304937.00007FFE1A46C000.00000008.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe1a450000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 69f171f29a88397c0965eaea77cd01dbdd428adf63aaa7c2c2cec3eadda95624
Instruction ID: 2dd5cc90de3640323b0400737a5cb2e450f7ddf9836056960a03dde97ece0d8d
Opcode Fuzzy Hash: 69f171f29a88397c0965eaea77cd01dbdd428adf63aaa7c2c2cec3eadda95624
Instruction Fuzzy Hash: A4F0F6A3708B0A42E9529F41BD403B56255AF41FB8F4802F7EE5D876A1EF3DD9598700

Function 00007FFE10243627 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE102436CD

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

registry_get_value, xrefs: 00007FFE10243716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1024371D

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 2de525bd892358ed90625d972d9654884f7263b8b6fc151aa038f3d36500a56e
Instruction ID: aec44ddafabe793b918cdb66dc4707dc0d5f4ad9b2040dc080108da210b573b1
Opcode Fuzzy Hash: 2de525bd892358ed90625d972d9654884f7263b8b6fc151aa038f3d36500a56e
Instruction Fuzzy Hash: A4F0F662A08A0A91E5528F01B8403B9BA54BFC07B4F444176EF1DC63B2EF2DE989D300

Function 00007FFE1024361D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE102436CD

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

registry_get_value, xrefs: 00007FFE10243716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1024371D

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: a5b1a65c1664cf4ca3954329d89323b1914421e003bf91b17dbda7f137d406a3
Instruction ID: 6008cafd1103f0301c46746545f13f8bb97b1c8f0dc74fc1ebe196390085ef32
Opcode Fuzzy Hash: a5b1a65c1664cf4ca3954329d89323b1914421e003bf91b17dbda7f137d406a3
Instruction Fuzzy Hash: 82F0F662A08B0A91E5528F01B8403B9BA54BFC07B4F444276EF1DC63B2EF2DE989D300

Function 00007FFE102436AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE102436CD

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

registry_get_value, xrefs: 00007FFE10243716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1024371D

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 4d260aa501de199a9fa28ce901ea3f4f2d3f329601dbaea7c6a3156e5fb32778
Instruction ID: 1fff163548d87d1dc23c2e9974015a759238deb28f4bef91ab9439ccfe61ebc2
Opcode Fuzzy Hash: 4d260aa501de199a9fa28ce901ea3f4f2d3f329601dbaea7c6a3156e5fb32778
Instruction Fuzzy Hash: BAF0F662A08A0A91E5528F01B8403B9BA54FFC07B4F444176EF1DC63B2EF2DE989D300

Function 00007FFE102436BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE102436CD

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

registry_get_value, xrefs: 00007FFE10243716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1024371D

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 9c9e253ef25150492f77c9fdcebcbb4b0432c3996a4bfa578f81661baafe1c98
Instruction ID: 697cbae8d6dd0754574ae7cfe88e010b848af181d91d2c6cea52f54fadaa2fe7
Opcode Fuzzy Hash: 9c9e253ef25150492f77c9fdcebcbb4b0432c3996a4bfa578f81661baafe1c98
Instruction Fuzzy Hash: E9F0F662A08A0A92E5528F01B8403B9BA54BFC07B4F444176EF1DC67B2EF2DE989D300

Function 00007FFE10243738 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE102436CD

Part of subcall function 00007FFE102440D2: fwrite.MSVCRT ref: 00007FFE1024417E
Part of subcall function 00007FFE102440D2: fflush.MSVCRT ref: 00007FFE1024418A

Strings

registry_get_value, xrefs: 00007FFE10243716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1024371D

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: ca5c7dfc72b2e17d51c62d0c4d2562fa867c2ac92d1f36bbf7205825bb34c6af
Instruction ID: b708a35835875b97fb6c2e7f5e5a958d8e32b70457e35918f5117329429909fc
Opcode Fuzzy Hash: ca5c7dfc72b2e17d51c62d0c4d2562fa867c2ac92d1f36bbf7205825bb34c6af
Instruction Fuzzy Hash: 45F0FC52A08B0A91E5518F01B8403B57554BFC07B4F444175EF5DC67B2EF2DD989D300

Function 00007FFE11EC363C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: dfc3d5452ae4924382ea6fe93a0fbf9d4bc3aad60b172f611cf4cb8f220826fa
Instruction ID: 865976c47217a6dc972fc020065fe6f52cc4c7c658cfc36007e6b4143e060c49
Opcode Fuzzy Hash: dfc3d5452ae4924382ea6fe93a0fbf9d4bc3aad60b172f611cf4cb8f220826fa
Instruction Fuzzy Hash: 49F09C13A0CA4641E752DF91BC403B7625CAF407B4F840175DD5D467E0DF2DFA459700

Function 00007FFE11EC362E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: b4c4cdc361995d3af475825b5b9592a90d7172a47e3cb3fd7d6a7c25dfe11def
Instruction ID: 7648a2f62bd943bcb222eb3cf26851344e859881db3804f4df7d160461e922a0
Opcode Fuzzy Hash: b4c4cdc361995d3af475825b5b9592a90d7172a47e3cb3fd7d6a7c25dfe11def
Instruction Fuzzy Hash: FEF06223A08A4641EB52DF91BC403BB625CAF407B4F880176DD5D466E0EF2DFA8A9300

Function 00007FFE11EC35A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 167771c8c1c4554efda54008c580c9ff860e930fcaca6236bde73388e3653b50
Instruction ID: bf70345671271f3e6e3ebcbe30e483ba29fe51fc68d351a34719ec48912e5856
Opcode Fuzzy Hash: 167771c8c1c4554efda54008c580c9ff860e930fcaca6236bde73388e3653b50
Instruction Fuzzy Hash: BAF09623A0CA4641EB52DF91BC403BB625CBF407B4F880175DD5D466E0EF2DFA8A9300

Function 00007FFE11EC359D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: b65c7fc0dbd9a7b0299e0c2b8e0232ef07709154f27581d121896d02f68235f8
Instruction ID: 4919d6799bf9276306e7dff8f4bad38bdcd5d0c632e67abf5f15bd6ce57f4830
Opcode Fuzzy Hash: b65c7fc0dbd9a7b0299e0c2b8e0232ef07709154f27581d121896d02f68235f8
Instruction Fuzzy Hash: E1F06223A08A4641EB52DF91BC403BB625CAF407B5F880275DD5D466E0EF2DFA8A9300

Function 00007FFE11EC36B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 3cc0958dc823a3f95ba49ee48407de72d55fdcc69baeec2a75528ed6b1a49501
Instruction ID: 6fe03270a9d6831e09ee4b2c12cf2ee0ca3beed67f7bb5634ac7178aecf75b00
Opcode Fuzzy Hash: 3cc0958dc823a3f95ba49ee48407de72d55fdcc69baeec2a75528ed6b1a49501
Instruction Fuzzy Hash: 2CF06223A08A4641EB52DF91BC403BB625CAF407B4F880275DD5D466E0EF2DFA8A9300

Function 00007FF7BACD94AD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7BACD955D

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

registry_get_value, xrefs: 00007FF7BACD95A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7BACD95AD

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: a0f005fceefb8e82cee0c1d8cbf4e62ea635758a479f9d1777f55c149fc0051b
Instruction ID: 6db733602e45b4804245e667e9ec6eab2b356f0a1badc456338dfd9b6f1e5ec6
Opcode Fuzzy Hash: a0f005fceefb8e82cee0c1d8cbf4e62ea635758a479f9d1777f55c149fc0051b
Instruction Fuzzy Hash: A3F04C2660834A81F552BF08F8483B9B254AF62794FC80276DF5C4BA88EF3CE9859310

Function 00007FF7BACD94B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7BACD955D

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

registry_get_value, xrefs: 00007FF7BACD95A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7BACD95AD

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: a1ec69f4c8712f672cfade87aeab5974d39464317b52c9e07f38e400d49238b3
Instruction ID: cabfcc4b87703017c4c8c799c3eee60203ba003c263a57a16c30bd3bf0c3dde4
Opcode Fuzzy Hash: a1ec69f4c8712f672cfade87aeab5974d39464317b52c9e07f38e400d49238b3
Instruction Fuzzy Hash: 3FF0FC2660874A81F5527F08FC483B9B254AF62794FC80276DF5C4BA98DF3CE5899310

Function 00007FF7BACD95C8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7BACD955D

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

registry_get_value, xrefs: 00007FF7BACD95A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7BACD95AD

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 128564e3011a9d4c739a2c6f455a0b654ffdf6d148fc863d885cc2fd8148f5e1
Instruction ID: 13c1f6bc6a437fe089dbf2ab4f8fe4e9b5c2a214e09bf82a3bcc3b6930269676
Opcode Fuzzy Hash: 128564e3011a9d4c739a2c6f455a0b654ffdf6d148fc863d885cc2fd8148f5e1
Instruction Fuzzy Hash: 38F0FC2660874681F552BF08F8483B9B254AF62794F880276DF9D4BA98DF3CE9899310

Function 00007FF7BACD954C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7BACD955D

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

registry_get_value, xrefs: 00007FF7BACD95A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7BACD95AD

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 5b72ae64b84b18650a09ac6363dcd029a3fe82bf69d366367befe2071cc93e9a
Instruction ID: 3400651b1c408d26273c9419e10c192da06843f3e1c9c496c03cbad51fdbdc60
Opcode Fuzzy Hash: 5b72ae64b84b18650a09ac6363dcd029a3fe82bf69d366367befe2071cc93e9a
Instruction Fuzzy Hash: 80F0FC2660874A82F552BF08F8483B9B254AF62794FC80276DF5D4BA98DF3CE9859310

Function 00007FF7BACD953E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7BACD955D

Part of subcall function 00007FF7BACD2EF2: fwrite.MSVCRT ref: 00007FF7BACD2F9E
Part of subcall function 00007FF7BACD2EF2: fflush.MSVCRT ref: 00007FF7BACD2FAA

Strings

registry_get_value, xrefs: 00007FF7BACD95A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7BACD95AD

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 4927b445d6697eeb77b539b734dd78bf961b55804fc4d70544ee3474e2d44dc7
Instruction ID: 0226995efa889725bbf69a6f3cb6617bcab8bebf77e184557cad774d0a7acf4f
Opcode Fuzzy Hash: 4927b445d6697eeb77b539b734dd78bf961b55804fc4d70544ee3474e2d44dc7
Instruction Fuzzy Hash: 5BF0FC2660874A81F552BF08FC483B9B258EF62794FC80276DF5D4BA98DF3CE9859310

Function 00007FFE126D272A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE126D280B
Sleep.KERNEL32 ref: 00007FFE126D2817

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: fb84f6463fe680fa275dda8fb65c326a96006e217f1acf09d6a33ec17a0a7cad
Instruction ID: f4c93a237ec1e241574c16677d07080eb6cce776af3e94d1da6696d2e35a1a8f
Opcode Fuzzy Hash: fb84f6463fe680fa275dda8fb65c326a96006e217f1acf09d6a33ec17a0a7cad
Instruction Fuzzy Hash: DA311E20F18E4F83F770D727AC842B92251AF40734F5003F2D4BD566F6DEADA9896640

Function 00007FFE1150A31A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE1150A3FB
Sleep.KERNEL32 ref: 00007FFE1150A407

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: 1712466607cc19edf77195b7408d88e3b6fb03c6fc7980baadae87da0139e872
Instruction ID: 1de9eb69fe1eb8d8befa859fd1b15402d7de81577cfd1d229b18327c1a1375c3
Opcode Fuzzy Hash: 1712466607cc19edf77195b7408d88e3b6fb03c6fc7980baadae87da0139e872
Instruction Fuzzy Hash: FB313E21E1CE0382F73197EBE8842BC235AAF46374F1803B9D47E466F5DE6CE6455282

Function 00007FFE1322605A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE1322613B
Sleep.KERNEL32 ref: 00007FFE13226147

Memory Dump Source

Source File: 0000000E.00000002.2484585677.00007FFE13221000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFE13220000, based on PE: true

Associated: 0000000E.00000002.2484559489.00007FFE13220000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484636422.00007FFE13233000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484713223.00007FFE13234000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484787873.00007FFE1323D000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484824285.00007FFE13240000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484911935.00007FFE13241000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000E.00000002.2484988899.00007FFE13244000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe13220000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: 802c4bf2ef1d69723389f337516ab35167bb485818cd60641b3131450e3edc32
Instruction ID: 8ba4d86a20bf33a83bef36314f3eb64f8bc5613360885ba391dc5a652c759418
Opcode Fuzzy Hash: 802c4bf2ef1d69723389f337516ab35167bb485818cd60641b3131450e3edc32
Instruction Fuzzy Hash: C8311A25E08E028AF630BB26BC843786251AFF4770F6007B1D5BD667F2CE6DB645E640

Function 00007FFE1024135A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE1024143B
Sleep.KERNEL32 ref: 00007FFE10241447

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: 31f2c3afba6f06f983378b2c262b5bf194ce88f71d24dd3fe1f977f8be1561fb
Instruction ID: 056976b811b0e814d676960407a12990bcf380eb50457b68023925e2d0343d1b
Opcode Fuzzy Hash: 31f2c3afba6f06f983378b2c262b5bf194ce88f71d24dd3fe1f977f8be1561fb
Instruction Fuzzy Hash: 8131D660B08F02D2F6209B27A8852B93E51AFC5770F2053B1DA7D86BF7EE2CA545D644

Function 00007FFE11EC135A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE11EC143B
Sleep.KERNEL32 ref: 00007FFE11EC1447

Memory Dump Source

Source File: 0000000E.00000002.2483895548.00007FFE11EC1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 0000000E.00000002.2483858550.00007FFE11EC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2483959444.00007FFE11ED3000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484044801.00007FFE11EDC000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484077580.00007FFE11EDF000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 0000000E.00000002.2484133830.00007FFE11EE0000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: d4928e6c661d6caba36c55ca416f4f350e7122a74768f68a3dc5570ea04a3a9d
Instruction ID: aac8a3822c5ab8f9979dd1374992364b74f22c162e862aba53e7f120166faea8
Opcode Fuzzy Hash: d4928e6c661d6caba36c55ca416f4f350e7122a74768f68a3dc5570ea04a3a9d
Instruction Fuzzy Hash: BB31EA20A0CE03C2FB319BABAC8537B225AAF44774F9017B5D47D86AF5DE2CF545A640

Function 00007FF7BACD19E2 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7BACD1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7BACD162F), ref: 00007FF7BACD1FEE

SleepEx.KERNEL32 ref: 00007FF7BACD1A51

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: HandleModuleSleep
String ID:
API String ID: 1071907932-0
Opcode ID: c8c003f471b71a30b05e0dbd92c2347c511595d06f4733816d1c0ed97604998d
Instruction ID: fad8d4355c6105e277f0249e6de5edcf22a61b9eb4aa256d72fcdf5df632a716
Opcode Fuzzy Hash: c8c003f471b71a30b05e0dbd92c2347c511595d06f4733816d1c0ed97604998d
Instruction Fuzzy Hash: 5E01A92171C64382F7503A5DE4583B9A2519BA5354FD43072EF8E5B2DDDE7CD9458320

Function 00007FF7BACD1360 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetServiceStatus.SECHOST ref: 00007FF7BACD1385

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: ServiceStatus
String ID:
API String ID: 3969395364-0
Opcode ID: e32b914f392c1bb68bce297dc10430292cf8290041b41d2df93b278c97710b2f
Instruction ID: ab9cdc1a56298e61ee80613f208f96d0dd9db5172faf18dd6ee5269a3b19052d
Opcode Fuzzy Hash: e32b914f392c1bb68bce297dc10430292cf8290041b41d2df93b278c97710b2f
Instruction Fuzzy Hash: C0D06774D19602C9F704BF0DE889024B7A0BF7B741BD090B5CB4D43228CE2C7A599764

Function 00007FF7BACD867A Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

rand_s.MSVCRT ref: 00007FF7BACD868B

Memory Dump Source

Source File: 0000000E.00000002.2481739051.00007FF7BACD1000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF7BACD0000, based on PE: true

Associated: 0000000E.00000002.2481714108.00007FF7BACD0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481760014.00007FF7BACE0000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACE8000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481780576.00007FF7BACEA000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 0000000E.00000002.2481818019.00007FF7BACEE000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ff7bacd0000_main.jbxd

Similarity

API ID: rand_s
String ID:
API String ID: 863162693-0
Opcode ID: 9d1dea8f0649f6ea471d177bbf6b5905a76924c58d29f7228f0de2b116ca011d
Instruction ID: 91f0a7176cd7b52ee5d2ba54be3de7c1ef2539111ffca0f3b973211ddc19e007
Opcode Fuzzy Hash: 9d1dea8f0649f6ea471d177bbf6b5905a76924c58d29f7228f0de2b116ca011d
Instruction Fuzzy Hash: CCC04C36A18540CAD730EB24E855359B770F799308FD08151EA9D83668CB3CD61FCF54

Function 00007FFE10248F87 Relevance: 1.3, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE10248F95

Memory Dump Source

Source File: 0000000E.00000002.2483245989.00007FFE10241000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE10240000, based on PE: true

Associated: 0000000E.00000002.2483206013.00007FFE10240000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483323686.00007FFE10254000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483364192.00007FFE1025D000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483403761.00007FFE10260000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 0000000E.00000002.2483482910.00007FFE10261000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe10240000_main.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: df13fde7c40af4feb2eb82e8b692fbb7fa95fd958b49ba1763114e1b7b31d811
Instruction ID: 64d24e8b47b2e6ae4335cdc7bb78c44ab7d6c6860b0a85809fc2fe9cca587ca8
Opcode Fuzzy Hash: df13fde7c40af4feb2eb82e8b692fbb7fa95fd958b49ba1763114e1b7b31d811
Instruction Fuzzy Hash: E1C08C91F1990283EB186763A8C107416206FDC330F4010B4EE6F86373AE5C98E9C204

Non-executed Functions

Function 00007FFE1150F0FE Relevance: 56.4, APIs: 17, Strings: 15, Instructions: 435stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE1150F190
strcat.MSVCRT ref: 00007FFE1150F2CA
strlen.MSVCRT ref: 00007FFE1150F2E0
strlen.MSVCRT ref: 00007FFE1150F2EB
strlen.MSVCRT ref: 00007FFE1150F31F
strcat.MSVCRT ref: 00007FFE1150F32F
strlen.MSVCRT ref: 00007FFE1150F36D
strlen.MSVCRT ref: 00007FFE1150F37A
strlen.MSVCRT ref: 00007FFE1150F3A3
strcat.MSVCRT ref: 00007FFE1150F3B5
LogonUserA.ADVAPI32 ref: 00007FFE1150F425
GetLastError.KERNEL32 ref: 00007FFE1150F433
CloseHandle.KERNEL32 ref: 00007FFE1150F6F7

Strings

(usr == NULL) || (pwd != NULL), xrefs: 00007FFE1150F29A
[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu), xrefs: 00007FFE1150F5F3
process_create, xrefs: 00007FFE1150F1F9, 00007FFE1150F239, 00007FFE1150F26D, 00007FFE1150F2A1, 00007FFE1150F453, 00007FFE1150F5EC, 00007FFE1150F6D9, 00007FFE1150F748, 00007FFE1150F87C, 00007FFE1150F96E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150F240, 00007FFE1150F274, 00007FFE1150F2A8
[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu), xrefs: 00007FFE1150F883
(pi != NULL), xrefs: 00007FFE1150F232
NULL, xrefs: 00007FFE1150F986, 00007FFE1150F992, 00007FFE1150F99E, 00007FFE1150F9AA, 00007FFE1150F9B6, 00007FFE1150F9C2, 00007FFE1150F9CE, 00007FFE1150F9DA, 00007FFE1150F9E6
[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x), xrefs: 00007FFE1150F200
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE1150F22B, 00007FFE1150F25F, 00007FFE1150F293
[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu), xrefs: 00007FFE1150F45A
(app != NULL), xrefs: 00007FFE1150F266
[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu), xrefs: 00007FFE1150F74F
h, xrefs: 00007FFE1150F8C6
[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu), xrefs: 00007FFE1150F975
[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu), xrefs: 00007FFE1150F6E0

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: strlen$strcat$CloseErrorHandleLastLogonUser
String ID: (app != NULL)$(pi != NULL)$(usr == NULL) || (pwd != NULL)$C:/Projects/rdp/bot/codebase/process.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu)$[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x)$[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu)$[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu)$[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu)$h$process_create
API String ID: 1842180197-3127737957
Opcode ID: 44147f0eca4062257ca80a990bffced13053b235bce53c1a3c5539a3f3aaa508
Instruction ID: 3c12c3c2f1725c0f723d167812c4eb0bad900dc5f736c6e628d40f615ac8e982
Opcode Fuzzy Hash: 44147f0eca4062257ca80a990bffced13053b235bce53c1a3c5539a3f3aaa508
Instruction Fuzzy Hash: 25128EA290CE4392FB708B93E8403BD6298BB447B4F4405BBD94E476B4DF7CE6498742

Function 00007FFE126D4978 Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE126D49C8
HeapAlloc.KERNEL32 ref: 00007FFE126D49DC
GetAdaptersInfo.IPHLPAPI ref: 00007FFE126D49F6
GetProcessHeap.KERNEL32 ref: 00007FFE126D4A0D
HeapFree.KERNEL32 ref: 00007FFE126D4A1E
GetProcessHeap.KERNEL32 ref: 00007FFE126D4A28
HeapAlloc.KERNEL32 ref: 00007FFE126D4A39
GetAdaptersInfo.IPHLPAPI ref: 00007FFE126D4A53

Strings

(pref_adapter_type != NULL), xrefs: 00007FFE126D4ABE
[E] (%s) -> GetBestInterface failed(res=%08lx), xrefs: 00007FFE126D4AE9
mem_alloc, xrefs: 00007FFE126D4B0A, 00007FFE126D4B29
[D] (%s) -> Adapter detected(name=%s,desc=%s,type=%d), xrefs: 00007FFE126D4B8C
[E] (%s) -> GetAdaptersInfo failed(res=%08lx), xrefs: 00007FFE126D4A6C, 00007FFE126D4B4D
net_info, xrefs: 00007FFE126D4A65, 00007FFE126D4A95, 00007FFE126D4AC5, 00007FFE126D4AE2, 00007FFE126D4B46, 00007FFE126D4B85
(adapter_num != NULL), xrefs: 00007FFE126D4A8E
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE126D4B11, 00007FFE126D4B30
C:/Projects/rdp/bot/codebase/net.c, xrefs: 00007FFE126D4A87, 00007FFE126D4AB7
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D4A9C, 00007FFE126D4ACC

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Heap$Process$AdaptersAllocInfo$Free
String ID: (adapter_num != NULL)$(pref_adapter_type != NULL)$C:/Projects/rdp/bot/codebase/net.c$[D] (%s) -> Adapter detected(name=%s,desc=%s,type=%d)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GetAdaptersInfo failed(res=%08lx)$[E] (%s) -> GetBestInterface failed(res=%08lx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$net_info
API String ID: 2437369060-2367710237
Opcode ID: d36da1cc80b8a827c5ded2bf8d6e028523035197614a5e5e6860143e21c20d33
Instruction ID: 04176a79b6eada49dd7e458f7205ab3505db728d74631fe79a0fbd4e305093c2
Opcode Fuzzy Hash: d36da1cc80b8a827c5ded2bf8d6e028523035197614a5e5e6860143e21c20d33
Instruction Fuzzy Hash: 91513E61A09E4F86FB10DB27DC902F86360EF54764F4840B6E98E4A6F5EEECE945C700

Function 00007FFE126D5253 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32 ref: 00007FFE126D5299
strcpy.MSVCRT ref: 00007FFE126D52B4
FindFirstFileA.KERNEL32 ref: 00007FFE126D5387
GetLastError.KERNEL32 ref: 00007FFE126D53A3
GetLastError.KERNEL32 ref: 00007FFE126D53D2
FindClose.KERNEL32 ref: 00007FFE126D53F0

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

(resume_handle != NULL), xrefs: 00007FFE126D5359
[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu), xrefs: 00007FFE126D5408
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D52E2, 00007FFE126D531A, 00007FFE126D5352
fs_dir_list, xrefs: 00007FFE126D52F0, 00007FFE126D5328, 00007FFE126D5360, 00007FFE126D53BD, 00007FFE126D5401
[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu), xrefs: 00007FFE126D53C4
(name != NULL), xrefs: 00007FFE126D5321
(path != NULL), xrefs: 00007FFE126D52E9
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D52F7, 00007FFE126D532F, 00007FFE126D5367

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
API String ID: 4253334766-1535167640
Opcode ID: 6aadc2b219b212e17a858383751c278242b6d0d50526d6d0705503b6f386a0d3
Instruction ID: 2d0c0cf2b3c942db4f318e91478e8f781601170bfe5f8bca1fa53c7654756c1f
Opcode Fuzzy Hash: 6aadc2b219b212e17a858383751c278242b6d0d50526d6d0705503b6f386a0d3
Instruction Fuzzy Hash: D5611761E0CE4F83FB209B16BD443BC2250AB00775F5501F2E89E6BAF5DEECA9458742

Function 00007FFE11501883 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32 ref: 00007FFE115018C9
strcpy.MSVCRT ref: 00007FFE115018E4
FindFirstFileA.KERNEL32 ref: 00007FFE115019B7
GetLastError.KERNEL32 ref: 00007FFE115019D3
GetLastError.KERNEL32 ref: 00007FFE11501A02
FindClose.KERNEL32 ref: 00007FFE11501A20

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11501912, 00007FFE1150194A, 00007FFE11501982
(path != NULL), xrefs: 00007FFE11501919
[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu), xrefs: 00007FFE11501A38
(resume_handle != NULL), xrefs: 00007FFE11501989
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11501927, 00007FFE1150195F, 00007FFE11501997
(name != NULL), xrefs: 00007FFE11501951
[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu), xrefs: 00007FFE115019F4
fs_dir_list, xrefs: 00007FFE11501920, 00007FFE11501958, 00007FFE11501990, 00007FFE115019ED, 00007FFE11501A31

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
API String ID: 4253334766-1535167640
Opcode ID: 0094431108ba3f5c5190efbdba4996ce3899097f65e245319e231a0f545943fc
Instruction ID: f3f484fa9c24982c640ad813e8e4ea4c49f856743d37c1c92333c227fdb00f5f
Opcode Fuzzy Hash: 0094431108ba3f5c5190efbdba4996ce3899097f65e245319e231a0f545943fc
Instruction Fuzzy Hash: F7614025E0CE4385FB615B96A4803BC7299AF01374F4805BAD85E4B2F5DFACE984C382

Function 00007FFE126D41DA Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 89networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE126D41F8
WSAGetLastError.WS2_32 ref: 00007FFE126D42E2

Part of subcall function 00007FFE126D410A: setsockopt.WS2_32 ref: 00007FFE126D413A

htonl.WS2_32 ref: 00007FFE126D422A
htons.WS2_32 ref: 00007FFE126D423B
bind.WS2_32 ref: 00007FFE126D4254
listen.WS2_32 ref: 00007FFE126D4269
WSAGetLastError.WS2_32 ref: 00007FFE126D427A

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

WSAGetLastError.WS2_32 ref: 00007FFE126D42A4

Strings

tcp_listen, xrefs: 00007FFE126D428F, 00007FFE126D42B9, 00007FFE126D42F3, 00007FFE126D4327
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE126D432E
[E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE126D42C0
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE126D42FA
[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE126D4296

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLast$bindfflushfwritehtonlhtonslistensetsockoptsocket
String ID: [E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$tcp_listen
API String ID: 3590747132-3524496754
Opcode ID: d5e897e1aaa087f2d347b2d46b08636267edeac801a2d3536124c18d3f8c1a96
Instruction ID: 21f4a6fee81e92bc510b83a830cff631e5b80b88d9982947be5d75b4b8cf1e99
Opcode Fuzzy Hash: d5e897e1aaa087f2d347b2d46b08636267edeac801a2d3536124c18d3f8c1a96
Instruction Fuzzy Hash: EA317361A08E4A83EB20AB2BAC401B97790EF547B4F1407B5D9BE437F5DEBCE9058700

Function 00007FFE126D5A75 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298fileCOMMON

Download Yara Rule

APIs

fopen.MSVCRT ref: 00007FFE126D5ABA
fseek.MSVCRT ref: 00007FFE126D5AD9
_errno.MSVCRT ref: 00007FFE126D5AED
_errno.MSVCRT ref: 00007FFE126D5B08
_errno.MSVCRT ref: 00007FFE126D5BC7

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

_errno.MSVCRT ref: 00007FFE126D5BE2
_errno.MSVCRT ref: 00007FFE126D5C2F
fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D5B2F, 00007FFE126D5B62, 00007FFE126D5B95
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D5AF5, 00007FFE126D5B3D, 00007FFE126D5B70, 00007FFE126D5BA3, 00007FFE126D5BCF, 00007FFE126D5CDA, 00007FFE126D5DF0, 00007FFE126D5EBB, 00007FFE126D5F7A, 00007FFE126D6005, 00007FFE126D6048
[I] (%s) -> Done(path=%s,buf_sz=%llu), xrefs: 00007FFE126D604F
(((*buf) == NULL) || ((*buf_sz) > 0)), xrefs: 00007FFE126D5B9C
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D5B44, 00007FFE126D5B77, 00007FFE126D5BAA
[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d), xrefs: 00007FFE126D5DF7
[E] (%s) -> fopen failed(path=%s,errno=%d), xrefs: 00007FFE126D5BD6
NULL, xrefs: 00007FFE126D6039
[E] (%s) -> ftell failed(path=%s,errno=%d), xrefs: 00007FFE126D5CE1
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE126D5E9B
[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld), xrefs: 00007FFE126D5F81
[E] (%s) -> fread failed(path=%s,errno=%d), xrefs: 00007FFE126D5EC2
mem_alloc, xrefs: 00007FFE126D5E94
[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d), xrefs: 00007FFE126D5AFC
(path != NULL), xrefs: 00007FFE126D5B36
(buf_sz != NULL), xrefs: 00007FFE126D5B69

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: _errno$fclosefflushfopenfseekfwrite
String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
API String ID: 2897271634-4120527733
Opcode ID: 58d5b68a868d91137c60689cf324d86add9f7a65a7f9d01c8a5330c5a1896d0d
Instruction ID: c8ac8942f69e52d133a05a9420fa593261910ec1367e8dcfaa36078da649f86c
Opcode Fuzzy Hash: 58d5b68a868d91137c60689cf324d86add9f7a65a7f9d01c8a5330c5a1896d0d
Instruction Fuzzy Hash: 82D13861A08E0B82FB10DB66FC403B82361EF507B5F5555B2D98E5BAF4DEBCE9468700

Function 00007FFE115020A5 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298fileCOMMON

Download Yara Rule

APIs

fopen.MSVCRT ref: 00007FFE115020EA
fseek.MSVCRT ref: 00007FFE11502109
_errno.MSVCRT ref: 00007FFE1150211D
_errno.MSVCRT ref: 00007FFE11502138
_errno.MSVCRT ref: 00007FFE115021F7

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

_errno.MSVCRT ref: 00007FFE11502212
_errno.MSVCRT ref: 00007FFE1150225F
fclose.MSVCRT ref: 00007FFE11502600

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE1150215F, 00007FFE11502192, 00007FFE115021C5
[E] (%s) -> fopen failed(path=%s,errno=%d), xrefs: 00007FFE11502206
[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d), xrefs: 00007FFE11502427
[E] (%s) -> ftell failed(path=%s,errno=%d), xrefs: 00007FFE11502311
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C
(((*buf) == NULL) || ((*buf_sz) > 0)), xrefs: 00007FFE115021CC
(buf_sz != NULL), xrefs: 00007FFE11502199
NULL, xrefs: 00007FFE11502669
mem_alloc, xrefs: 00007FFE115024C4
fs_file_read, xrefs: 00007FFE11502125, 00007FFE1150216D, 00007FFE115021A0, 00007FFE115021D3, 00007FFE115021FF, 00007FFE1150230A, 00007FFE11502420, 00007FFE115024EB, 00007FFE115025AA, 00007FFE11502635, 00007FFE11502678
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE115024CB
(path != NULL), xrefs: 00007FFE11502166
[E] (%s) -> fread failed(path=%s,errno=%d), xrefs: 00007FFE115024F2
[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d), xrefs: 00007FFE1150212C
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11502174, 00007FFE115021A7, 00007FFE115021DA
[I] (%s) -> Done(path=%s,buf_sz=%llu), xrefs: 00007FFE1150267F
[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld), xrefs: 00007FFE115025B1

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: _errno$fclosefflushfopenfseekfwrite
String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
API String ID: 2897271634-4120527733
Opcode ID: 95d49460dc818b3e80d8de5b21ae2c04c5fcdc35da095f5c456abc36f31e6c23
Instruction ID: 3f0a83bfeac2b76e12e305597a0560b949c73cb6255f3f2e9793fc40f642f8c5
Opcode Fuzzy Hash: 95d49460dc818b3e80d8de5b21ae2c04c5fcdc35da095f5c456abc36f31e6c23
Instruction Fuzzy Hash: 1CD18B62A0DE0391EB119B97E8503BC23AAAF457F4F4540BAC90E4B2B1DFBCE585C310

Function 00007FFE11508237 Relevance: 70.5, APIs: 16, Strings: 24, Instructions: 469servicememoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE11507521: Sleep.KERNEL32 ref: 00007FFE11507550

OpenServiceA.ADVAPI32 ref: 00007FFE1150827D
EnumDependentServicesA.ADVAPI32 ref: 00007FFE115082C7
GetLastError.KERNEL32 ref: 00007FFE115082D5
GetLastError.KERNEL32 ref: 00007FFE115083E7
GetProcessHeap.KERNEL32 ref: 00007FFE1150857C
HeapAlloc.KERNEL32 ref: 00007FFE1150858D
EnumDependentServicesA.ADVAPI32 ref: 00007FFE115085BF

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

P, xrefs: 00007FFE11508692
scm_stop, xrefs: 00007FFE115082EF, 00007FFE1150833B, 00007FFE115083AA, 00007FFE115083CF, 00007FFE115083F5, 00007FFE115085D1, 00007FFE11508619, 00007FFE115086FE, 00007FFE11508794, 00007FFE11508814, 00007FFE115088EE, 00007FFE11508A58, 00007FFE11508B14
~, xrefs: 00007FFE11508468
[E] (%s) -> EnumDependentServicesA(SERVICE_STATE_ALL) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE115082F6, 00007FFE11508620
[D] (%s) -> Service stop requested(lpServiceName=%s), xrefs: 00007FFE11508A5F
~, xrefs: 00007FFE11508689
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE115085F5
[W] (%s) -> scm_find failed(lpServiceName=%s), xrefs: 00007FFE11508705
[E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x), xrefs: 00007FFE115083B1
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11508342
C:/Projects/rdp/bot/codebase/scm.c, xrefs: 00007FFE1150832D
[D] (%s) -> Service is already stopped(lpServiceName=%s), xrefs: 00007FFE115083D6
[I] (%s) -> EnumDependentServicesA(SERVICE_STATE_ALL) done(lpServiceName=%s,dep_num=%lu), xrefs: 00007FFE115085D8
[E] (%s) -> OpenServiceA(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE115088F5
mem_alloc, xrefs: 00007FFE115085EE
, xrefs: 00007FFE11508408
No dependent service(s) to be stopped, xrefs: 00007FFE1150878D
(svc != NULL), xrefs: 00007FFE11508334
[E] (%s) -> OpenServiceA(SERVICE_ENUMERATE_DEPENDENTS) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE115083FC
, xrefs: 00007FFE1150862C
P, xrefs: 00007FFE11508471
[I] (%s) -> Service stopped(lpServiceName=%s,pid=%lu), xrefs: 00007FFE11508B1B
[D] (%s) -> %s, xrefs: 00007FFE1150879B
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$ErrorLast$DependentEnumHeapOpenServices$AllocCloseControlHandleProcessSleepfflushfwrite
String ID: $ $(svc != NULL)$C:/Projects/rdp/bot/codebase/scm.c$No dependent service(s) to be stopped$P$P$[D] (%s) -> %s$[D] (%s) -> Service is already stopped(lpServiceName=%s)$[D] (%s) -> Service stop requested(lpServiceName=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$[E] (%s) -> EnumDependentServicesA(SERVICE_STATE_ALL) failed(lpServiceName=%s,gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> OpenServiceA(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$[E] (%s) -> OpenServiceA(SERVICE_ENUMERATE_DEPENDENTS) failed(lpServiceName=%s,gle=%lu)$[E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x)$[I] (%s) -> EnumDependentServicesA(SERVICE_STATE_ALL) done(lpServiceName=%s,dep_num=%lu)$[I] (%s) -> Service stopped(lpServiceName=%s,pid=%lu)$[W] (%s) -> scm_find failed(lpServiceName=%s)$mem_alloc$scm_stop$~$~
API String ID: 1728296876-1811208690
Opcode ID: f6b4076402929f921958397003b3befe8e4b2cde3b81bb6dcf8e080ef3907e48
Instruction ID: fbec41bf41de03d36cf25f3721cc1c3506552b55215bec6297c6507ce4595fd5
Opcode Fuzzy Hash: f6b4076402929f921958397003b3befe8e4b2cde3b81bb6dcf8e080ef3907e48
Instruction Fuzzy Hash: BE126F61E0CF0386FB605787E880BBD125DAF55778F1440FACA4E466B6DEADA985C302

Function 00007FFE126D973E Relevance: 56.4, APIs: 17, Strings: 15, Instructions: 435stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE126D97D0
strcat.MSVCRT ref: 00007FFE126D990A
strlen.MSVCRT ref: 00007FFE126D9920
strlen.MSVCRT ref: 00007FFE126D992B
strlen.MSVCRT ref: 00007FFE126D995F
strcat.MSVCRT ref: 00007FFE126D996F
strlen.MSVCRT ref: 00007FFE126D99AD
strlen.MSVCRT ref: 00007FFE126D99BA
strlen.MSVCRT ref: 00007FFE126D99E3
strcat.MSVCRT ref: 00007FFE126D99F5
LogonUserA.ADVAPI32 ref: 00007FFE126D9A65
GetLastError.KERNEL32 ref: 00007FFE126D9A73
CloseHandle.KERNEL32 ref: 00007FFE126D9D37

Strings

h, xrefs: 00007FFE126D9F06
[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu), xrefs: 00007FFE126D9D8F
(usr == NULL) || (pwd != NULL), xrefs: 00007FFE126D98DA
(pi != NULL), xrefs: 00007FFE126D9872
process_create, xrefs: 00007FFE126D9839, 00007FFE126D9879, 00007FFE126D98AD, 00007FFE126D98E1, 00007FFE126D9A93, 00007FFE126D9C2C, 00007FFE126D9D19, 00007FFE126D9D88, 00007FFE126D9EBC, 00007FFE126D9FAE
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE126D986B, 00007FFE126D989F, 00007FFE126D98D3
[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu), xrefs: 00007FFE126D9A9A
[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x), xrefs: 00007FFE126D9840
NULL, xrefs: 00007FFE126D9FC6, 00007FFE126D9FD2, 00007FFE126D9FDE, 00007FFE126D9FEA, 00007FFE126D9FF6, 00007FFE126DA002, 00007FFE126DA00E, 00007FFE126DA01A, 00007FFE126DA026
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D9880, 00007FFE126D98B4, 00007FFE126D98E8
(app != NULL), xrefs: 00007FFE126D98A6
[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu), xrefs: 00007FFE126D9D20
[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu), xrefs: 00007FFE126D9C33
[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu), xrefs: 00007FFE126D9EC3
[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu), xrefs: 00007FFE126D9FB5

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strlen$strcat$CloseErrorHandleLastLogonUser
String ID: (app != NULL)$(pi != NULL)$(usr == NULL) || (pwd != NULL)$C:/Projects/rdp/bot/codebase/process.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu)$[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x)$[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu)$[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu)$[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu)$h$process_create
API String ID: 1842180197-3127737957
Opcode ID: 91d5cc4be0632d887239797a333ab1f121351889201fa55c62988aa2e63f0e81
Instruction ID: 277f1d539ec027798bc34d3a230f6c49217cec2f95858e7c652ac5cfa29d3730
Opcode Fuzzy Hash: 91d5cc4be0632d887239797a333ab1f121351889201fa55c62988aa2e63f0e81
Instruction Fuzzy Hash: D81280A190EE4F86FA709B13EC403B96291BB447A4F5441B2D98E476F4DEFCE949C701

Function 00007FFE126D8F3F Relevance: 51.2, APIs: 10, Strings: 19, Instructions: 417stringCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFE126D9037
GetLastError.KERNEL32 ref: 00007FFE126D910F
strcmp.MSVCRT ref: 00007FFE126D92DA
OpenProcess.KERNEL32 ref: 00007FFE126D92F2
TerminateProcess.KERNEL32 ref: 00007FFE126D930C
GetLastError.KERNEL32 ref: 00007FFE126D931A
CloseHandle.KERNEL32 ref: 00007FFE126D96A5

Strings

P, xrefs: 00007FFE126D90C8
, xrefs: 00007FFE126D9055
[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu), xrefs: 00007FFE126D9049
[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FFE126D932C
[E] (%s) -> Failed(name=%s,pid=%lu,err=%08x), xrefs: 00007FFE126D9015
~, xrefs: 00007FFE126D919C
process_kill, xrefs: 00007FFE126D8FDC, 00007FFE126D900E, 00007FFE126D9042, 00007FFE126D9129, 00007FFE126D9325, 00007FFE126D93BE, 00007FFE126D9529, 00007FFE126D96BE
[I] (%s) -> Done(name=%s,pid=%lu), xrefs: 00007FFE126D96C5
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE126D8FCE
|, xrefs: 00007FFE126D8FC6
NULL, xrefs: 00007FFE126D9726, 00007FFE126D9732
P, xrefs: 00007FFE126D91A5
[E] (%s) -> Process32Next failed(gle=%lu), xrefs: 00007FFE126D9530
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D8FE3
~, xrefs: 00007FFE126D90BF
[E] (%s) -> OpenProcess failed(gle=%lu), xrefs: 00007FFE126D93C5
[E] (%s) -> Process32First failed(gle=%lu), xrefs: 00007FFE126D9130
(name != NULL) || (pid != 0), xrefs: 00007FFE126D8FD5
, xrefs: 00007FFE126D913C

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLast$Process$CloseHandleOpenTerminatestrcmp
String ID: $ $(name != NULL) || (pid != 0)$C:/Projects/rdp/bot/codebase/process.c$NULL$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> Failed(name=%s,pid=%lu,err=%08x)$[E] (%s) -> OpenProcess failed(gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> TerminateProcess failed(gle=%lu)$[I] (%s) -> Done(name=%s,pid=%lu)$process_kill$|$~$~
API String ID: 2412365107-4109375376
Opcode ID: 8db4f565d0db8aad6615902c4b8094c6e450a968460a31bfeea8b32dc0ef4057
Instruction ID: eacc53d1ba8e4e964bbd4e1e984c33147e1c4a48bca9a6944d45741e0a5e0fc1
Opcode Fuzzy Hash: 8db4f565d0db8aad6615902c4b8094c6e450a968460a31bfeea8b32dc0ef4057
Instruction Fuzzy Hash: 1DF13815E1EE4F87FB608657ACC43B922429F15774F2401B2D98E066F2DDEEBC859202

Function 00007FFE126D6221 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 226stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE126D6246
RemoveDirectoryA.KERNEL32 ref: 00007FFE126D625E
GetLastError.KERNEL32 ref: 00007FFE126D6268

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

strcpy.MSVCRT ref: 00007FFE126D6332
strlen.MSVCRT ref: 00007FFE126D633A
strlen.MSVCRT ref: 00007FFE126D6356
strlen.MSVCRT ref: 00007FFE126D6367
strcpy.MSVCRT ref: 00007FFE126D6381
strlen.MSVCRT ref: 00007FFE126D6389
strlen.MSVCRT ref: 00007FFE126D63AB
strlen.MSVCRT ref: 00007FFE126D63BF
strcmp.MSVCRT ref: 00007FFE126D6401
strcmp.MSVCRT ref: 00007FFE126D6414
RemoveDirectoryA.KERNEL32 ref: 00007FFE126D64BD
GetLastError.KERNEL32 ref: 00007FFE126D64CB

Strings

[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FFE126D65B8
NULL, xrefs: 00007FFE126D6605
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D629C
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FFE126D661B
*, xrefs: 00007FFE126D636C
fs_dir_delete, xrefs: 00007FFE126D627F, 00007FFE126D62AA, 00007FFE126D642D, 00007FFE126D64E2, 00007FFE126D65B1, 00007FFE126D6614
[D] (%s) -> Delete(path_wc=%s,f_path=%s), xrefs: 00007FFE126D6434
(path != NULL), xrefs: 00007FFE126D62A3
[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FFE126D6286, 00007FFE126D64E9
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D62B1

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strlen$DirectoryErrorLastRemovestrcmpstrcpy$fflushfwrite
String ID: (path != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
API String ID: 2460052984-4087913290
Opcode ID: 26f1af922d5ebc9079b911d7e4bf6bebecebb65ae47c2c1eade9d866be8a22ad
Instruction ID: 9af188f93c8638d2f659429f35a127fcaa9b099154ad76aa21833955c88f3f33
Opcode Fuzzy Hash: 26f1af922d5ebc9079b911d7e4bf6bebecebb65ae47c2c1eade9d866be8a22ad
Instruction Fuzzy Hash: 51A1B26190CE8E8BFB208B17BC443BD6351AF84764F5540B2DA8D466F9EEFCE8498701

Function 00007FFE11502851 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 226stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE11502876
RemoveDirectoryA.KERNEL32 ref: 00007FFE1150288E
GetLastError.KERNEL32 ref: 00007FFE11502898

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

strcpy.MSVCRT ref: 00007FFE11502962
strlen.MSVCRT ref: 00007FFE1150296A
strlen.MSVCRT ref: 00007FFE11502986
strlen.MSVCRT ref: 00007FFE11502997
strcpy.MSVCRT ref: 00007FFE115029B1
strlen.MSVCRT ref: 00007FFE115029B9
strlen.MSVCRT ref: 00007FFE115029DB
strlen.MSVCRT ref: 00007FFE115029EF
strcmp.MSVCRT ref: 00007FFE11502A31
strcmp.MSVCRT ref: 00007FFE11502A44
RemoveDirectoryA.KERNEL32 ref: 00007FFE11502AED
GetLastError.KERNEL32 ref: 00007FFE11502AFB

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE115028CC
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FFE11502C4B
(path != NULL), xrefs: 00007FFE115028D3
fs_dir_delete, xrefs: 00007FFE115028AF, 00007FFE115028DA, 00007FFE11502A5D, 00007FFE11502B12, 00007FFE11502BE1, 00007FFE11502C44
[D] (%s) -> Delete(path_wc=%s,f_path=%s), xrefs: 00007FFE11502A64
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE115028E1
[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FFE115028B6, 00007FFE11502B19
*, xrefs: 00007FFE1150299C
[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FFE11502BE8
NULL, xrefs: 00007FFE11502C35

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: strlen$DirectoryErrorLastRemovestrcmpstrcpy$fflushfwrite
String ID: (path != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
API String ID: 2460052984-4087913290
Opcode ID: 51ad9032e29619aec93c3608d2f578bfcac488de460c65f97f87e95cac6161ff
Instruction ID: 68c24ffbe963b5d697b3af2dcf3b2514dc0f30b38369abb34291716c5b9a5863
Opcode Fuzzy Hash: 51ad9032e29619aec93c3608d2f578bfcac488de460c65f97f87e95cac6161ff
Instruction Fuzzy Hash: 60A1EF21A0CE8395FB219B93E4443FE635AAF803E4F5804BAD94D476B5DFBCE9458B01

Function 00007FFE126D685F Relevance: 42.3, APIs: 16, Strings: 12, Instructions: 270stringCOMMON

Download Yara Rule

APIs

strcpy.MSVCRT ref: 00007FFE126D68BA
strlen.MSVCRT ref: 00007FFE126D68C2
strlen.MSVCRT ref: 00007FFE126D68E3
strlen.MSVCRT ref: 00007FFE126D68F5
strcmp.MSVCRT ref: 00007FFE126D699D
strcmp.MSVCRT ref: 00007FFE126D69B5
strcat.MSVCRT ref: 00007FFE126D6A15
strlen.MSVCRT ref: 00007FFE126D6A1D
strcpy.MSVCRT ref: 00007FFE126D6B03
strlen.MSVCRT ref: 00007FFE126D6B0B
strlen.MSVCRT ref: 00007FFE126D6B2D
strcat.MSVCRT ref: 00007FFE126D6B46
strcpy.MSVCRT ref: 00007FFE126D6B59
strlen.MSVCRT ref: 00007FFE126D6B61
strlen.MSVCRT ref: 00007FFE126D6B83
strcat.MSVCRT ref: 00007FFE126D6B9F

Strings

NULL, xrefs: 00007FFE126D6D6D, 00007FFE126D6D76
[I] (%s) -> Done(src=%s,dst=%s), xrefs: 00007FFE126D6D8C
*, xrefs: 00007FFE126D68FA
fs_dir_copy, xrefs: 00007FFE126D6A46, 00007FFE126D6A74, 00007FFE126D6A9F, 00007FFE126D6BB2, 00007FFE126D6D09, 00007FFE126D6D85
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D6A66, 00007FFE126D6A91
(src != NULL), xrefs: 00007FFE126D6A6D
[I] (%s) -> Filtered(f_src=%s,flt=%s), xrefs: 00007FFE126D6A4D
[E] (%s) -> Failed(src=%s,dst=%s,err=%08x), xrefs: 00007FFE126D6D10
|, xrefs: 00007FFE126D6A22
[D] (%s) -> Copy(f_src=%s,f_dst=%s), xrefs: 00007FFE126D6BB9
(dst != NULL), xrefs: 00007FFE126D6A98
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D6A7B, 00007FFE126D6AA6

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strlen$strcatstrcpy$strcmp
String ID: (dst != NULL)$(src != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Copy(f_src=%s,f_dst=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(src=%s,dst=%s,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s)$[I] (%s) -> Filtered(f_src=%s,flt=%s)$fs_dir_copy$|
API String ID: 2140730755-3699962909
Opcode ID: 7dcd5c13d9d8dd0a9773e803e60b51585db6b403c331d98dca1257e479660d22
Instruction ID: deb7d387ba6fb7c64857e9c6ae420970a6bd1cd3be25a25225fc6846becd348e
Opcode Fuzzy Hash: 7dcd5c13d9d8dd0a9773e803e60b51585db6b403c331d98dca1257e479660d22
Instruction Fuzzy Hash: ADC1816190CA8ECAFA20CB17BD443FD6251EB857A4F8440B2DA8D176E5DFEDE909C701

Function 00007FFE126D730F Relevance: 36.9, APIs: 5, Strings: 16, Instructions: 199fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FFE126D7367
LockFileEx.KERNEL32 ref: 00007FFE126D73A0
GetLastError.KERNEL32 ref: 00007FFE126D7475
GetLastError.KERNEL32 ref: 00007FFE126D755A
CloseHandle.KERNEL32 ref: 00007FFE126D76CE

Strings

~, xrefs: 00007FFE126D75B1
P, xrefs: 00007FFE126D74FF
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D741A, 00007FFE126D744A
~, xrefs: 00007FFE126D74F6
[I] (%s) -> Done(path=%s,lock=%p), xrefs: 00007FFE126D76F2
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D73FB
fs_file_lock, xrefs: 00007FFE126D73F4, 00007FFE126D7428, 00007FFE126D7458, 00007FFE126D7483, 00007FFE126D7568, 00007FFE126D76EB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D742F, 00007FFE126D745F
NULL, xrefs: 00007FFE126D76D9
, xrefs: 00007FFE126D757B
[E] (%s) -> LockFileEx failed(path=%s,gle=%lu), xrefs: 00007FFE126D756F
, xrefs: 00007FFE126D7496
P, xrefs: 00007FFE126D75BA
[E] (%s) -> CreateFileA failed(path=%s,gle=%lu), xrefs: 00007FFE126D748A
(path != NULL), xrefs: 00007FFE126D7421
(lock != NULL), xrefs: 00007FFE126D7451

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleLock
String ID: $ $(lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock$~$~
API String ID: 2747014929-4251196842
Opcode ID: 704981e107e05e0129ca2e9ec01e2c6c966bd2d82bb1131230a1c9ef7a36e905
Instruction ID: dcef3938355af80026c11f3fbfe0b1bd7cfac93c5a3be11973ee66d543243385
Opcode Fuzzy Hash: 704981e107e05e0129ca2e9ec01e2c6c966bd2d82bb1131230a1c9ef7a36e905
Instruction Fuzzy Hash: C9814C60D4CF8E83FB2AA716AD4037C32519F00774F1502B2D9AE066F1FEEDA9859653

Function 00007FFE1150393F Relevance: 36.9, APIs: 5, Strings: 16, Instructions: 199fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FFE11503997
LockFileEx.KERNEL32 ref: 00007FFE115039D0
GetLastError.KERNEL32 ref: 00007FFE11503AA5
GetLastError.KERNEL32 ref: 00007FFE11503B8A
CloseHandle.KERNEL32 ref: 00007FFE11503CFE

Strings

[I] (%s) -> Done(path=%s,lock=%p), xrefs: 00007FFE11503D22
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11503A4A, 00007FFE11503A7A
P, xrefs: 00007FFE11503B2F
~, xrefs: 00007FFE11503B26
P, xrefs: 00007FFE11503BEA
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE11503A2B
[E] (%s) -> LockFileEx failed(path=%s,gle=%lu), xrefs: 00007FFE11503B9F
NULL, xrefs: 00007FFE11503D09
[E] (%s) -> CreateFileA failed(path=%s,gle=%lu), xrefs: 00007FFE11503ABA
(path != NULL), xrefs: 00007FFE11503A51
fs_file_lock, xrefs: 00007FFE11503A24, 00007FFE11503A58, 00007FFE11503A88, 00007FFE11503AB3, 00007FFE11503B98, 00007FFE11503D1B
~, xrefs: 00007FFE11503BE1
, xrefs: 00007FFE11503AC6
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11503A5F, 00007FFE11503A8F
, xrefs: 00007FFE11503BAB
(lock != NULL), xrefs: 00007FFE11503A81

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleLock
String ID: $ $(lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock$~$~
API String ID: 2747014929-4251196842
Opcode ID: a664f431d0384db3085f0158279076aec845581227eba355486688f3ec06e6b2
Instruction ID: a926e91bafbd3ca487fbf6064cce3d68d2560b6b80cfd1b0ca67a3d894457135
Opcode Fuzzy Hash: a664f431d0384db3085f0158279076aec845581227eba355486688f3ec06e6b2
Instruction Fuzzy Hash: AC815420D4CF4A89F7B05B86E48137E22596F00774F1405BAC96E476F3EF9EA989D342

Function 00007FFE1150E530 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 207memoryCOMMON

Download Yara Rule

APIs

OpenProcessToken.ADVAPI32 ref: 00007FFE1150E55A
GetTokenInformation.ADVAPI32 ref: 00007FFE1150E590
GetLastError.KERNEL32 ref: 00007FFE1150E59E
LocalFree.KERNEL32 ref: 00007FFE1150E5D8
CloseHandle.KERNEL32 ref: 00007FFE1150E5E3
GetLastError.KERNEL32 ref: 00007FFE1150E688
LocalAlloc.KERNEL32 ref: 00007FFE1150E740
GetTokenInformation.ADVAPI32 ref: 00007FFE1150E76E
GetLastError.KERNEL32 ref: 00007FFE1150E77C

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

LocalAlloc.KERNEL32 ref: 00007FFE1150E86A
GetLengthSid.ADVAPI32 ref: 00007FFE1150E87C
memcpy.MSVCRT ref: 00007FFE1150E88C

Strings

[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE1150E5BA, 00007FFE1150E791
[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE1150E69D
(hnd != NULL), xrefs: 00007FFE1150E602
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150E610, 00007FFE1150E640
process_get_user_sid, xrefs: 00007FFE1150E5B3, 00007FFE1150E609, 00007FFE1150E639, 00007FFE1150E66A, 00007FFE1150E696, 00007FFE1150E78A
[E] (%s) -> Failed(hnd=0x%p,err=%08x), xrefs: 00007FFE1150E671
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE1150E5FB, 00007FFE1150E62B
(sid != NULL), xrefs: 00007FFE1150E632

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastLocalToken$AllocInformation$CloseFreeHandleLengthOpenProcessfflushfwritememcpy
String ID: (hnd != NULL)$(sid != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu)$[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu)$process_get_user_sid
API String ID: 3826151639-1775164968
Opcode ID: 68207ade090d25bf802874d9709f6b9207fcde198e90ef34ef7b7da26412a7de
Instruction ID: 6bf5df1cfc6a66e8e9a79ec444aeadcb27248b86d4477eb2a1c23451ba461e3e
Opcode Fuzzy Hash: 68207ade090d25bf802874d9709f6b9207fcde198e90ef34ef7b7da26412a7de
Instruction Fuzzy Hash: 71916062F0CE5281FB615B96F84037D125AEF84774F2914BAD50E072F5EE3DE985A301

Function 00007FFE126DC2D9 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 201registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE126DC313
RegSetValueExA.ADVAPI32 ref: 00007FFE126DC43C
RegCloseKey.ADVAPI32 ref: 00007FFE126DC565

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC585
P, xrefs: 00007FFE126DC4E7
, xrefs: 00007FFE126DC340
[E] (%s) -> RegSetValueExA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE126DC46A
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DC389, 00007FFE126DC3B9
(root != NULL), xrefs: 00007FFE126DC37B
, xrefs: 00007FFE126DC351
P, xrefs: 00007FFE126DC4F0
(key != NULL), xrefs: 00007FFE126DC3AB
, xrefs: 00007FFE126DC47F
, xrefs: 00007FFE126DC476
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE126DC374, 00007FFE126DC3A4
P, xrefs: 00007FFE126DC5EA
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE126DC334
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126DC3F9
registry_set_value, xrefs: 00007FFE126DC32D, 00007FFE126DC382, 00007FFE126DC3B2, 00007FFE126DC3F2, 00007FFE126DC463, 00007FFE126DC57E
NULL, xrefs: 00007FFE126DC496, 00007FFE126DC64F, 00007FFE126DC65B

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseOpenValuefflushfwrite
String ID: $ $ $ $(key != NULL)$(root != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegSetValueExA failed(root=0x%p,key=%s,param=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 716145365-86941537
Opcode ID: 5384ac0ee4a9e4bb19451bcca3ec91683df4e8ef98abd54195bb8da859f00dd1
Instruction ID: f036a743950cf5e85114f8911b7b6be193ff921c89889af685ef189b6f07969b
Opcode Fuzzy Hash: 5384ac0ee4a9e4bb19451bcca3ec91683df4e8ef98abd54195bb8da859f00dd1
Instruction Fuzzy Hash: 9A816D6194CF4F83FA30AB46AD402783250AF44BB4F1401B2D99E46AF9FEEDE9958345

Function 00007FFE115059B9 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 201registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE115059F3
RegSetValueExA.ADVAPI32 ref: 00007FFE11505B1C
RegCloseKey.ADVAPI32 ref: 00007FFE11505C45

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

, xrefs: 00007FFE11505B56
[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE11505C65
(key != NULL), xrefs: 00007FFE11505A8B
registry_set_value, xrefs: 00007FFE11505A0D, 00007FFE11505A62, 00007FFE11505A92, 00007FFE11505AD2, 00007FFE11505B43, 00007FFE11505C5E
(root != NULL), xrefs: 00007FFE11505A5B
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11505AD9
P, xrefs: 00007FFE11505CCA
, xrefs: 00007FFE11505A31
NULL, xrefs: 00007FFE11505B76, 00007FFE11505D2F, 00007FFE11505D3B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11505A69, 00007FFE11505A99
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE11505A14
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE11505A54, 00007FFE11505A84
P, xrefs: 00007FFE11505BC7
[E] (%s) -> RegSetValueExA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE11505B4A
, xrefs: 00007FFE11505B5F
, xrefs: 00007FFE11505A20
P, xrefs: 00007FFE11505BD0

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseOpenValuefflushfwrite
String ID: $ $ $ $(key != NULL)$(root != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegSetValueExA failed(root=0x%p,key=%s,param=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 716145365-86941537
Opcode ID: 323139f66bf16ca94d1327e2aeac6fc6fa3c29ff571b33d5149d3581ee6bf9ff
Instruction ID: d25bfdb3275149a9022c1acf9f1dadf04c55f70df31c64af567f6d10055519a5
Opcode Fuzzy Hash: 323139f66bf16ca94d1327e2aeac6fc6fa3c29ff571b33d5149d3581ee6bf9ff
Instruction Fuzzy Hash: D981826192CF0B81FB31A786E84477D325CBF0477CF4402BACA1E46AB5EE6DE9848741

Function 00007FFE126DBF74 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 192registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE126DBFA9
RegDeleteValueA.ADVAPI32 ref: 00007FFE126DC0AE
RegCloseKey.ADVAPI32 ref: 00007FFE126DC1D7

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC1F7
, xrefs: 00007FFE126DC0F1
, xrefs: 00007FFE126DBFD6
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DC01F, 00007FFE126DC04F
, xrefs: 00007FFE126DC0E8
(root != NULL), xrefs: 00007FFE126DC011
, xrefs: 00007FFE126DBFE7
P, xrefs: 00007FFE126DC25C
[E] (%s) -> RegDeleteValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE126DC0DC
P, xrefs: 00007FFE126DC162
registry_del_value, xrefs: 00007FFE126DBFC3, 00007FFE126DC018, 00007FFE126DC048, 00007FFE126DC088, 00007FFE126DC0D5, 00007FFE126DC1F0
(key != NULL), xrefs: 00007FFE126DC041
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE126DC00A, 00007FFE126DC03A
P, xrefs: 00007FFE126DC159
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE126DBFCA
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126DC08F
NULL, xrefs: 00007FFE126DC108, 00007FFE126DC2C1, 00007FFE126DC2CD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseDeleteOpenValuefflushfwrite
String ID: $ $ $ $(key != NULL)$(root != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegDeleteValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 3240087161-1026589300
Opcode ID: a268a20a4ed75a55644bd1d860c98e745d9983276619bd552cc9458a4e6a3f6f
Instruction ID: ef7be361f7873c11b123cace10eeacc1247303a3e4a917a7a0ecd783e984698c
Opcode Fuzzy Hash: a268a20a4ed75a55644bd1d860c98e745d9983276619bd552cc9458a4e6a3f6f
Instruction Fuzzy Hash: 2B819E2094CF4F83FA75AB56AC803782250AF51BB4F5401B2D99E466F9EEDDAD858302

Function 00007FFE126D8B70 Relevance: 33.5, APIs: 11, Strings: 8, Instructions: 207memoryCOMMON

Download Yara Rule

APIs

OpenProcessToken.ADVAPI32 ref: 00007FFE126D8B9A
GetTokenInformation.ADVAPI32 ref: 00007FFE126D8BD0
GetLastError.KERNEL32 ref: 00007FFE126D8BDE
LocalFree.KERNEL32 ref: 00007FFE126D8C18
CloseHandle.KERNEL32 ref: 00007FFE126D8C23
GetLastError.KERNEL32 ref: 00007FFE126D8CC8
LocalAlloc.KERNEL32 ref: 00007FFE126D8D80
GetTokenInformation.ADVAPI32 ref: 00007FFE126D8DAE
GetLastError.KERNEL32 ref: 00007FFE126D8DBC

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

LocalAlloc.KERNEL32 ref: 00007FFE126D8EAA
GetLengthSid.ADVAPI32 ref: 00007FFE126D8EBC

Strings

process_get_user_sid, xrefs: 00007FFE126D8BF3, 00007FFE126D8C49, 00007FFE126D8C79, 00007FFE126D8CAA, 00007FFE126D8CD6, 00007FFE126D8DCA
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D8C50, 00007FFE126D8C80
(hnd != NULL), xrefs: 00007FFE126D8C42
[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE126D8BFA, 00007FFE126D8DD1
(sid != NULL), xrefs: 00007FFE126D8C72
[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE126D8CDD
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE126D8C3B, 00007FFE126D8C6B
[E] (%s) -> Failed(hnd=0x%p,err=%08x), xrefs: 00007FFE126D8CB1

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastLocalToken$AllocInformation$CloseFreeHandleLengthOpenProcessfflushfwrite
String ID: (hnd != NULL)$(sid != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu)$[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu)$process_get_user_sid
API String ID: 1151404744-1775164968
Opcode ID: aa1985b96967479882025d48cd8a0add947c3715c92882144cc10cca8a9276db
Instruction ID: dc3710e83dfba47e247343dfddf8c0273530b3a637c582146a98b4446ec9b17e
Opcode Fuzzy Hash: aa1985b96967479882025d48cd8a0add947c3715c92882144cc10cca8a9276db
Instruction Fuzzy Hash: 76913B61A0ED4EC7FA609B16EC8837D1252AF84774F1508B2D58E476F4EEFCE8868741

Function 00007FFE126D57DB Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 133fileCOMMON

Download Yara Rule

APIs

fopen.MSVCRT ref: 00007FFE126D5803
fclose.MSVCRT ref: 00007FFE126D5835
_errno.MSVCRT ref: 00007FFE126D58EF
_errno.MSVCRT ref: 00007FFE126D5910
fwrite.MSVCRT ref: 00007FFE126D5984

Strings

NULL, xrefs: 00007FFE126D5A3A, 00007FFE126D5A46
[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d), xrefs: 00007FFE126D5904
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D588D, 00007FFE126D58BD
[E] (%s) -> Failed(path=%s,mode=%s,err=%08x), xrefs: 00007FFE126D586C
(mode != NULL), xrefs: 00007FFE126D58C4
[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu), xrefs: 00007FFE126D5A64
(path != NULL), xrefs: 00007FFE126D5894
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D58A2, 00007FFE126D58D2
fs_file_write, xrefs: 00007FFE126D5865, 00007FFE126D589B, 00007FFE126D58CB, 00007FFE126D58FD, 00007FFE126D59AD, 00007FFE126D5A5D
[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d), xrefs: 00007FFE126D59B4

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: _errno$fclosefopenfwrite
String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
API String ID: 608220805-544371937
Opcode ID: a24b7f980791a68b7fa53d2f65726dba68c6577be98862efab153ef87cc2f980
Instruction ID: 29dd271a6373d96784e8d94d94d32095d069ba2f253d962897e92ac4491a61bc
Opcode Fuzzy Hash: a24b7f980791a68b7fa53d2f65726dba68c6577be98862efab153ef87cc2f980
Instruction Fuzzy Hash: 32513B61E08E5B86FA10DB67ED802B82351AF547B5F4941B2D99D47AF4EFBCE906C300

Function 00007FFE126D54FE Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE126D551D
CreateDirectoryA.KERNEL32 ref: 00007FFE126D553F
GetLastError.KERNEL32 ref: 00007FFE126D5590
strcpy.MSVCRT ref: 00007FFE126D55E1
strlen.MSVCRT ref: 00007FFE126D55E9
strlen.MSVCRT ref: 00007FFE126D5605
strlen.MSVCRT ref: 00007FFE126D5616
CreateDirectoryA.KERNEL32 ref: 00007FFE126D5687
GetLastError.KERNEL32 ref: 00007FFE126D5691

Strings

[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FFE126D5766
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu), xrefs: 00007FFE126D5640
NULL, xrefs: 00007FFE126D57B7
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D5560
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FFE126D57CD
(path != NULL), xrefs: 00007FFE126D5567
fs_dir_create, xrefs: 00007FFE126D556E, 00007FFE126D55A2, 00007FFE126D5639, 00007FFE126D575F, 00007FFE126D57C6
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D5575
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FFE126D55A9

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strlen$CreateDirectoryErrorLast$strcpy
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
API String ID: 1104438493-1059260517
Opcode ID: d76066d44835d25d9b9fc0eced468d3f038e21c78a99d494400721fdddfc8336
Instruction ID: fc314cfcbf37c5504f914dc76e448d0b5b26ea428dfddc6effb124f02b3ec490
Opcode Fuzzy Hash: d76066d44835d25d9b9fc0eced468d3f038e21c78a99d494400721fdddfc8336
Instruction Fuzzy Hash: 71715C55A0CA4FC3FB609B17BC807B91651AB547B4F6501B2D99E07AF1EEECA8458301

Function 00007FFE11501E0B Relevance: 29.9, APIs: 7, Strings: 10, Instructions: 133fileCOMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE11501F1F
_errno.MSVCRT ref: 00007FFE11501F40
fwrite.MSVCRT ref: 00007FFE11501FB4

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11501EBD, 00007FFE11501EED
(path != NULL), xrefs: 00007FFE11501EC4
[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d), xrefs: 00007FFE11501FE4
[E] (%s) -> Failed(path=%s,mode=%s,err=%08x), xrefs: 00007FFE11501E9C
[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d), xrefs: 00007FFE11501F34
[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu), xrefs: 00007FFE11502094
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11501ED2, 00007FFE11501F02
NULL, xrefs: 00007FFE1150206A, 00007FFE11502076
fs_file_write, xrefs: 00007FFE11501E95, 00007FFE11501ECB, 00007FFE11501EFB, 00007FFE11501F2D, 00007FFE11501FDD, 00007FFE1150208D
(mode != NULL), xrefs: 00007FFE11501EF4

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: _errno$fwrite
String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
API String ID: 116495842-544371937
Opcode ID: 5c51432be4c91dae380d84349e0e6eaa9f8980b1305bb4fd1393100d6ed1f6a9
Instruction ID: 4d8d585275e0fb12a25b23f2cc2ffa2608645e5784d6204304ce77a97920667c
Opcode Fuzzy Hash: 5c51432be4c91dae380d84349e0e6eaa9f8980b1305bb4fd1393100d6ed1f6a9
Instruction Fuzzy Hash: D3518D62A09E0385FB119B97E9802BC375ABF557B0F4845BAD91D072B1EF7CEA06C311

Function 00007FFE126DB150 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 259registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.ADVAPI32 ref: 00007FFE126DB1DD
RegOpenKeyExA.ADVAPI32 ref: 00007FFE126DB31F
RegCloseKey.ADVAPI32 ref: 00007FFE126DB55E

Strings

[E] (%s) -> RegEnumKeyExA failed(root=0x%p,key=%s,enum_index=%lu,subkey_len=%llu,res=%lu), xrefs: 00007FFE126DB39F
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DB262, 00007FFE126DB292, 00007FFE126DB2C5, 00007FFE126DB2F8
(root != NULL), xrefs: 00007FFE126DB254
[E] (%s) -> RegOpenKeyExA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE126DB341
[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x), xrefs: 00007FFE126DB226
(subkey_len != NULL), xrefs: 00007FFE126DB2EA
(subkey != NULL), xrefs: 00007FFE126DB2B7
(key != NULL), xrefs: 00007FFE126DB284
[D] (%s) -> Step(root=0x%p,key=%s,enum_index=%lu,subkey=%s,subkey_len=%llu), xrefs: 00007FFE126DB64C
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE126DB24D, 00007FFE126DB27D, 00007FFE126DB2B0, 00007FFE126DB2E3
[I] (%s) -> Done(root=0x%p,key=%s), xrefs: 00007FFE126DB54F
registry_enum_key, xrefs: 00007FFE126DB21F, 00007FFE126DB25B, 00007FFE126DB28B, 00007FFE126DB2BE, 00007FFE126DB2F1, 00007FFE126DB33A, 00007FFE126DB398, 00007FFE126DB548, 00007FFE126DB645
NULL, xrefs: 00007FFE126DB61D

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseEnumOpen
String ID: (key != NULL)$(root != NULL)$(subkey != NULL)$(subkey_len != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Step(root=0x%p,key=%s,enum_index=%lu,subkey=%s,subkey_len=%llu)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegEnumKeyExA failed(root=0x%p,key=%s,enum_index=%lu,subkey_len=%llu,res=%lu)$[E] (%s) -> RegOpenKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_enum_key
API String ID: 1332880857-2775769510
Opcode ID: 6d6f2deb07fbd300a12f15b35bdcc2a36a80df8de26e6c5148ed774bc397a8c8
Instruction ID: 827d6cbaaa17fe9ea26b27a29665d9c00e4df284ebdf4e2e32282d102aa9fb6d
Opcode Fuzzy Hash: 6d6f2deb07fbd300a12f15b35bdcc2a36a80df8de26e6c5148ed774bc397a8c8
Instruction Fuzzy Hash: 6DB12D6290CE4E87FA608B07EC5077C2251AF887B4F5901B2D59E476F8EEFCE9859701

Function 00007FFE126DA22C Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 187synchronizationCOMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32 ref: 00007FFE126DA246
WaitForSingleObject.KERNEL32 ref: 00007FFE126DA26A
GetExitCodeProcess.KERNEL32 ref: 00007FFE126DA278
GetLastError.KERNEL32 ref: 00007FFE126DA31F
TerminateProcess.KERNEL32 ref: 00007FFE126DA40C
GetLastError.KERNEL32 ref: 00007FFE126DA41A
GetLastError.KERNEL32 ref: 00007FFE126DA501

Part of subcall function 00007FFE126DA1D0: CloseHandle.KERNEL32 ref: 00007FFE126DA1E8
Part of subcall function 00007FFE126DA1D0: CloseHandle.KERNEL32 ref: 00007FFE126DA1EE

Strings

[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu), xrefs: 00007FFE126DA430
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DA2DA
[I] (%s) -> Done(pid=%lu,exit_code=%08lx), xrefs: 00007FFE126DA2AF
process_close, xrefs: 00007FFE126DA2A8, 00007FFE126DA2D3, 00007FFE126DA302, 00007FFE126DA32E, 00007FFE126DA429, 00007FFE126DA50E
(pi != NULL), xrefs: 00007FFE126DA2CC
[E] (%s) -> Failed(pid=%lu,err=%08x), xrefs: 00007FFE126DA309
[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu), xrefs: 00007FFE126DA515
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE126DA2C5
[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu), xrefs: 00007FFE126DA335

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastProcess$CloseCodeExitHandle$ObjectSingleTerminateWait
String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(pid=%lu,err=%08x)$[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu)$[I] (%s) -> Done(pid=%lu,exit_code=%08lx)$[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$process_close
API String ID: 1879646588-710610406
Opcode ID: e8e6b9f4422fb004d09ffc293bcc363bc8cb5c77a933e93e734cb42eecae558a
Instruction ID: 56becb0871034acd1cf1c2bbd90c0c4f45ab5ea4e193408a9ba04f7fdb7fb65b
Opcode Fuzzy Hash: e8e6b9f4422fb004d09ffc293bcc363bc8cb5c77a933e93e734cb42eecae558a
Instruction Fuzzy Hash: 9C811A62E0CD1F87FB609667AC8037C5250AF10774F2A80B2C99E576F4DDEDAD858385

Function 00007FFE126D4DA9 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 123COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FFE126D4DCA
GetLastError.KERNEL32 ref: 00007FFE126D4EAA

Strings

fs_attr_get, xrefs: 00007FFE126D4E17, 00007FFE126D4E4E, 00007FFE126D4E87, 00007FFE126D4EB8, 00007FFE126D4FEC
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D4E40, 00007FFE126D4E79
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D4E1E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D4E55, 00007FFE126D4E8E
~, xrefs: 00007FFE126D4F2E
NULL, xrefs: 00007FFE126D4FDA
c, xrefs: 00007FFE126D4E71
[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu), xrefs: 00007FFE126D4EBF
P, xrefs: 00007FFE126D4F33
, xrefs: 00007FFE126D4ECB
(attr != NULL), xrefs: 00007FFE126D4E80
(path != NULL), xrefs: 00007FFE126D4E47
[D] (%s) -> Done(path=%s,attr=%08lx), xrefs: 00007FFE126D4FF3

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: $(attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
API String ID: 1799206407-3397184676
Opcode ID: c7e33f04ff16cf37bf5fd111f9ee312e69900af82985126f10243b3bf2d85368
Instruction ID: ca0e73250f86bdda0f476dfc7881a027cad49801a74b462b5083112b287718a2
Opcode Fuzzy Hash: c7e33f04ff16cf37bf5fd111f9ee312e69900af82985126f10243b3bf2d85368
Instruction Fuzzy Hash: BE514960A0CE1F93FA609B17AD803F86250AF457B4F5801B2D9DE466F0EEEDAE55C341

Function 00007FFE126DA5D6 Relevance: 25.8, APIs: 10, Strings: 7, Instructions: 312memorystringCOMMON

Download Yara Rule

APIs

strcpy.MSVCRT ref: 00007FFE126DA644

Part of subcall function 00007FFE126D5A75: fopen.MSVCRT ref: 00007FFE126D5ABA
Part of subcall function 00007FFE126D5A75: fseek.MSVCRT ref: 00007FFE126D5AD9
Part of subcall function 00007FFE126D5A75: _errno.MSVCRT ref: 00007FFE126D5AED
Part of subcall function 00007FFE126D5A75: _errno.MSVCRT ref: 00007FFE126D5B08

GetProcessHeap.KERNEL32 ref: 00007FFE126DA689
HeapFree.KERNEL32 ref: 00007FFE126DA69A
GetProcessHeap.KERNEL32 ref: 00007FFE126DA6C1
HeapFree.KERNEL32 ref: 00007FFE126DA6D2
GetProcessHeap.KERNEL32 ref: 00007FFE126DA80A
HeapAlloc.KERNEL32 ref: 00007FFE126DA81B

Part of subcall function 00007FFE126D47EA: recv.WS2_32 ref: 00007FFE126D4812

Part of subcall function 00007FFE126D489D: send.WS2_32 ref: 00007FFE126D48EB
Part of subcall function 00007FFE126D489D: WSAGetLastError.WS2_32 ref: 00007FFE126D48FA

strlen.MSVCRT ref: 00007FFE126DAAA6
strlen.MSVCRT ref: 00007FFE126DAAD9
strcmp.MSVCRT ref: 00007FFE126DAAFA

Strings

ORRE, xrefs: 00007FFE126DA6E0
-RGMLWD-, xrefs: 00007FFE126DA6E8
%TEMP%, xrefs: 00007FFE126DA872
(, xrefs: 00007FFE126DA6D8
exe, xrefs: 00007FFE126DAAF3
mem_alloc, xrefs: 00007FFE126DA8E2
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE126DA8E9

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Heap$Process$Free_errnostrlen$AllocErrorLastfopenfseekrecvsendstrcmpstrcpy
String ID: %TEMP%$($-RGMLWD-$ORRE$[E] (%s) -> Memory allocation failed(size=%llu)$exe$mem_alloc
API String ID: 420611922-3475107310
Opcode ID: 6e6fe1dfc1eb4a1130b16d29e8eec07b0b219799b9145ee21665383f07fc91da
Instruction ID: 3a8beba803789bed405547a6865fec6205837c575f12bfdeb3b231bdbddabba7
Opcode Fuzzy Hash: 6e6fe1dfc1eb4a1130b16d29e8eec07b0b219799b9145ee21665383f07fc91da
Instruction Fuzzy Hash: 43D18F65A0CE8E87EA709A12AC503FD6351EB847B4F140272DADE477E5DEBCE9468700

Function 00007FFE126D18B2 Relevance: 25.8, APIs: 7, Strings: 10, Instructions: 253memorystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE126D18FD
HeapFree.KERNEL32 ref: 00007FFE126D190E

Part of subcall function 00007FFE126D5A75: fopen.MSVCRT ref: 00007FFE126D5ABA
Part of subcall function 00007FFE126D5A75: fseek.MSVCRT ref: 00007FFE126D5AD9
Part of subcall function 00007FFE126D5A75: _errno.MSVCRT ref: 00007FFE126D5AED
Part of subcall function 00007FFE126D5A75: _errno.MSVCRT ref: 00007FFE126D5B08

GetProcessHeap.KERNEL32 ref: 00007FFE126D1A3A
HeapAlloc.KERNEL32 ref: 00007FFE126D1A4B
strncpy.MSVCRT ref: 00007FFE126D1B54
strncpy.MSVCRT ref: 00007FFE126D1C42
strncpy.MSVCRT ref: 00007FFE126D1C57

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

(path != NULL), xrefs: 00007FFE126D1974
5, xrefs: 00007FFE126D1965
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D1982
ini_load, xrefs: 00007FFE126D193F, 00007FFE126D197B, 00007FFE126D1CA7
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE126D1AA0
mem_alloc, xrefs: 00007FFE126D1A99
[I] (%s) -> Done(path=%s), xrefs: 00007FFE126D1CAE
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D1946
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126D196D
NULL, xrefs: 00007FFE126D1C98

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc
API String ID: 1423203057-2746879330
Opcode ID: 9be5403554ed5b9d2fd351719c7c0188976e2f168b2ffec24e6810c309642929
Instruction ID: 62dcdcf5989576511481d2a241287f459bb32a6f1c425ffafb2b47f69526e53e
Opcode Fuzzy Hash: 9be5403554ed5b9d2fd351719c7c0188976e2f168b2ffec24e6810c309642929
Instruction Fuzzy Hash: 32B18D62A0DA8EC7EB108B16EC407B96751BB41BA4F5840F2EE8D4B6E5DEFDE545C300

Function 00007FFE1150CDB2 Relevance: 25.8, APIs: 7, Strings: 10, Instructions: 253memorystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE1150CDFD
HeapFree.KERNEL32 ref: 00007FFE1150CE0E

Part of subcall function 00007FFE115020A5: fopen.MSVCRT ref: 00007FFE115020EA
Part of subcall function 00007FFE115020A5: fseek.MSVCRT ref: 00007FFE11502109
Part of subcall function 00007FFE115020A5: _errno.MSVCRT ref: 00007FFE1150211D
Part of subcall function 00007FFE115020A5: _errno.MSVCRT ref: 00007FFE11502138

GetProcessHeap.KERNEL32 ref: 00007FFE1150CF3A
HeapAlloc.KERNEL32 ref: 00007FFE1150CF4B
strncpy.MSVCRT ref: 00007FFE1150D054
strncpy.MSVCRT ref: 00007FFE1150D142
strncpy.MSVCRT ref: 00007FFE1150D157

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

mem_alloc, xrefs: 00007FFE1150CF99
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150CE46
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1150CFA0
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150CE82
NULL, xrefs: 00007FFE1150D198
ini_load, xrefs: 00007FFE1150CE3F, 00007FFE1150CE7B, 00007FFE1150D1A7
5, xrefs: 00007FFE1150CE65
[I] (%s) -> Done(path=%s), xrefs: 00007FFE1150D1AE
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1150CE6D
(path != NULL), xrefs: 00007FFE1150CE74

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc
API String ID: 1423203057-2746879330
Opcode ID: 56bc86e53c2632a91d80b26c311624891b06787dbdbc78ba6a2e3c22bbe57d6b
Instruction ID: 50be097f931c5619f977db252332ef475dcb6bcd672f412486d19aa37558f82e
Opcode Fuzzy Hash: 56bc86e53c2632a91d80b26c311624891b06787dbdbc78ba6a2e3c22bbe57d6b
Instruction Fuzzy Hash: 20B1C262A0DF8295EB118B86E45037D6B69FB42BE4F4840B9DA8D0B7B5DE7DE506C300

Function 00007FFE126D3138 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 191COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00007FFE126D3169
GetSystemMetrics.USER32 ref: 00007FFE126D317E
GetLastError.KERNEL32 ref: 00007FFE126D318F

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

GetLastError.KERNEL32 ref: 00007FFE126D328C

Strings

(width != NULL), xrefs: 00007FFE126D3210
[E] (%s) -> GetSystemMetrics(SM_CXSCREEN) failed(gle=%lu), xrefs: 00007FFE126D31A2
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D31EE, 00007FFE126D321E, 00007FFE126D324E
(height != NULL), xrefs: 00007FFE126D31E0
c, xrefs: 00007FFE126D3231
sys_screen_info, xrefs: 00007FFE126D319B, 00007FFE126D31E7, 00007FFE126D3217, 00007FFE126D3247, 00007FFE126D3298
C:/Projects/rdp/bot/codebase/sys.c, xrefs: 00007FFE126D31D9, 00007FFE126D3209, 00007FFE126D3239
[E] (%s) -> GetSystemMetrics(SM_CYSCREEN) failed(gle=%lu), xrefs: 00007FFE126D329F
(ratio != NULL), xrefs: 00007FFE126D3240

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastMetricsSystem$fflushfwrite
String ID: (height != NULL)$(ratio != NULL)$(width != NULL)$C:/Projects/rdp/bot/codebase/sys.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GetSystemMetrics(SM_CXSCREEN) failed(gle=%lu)$[E] (%s) -> GetSystemMetrics(SM_CYSCREEN) failed(gle=%lu)$c$sys_screen_info
API String ID: 144387239-450147120
Opcode ID: afd6aafe6363ac8c875ecee674a6e95eab4597803f0cf22cdfa7e6b2acb006d0
Instruction ID: 2bca7cd64650c4e2141008e42fef4cdbcae80d331f49e9ae5cb01c3c3c52cc1a
Opcode Fuzzy Hash: afd6aafe6363ac8c875ecee674a6e95eab4597803f0cf22cdfa7e6b2acb006d0
Instruction Fuzzy Hash: FE717F51E0CD8FD7FB219B5BAC8037811526F54778F1000B2D58E4A6F5DEECBAA58B01

Function 00007FFE126D7C16 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 154COMMON

Download Yara Rule

APIs

ExpandEnvironmentStringsA.KERNEL32 ref: 00007FFE126D7C4A

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

GetLastError.KERNEL32 ref: 00007FFE126D7DA9

Strings

fs_path_expand, xrefs: 00007FFE126D7C7E, 00007FFE126D7CB1, 00007FFE126D7CE4, 00007FFE126D7D14, 00007FFE126D7D44, 00007FFE126D7D76, 00007FFE126D7DB7, 00007FFE126D7E84
[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu), xrefs: 00007FFE126D7E8B
((*xpath_sz) > 0), xrefs: 00007FFE126D7D3D
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D7CA3, 00007FFE126D7CD6, 00007FFE126D7D06, 00007FFE126D7D36
[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu), xrefs: 00007FFE126D7DBE
[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu), xrefs: 00007FFE126D7C85
[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x), xrefs: 00007FFE126D7D7D
(path != NULL), xrefs: 00007FFE126D7CAA
(xpath != NULL), xrefs: 00007FFE126D7CDD
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D7CB8, 00007FFE126D7CEB, 00007FFE126D7D1B, 00007FFE126D7D4B
(xpath_sz != NULL), xrefs: 00007FFE126D7D0D

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: EnvironmentErrorExpandLastStringsfflushfwrite
String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
API String ID: 1721699506-2819899730
Opcode ID: 41490a2305b85c2478e28147bbc9dbf03624ea93a6eaf622d1fde9142c044732
Instruction ID: ecfd8ab0b0099bc1998860394365448134c9d47224d2cb771a99086fe5768602
Opcode Fuzzy Hash: 41490a2305b85c2478e28147bbc9dbf03624ea93a6eaf622d1fde9142c044732
Instruction Fuzzy Hash: F361F961A08D8FD7FB258B16EC403B82261AF84774F5900B2D58D4B2F5EEFCE9468746

Function 00007FFE126D3B29 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 103COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32 ref: 00007FFE126D3B56
LoadResource.KERNEL32 ref: 00007FFE126D3B6E

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

GetLastError.KERNEL32 ref: 00007FFE126D3C68
GetLastError.KERNEL32 ref: 00007FFE126D3C9D
GetLastError.KERNEL32 ref: 00007FFE126D3CA2

Strings

[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE126D3CB2
[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat, xrefs: 00007FFE126D3BF6
(out != NULL), xrefs: 00007FFE126D3C4C
module_get_version, xrefs: 00007FFE126D3BEF, 00007FFE126D3C28, 00007FFE126D3C53, 00007FFE126D3C76, 00007FFE126D3CAB
C:/Projects/rdp/bot/codebase/module.c, xrefs: 00007FFE126D3C1A, 00007FFE126D3C45
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D3C2F, 00007FFE126D3C5A
(hnd != NULL), xrefs: 00007FFE126D3C21
[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE126D3C7D

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLast$Resource$FindLoadfflushfwrite
String ID: (hnd != NULL)$(out != NULL)$C:/Projects/rdp/bot/codebase/module.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu)$[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu)$[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat$module_get_version
API String ID: 2123903355-2019010457
Opcode ID: c16fb8f60e3d7b95e93b160d2e82be184e3f56b221acaafd34387a8e24b589ad
Instruction ID: f730d0abfa9791624ce5574a5e94cf4edce98066d4716e6cb882fcc8e5bd1659
Opcode Fuzzy Hash: c16fb8f60e3d7b95e93b160d2e82be184e3f56b221acaafd34387a8e24b589ad
Instruction Fuzzy Hash: B0411CB1A09A4A9BE750DF2AE84057977A0FB487B4F1001B5EE5C837E4EBBCE554CB00

Function 00007FFE1150B989 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 103COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32 ref: 00007FFE1150B9B6
LoadResource.KERNEL32 ref: 00007FFE1150B9CE

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

GetLastError.KERNEL32 ref: 00007FFE1150BAC8
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00007FFE11506C82), ref: 00007FFE1150BAFD
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,00007FFE11506C82), ref: 00007FFE1150BB02

Strings

[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE1150BB12
(hnd != NULL), xrefs: 00007FFE1150BA81
[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat, xrefs: 00007FFE1150BA56
[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE1150BADD
(out != NULL), xrefs: 00007FFE1150BAAC
C:/Projects/rdp/bot/codebase/module.c, xrefs: 00007FFE1150BA7A, 00007FFE1150BAA5
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150BA8F, 00007FFE1150BABA
module_get_version, xrefs: 00007FFE1150BA4F, 00007FFE1150BA88, 00007FFE1150BAB3, 00007FFE1150BAD6, 00007FFE1150BB0B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLast$Resource$FindLoadfflushfwrite
String ID: (hnd != NULL)$(out != NULL)$C:/Projects/rdp/bot/codebase/module.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu)$[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu)$[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat$module_get_version
API String ID: 2123903355-2019010457
Opcode ID: 6d07efb8b9a29b0ef45917083a3045d5452420d837a48b44e036b7da16b2d510
Instruction ID: 0684cb4071b3c1d91bc279cedc5cba47207857e2d58eca84efe48137cd87cf5d
Opcode Fuzzy Hash: 6d07efb8b9a29b0ef45917083a3045d5452420d837a48b44e036b7da16b2d510
Instruction Fuzzy Hash: 1F413D75A08A429BE750DF6AE48056977E5FB08764F040279EE5C837B4EF7CE941CB00

Function 00007FFE126DB8A4 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 116registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32 ref: 00007FFE126DB8FC
RegCloseKey.ADVAPI32 ref: 00007FFE126DB921

Strings

?, xrefs: 00007FFE126DB8E0
(key != NULL), xrefs: 00007FFE126DB988
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE126DB951, 00007FFE126DB981
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DB966, 00007FFE126DB996
(root != NULL), xrefs: 00007FFE126DB958
[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x), xrefs: 00007FFE126DB9C8
[E] (%s) -> RegCreateKeyExA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE126DB9F9
[I] (%s) -> Done(root=0x%p,key=%s), xrefs: 00007FFE126DB938
registry_create_key, xrefs: 00007FFE126DB931, 00007FFE126DB95F, 00007FFE126DB98F, 00007FFE126DB9C1, 00007FFE126DB9F2
NULL, xrefs: 00007FFE126DBAA6

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseCreate
String ID: (key != NULL)$(root != NULL)$?$C:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegCreateKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_create_key
API String ID: 2932200918-3746808683
Opcode ID: 7395b13ae56abe0f666d962b920d62f6dcaee7a7211ea3f8e48394038bb57052
Instruction ID: f3383e38295eed967c9a748603d01cfcfd9aad151e064e35dba220d2a9fec67e
Opcode Fuzzy Hash: 7395b13ae56abe0f666d962b920d62f6dcaee7a7211ea3f8e48394038bb57052
Instruction Fuzzy Hash: 55516D62E0CD9F86FA208B06EC407B96250AF44774F4901B2D9DD5B6F8EEECED458741

Function 00007FFE126D7A83 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE126D7AAE
strlen.MSVCRT ref: 00007FFE126D7AD7
strlen.MSVCRT ref: 00007FFE126D7AE3
strlen.MSVCRT ref: 00007FFE126D7AF9

Strings

NULL, xrefs: 00007FFE126D7C0D
(path_sz != NULL), xrefs: 00007FFE126D7B63
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D7B2C, 00007FFE126D7B5C, 00007FFE126D7B8C
[I] (%s) -> Done(path=%s,path_sz=%llu), xrefs: 00007FFE126D7B0E
((*path_sz) > 0), xrefs: 00007FFE126D7B93
[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x), xrefs: 00007FFE126D7BDB
(path != NULL), xrefs: 00007FFE126D7B33
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D7B41, 00007FFE126D7B71, 00007FFE126D7BA1
fs_path_temp, xrefs: 00007FFE126D7B07, 00007FFE126D7B3A, 00007FFE126D7B6A, 00007FFE126D7B9A, 00007FFE126D7BD4

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strlen
String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
API String ID: 39653677-3302659514
Opcode ID: b228bde257ffa359012d8eb0d4441a787e09ebdeb2bc99d06e816fd44712abe2
Instruction ID: 76791340e564b3ed10aec0f54cb20343d526be7e9afa8de56f543f8f1a582e8f
Opcode Fuzzy Hash: b228bde257ffa359012d8eb0d4441a787e09ebdeb2bc99d06e816fd44712abe2
Instruction Fuzzy Hash: FF413D6190CE8FD2FA16DF16EC503B96251AF40764F8841F2D59E072F5EEFCA9068341

Function 00007FFE115040B3 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE115040DE
strlen.MSVCRT ref: 00007FFE11504107
strlen.MSVCRT ref: 00007FFE11504113
strlen.MSVCRT ref: 00007FFE11504129

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE1150415C, 00007FFE1150418C, 00007FFE115041BC
(path != NULL), xrefs: 00007FFE11504163
(path_sz != NULL), xrefs: 00007FFE11504193
[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x), xrefs: 00007FFE1150420B
((*path_sz) > 0), xrefs: 00007FFE115041C3
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11504171, 00007FFE115041A1, 00007FFE115041D1
NULL, xrefs: 00007FFE1150423D
[I] (%s) -> Done(path=%s,path_sz=%llu), xrefs: 00007FFE1150413E
fs_path_temp, xrefs: 00007FFE11504137, 00007FFE1150416A, 00007FFE1150419A, 00007FFE115041CA, 00007FFE11504204

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: strlen
String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
API String ID: 39653677-3302659514
Opcode ID: 504d0030ac419fe348b57e2595d458b11ef43f11ff175aa72df08dca8dc9a66d
Instruction ID: 9089c3a11df5666f4144cbb1b1f61888a34e23e3c649759409536a6a8bb8bf57
Opcode Fuzzy Hash: 504d0030ac419fe348b57e2595d458b11ef43f11ff175aa72df08dca8dc9a66d
Instruction Fuzzy Hash: C8418C61E08E4391FB129F96E8003B86B5ABF51774F4885B6D55E0B2B6DF7CAA06C340

Function 00007FFE126D24E7 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 89memorystringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE126D25AC
GetProcessHeap.KERNEL32 ref: 00007FFE126D25BA
HeapAlloc.KERNEL32 ref: 00007FFE126D25CB
strlen.MSVCRT ref: 00007FFE126D25E9
GetProcessHeap.KERNEL32 ref: 00007FFE126D2617
HeapFree.KERNEL32 ref: 00007FFE126D2628

Strings

(buf_sz != NULL), xrefs: 00007FFE126D2583
(buf != NULL), xrefs: 00007FFE126D2553
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D2561, 00007FFE126D2591
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE126D263D
mem_alloc, xrefs: 00007FFE126D2636
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126D254C, 00007FFE126D257C
ini_get_bytes, xrefs: 00007FFE126D255A, 00007FFE126D258A

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Heap$Processstrlen$AllocFree
String ID: (buf != NULL)$(buf_sz != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
API String ID: 1318626975-3964590784
Opcode ID: a1aee74ea129f77ad3509245ff35311005da0208ebc3f74bfa544f2155ba53c2
Instruction ID: 535ffc3c4c1679bbe61619525930df1f7d7b303544b85f2b3be21dbc5aaaeef8
Opcode Fuzzy Hash: a1aee74ea129f77ad3509245ff35311005da0208ebc3f74bfa544f2155ba53c2
Instruction Fuzzy Hash: 81316061A09E4F86FB519F53AC207B92350AF40BB4F5840B1DE8D176F6DEBCE9458300

Function 00007FFE1150D9E7 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 89memorystringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE1150DAAC
GetProcessHeap.KERNEL32 ref: 00007FFE1150DABA
HeapAlloc.KERNEL32 ref: 00007FFE1150DACB
strlen.MSVCRT ref: 00007FFE1150DAE9
GetProcessHeap.KERNEL32 ref: 00007FFE1150DB17
HeapFree.KERNEL32 ref: 00007FFE1150DB28

Strings

ini_get_bytes, xrefs: 00007FFE1150DA5A, 00007FFE1150DA8A
mem_alloc, xrefs: 00007FFE1150DB36
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1150DB3D
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150DA61, 00007FFE1150DA91
(buf != NULL), xrefs: 00007FFE1150DA53
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1150DA4C, 00007FFE1150DA7C
(buf_sz != NULL), xrefs: 00007FFE1150DA83

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$Processstrlen$AllocFree
String ID: (buf != NULL)$(buf_sz != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
API String ID: 1318626975-3964590784
Opcode ID: 1dfc74628edd97181b9eed0ee955ae26f9792dec49582829bd24eacfc9af28ac
Instruction ID: aae53ad68fb99755f7656e97e589cb5e4e8a48d5c1915dbde0167f30ab0286b9
Opcode Fuzzy Hash: 1dfc74628edd97181b9eed0ee955ae26f9792dec49582829bd24eacfc9af28ac
Instruction Fuzzy Hash: 6D315971A0CF4785FB519B97A8103BD23A9AF40BA4F4850BADA4D076B5DFBCE9858340

Function 00007FFE11507227 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 152serviceCOMMON

Download Yara Rule

APIs

OpenServiceA.ADVAPI32 ref: 00007FFE11507246
QueryServiceStatusEx.ADVAPI32 ref: 00007FFE11507270
CloseServiceHandle.ADVAPI32 ref: 00007FFE1150728B
GetLastError.KERNEL32 ref: 00007FFE115072CB
GetLastError.KERNEL32 ref: 00007FFE115073B0

Strings

service_query_status, xrefs: 00007FFE115072B1, 00007FFE115072D9, 00007FFE115073BE
[E] (%s) -> OpenServiceA(SERVICE_QUERY_STATUS) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE115072E0
(svc != NULL), xrefs: 00007FFE115072AA
[E] (%s) -> QueryServiceStatusEx(SC_STATUS_PROCESS_INFO) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE115073C5
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE115072B8
C:/Projects/rdp/bot/codebase/scm.c, xrefs: 00007FFE115072A3

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$ErrorLast$CloseHandleOpenQueryStatus
String ID: (svc != NULL)$C:/Projects/rdp/bot/codebase/scm.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> OpenServiceA(SERVICE_QUERY_STATUS) failed(lpServiceName=%s,gle=%lu)$[E] (%s) -> QueryServiceStatusEx(SC_STATUS_PROCESS_INFO) failed(lpServiceName=%s,gle=%lu)$service_query_status
API String ID: 1743273550-1326671558
Opcode ID: b7003ba37fa737a96ce3ecc8ed53b08ab55ba1b154839673403375584cf9a386
Instruction ID: 139f1a984fdd9c1f3d19a87f995295fcce26465b0da22fc695772b963831b912
Opcode Fuzzy Hash: b7003ba37fa737a96ce3ecc8ed53b08ab55ba1b154839673403375584cf9a386
Instruction Fuzzy Hash: 7A515052E0DD2382FBB096DBA4403BC525A5F04B74F1A00FADCDE672B1DE5DAD8042C2

Function 00007FFE126D5004 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFE126D50DE

Part of subcall function 00007FFE126D4DA9: GetFileAttributesA.KERNEL32 ref: 00007FFE126D4DCA

SetFileAttributesA.KERNEL32 ref: 00007FFE126D504B

Strings

NULL, xrefs: 00007FFE126D5214
[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x), xrefs: 00007FFE126D51C4
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D5069, 00007FFE126D5094
[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu), xrefs: 00007FFE126D50F5
fs_attr_set, xrefs: 00007FFE126D5077, 00007FFE126D50A2, 00007FFE126D50EE, 00007FFE126D51BD, 00007FFE126D5223
(attr != NULL), xrefs: 00007FFE126D509B
(path != NULL), xrefs: 00007FFE126D5070
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D507E, 00007FFE126D50A9
[D] (%s) -> Done(path=%s,attr=%08lx), xrefs: 00007FFE126D522A

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: AttributesFile$ErrorLast
String ID: (attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x)$[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu)$fs_attr_set
API String ID: 365566950-3085771803
Opcode ID: af1c426e514422b69e51c88ff44b0fe656143a45afeeb04e1f3d3cb18f47015e
Instruction ID: d821777886d3ab628004a09289266397c3114b6deff8fc4fe2abcb5bddf8afa9
Opcode Fuzzy Hash: af1c426e514422b69e51c88ff44b0fe656143a45afeeb04e1f3d3cb18f47015e
Instruction Fuzzy Hash: E3517E61A0CE4F97FB20DB12BC403BD7650AF00364F5440B2D99E4AAF4EEECE8458742

Function 00007FFE11501634 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FFE1150170E

Part of subcall function 00007FFE115013D9: GetFileAttributesA.KERNEL32 ref: 00007FFE115013FA

SetFileAttributesA.KERNEL32 ref: 00007FFE1150167B

Strings

(attr != NULL), xrefs: 00007FFE115016CB
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11501699, 00007FFE115016C4
(path != NULL), xrefs: 00007FFE115016A0
[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu), xrefs: 00007FFE11501725
[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x), xrefs: 00007FFE115017F4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE115016AE, 00007FFE115016D9
fs_attr_set, xrefs: 00007FFE115016A7, 00007FFE115016D2, 00007FFE1150171E, 00007FFE115017ED, 00007FFE11501853
[D] (%s) -> Done(path=%s,attr=%08lx), xrefs: 00007FFE1150185A
NULL, xrefs: 00007FFE11501844

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: AttributesFile$ErrorLast
String ID: (attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x)$[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu)$fs_attr_set
API String ID: 365566950-3085771803
Opcode ID: f22dd1c2fdd686c3c2f54cf2612dd1b2b312c938556c7605be4ecf5b2faec8a7
Instruction ID: d54daa1b35798663d5fa6364744afba30618bb54b54c5930a9ead683cd9b16e7
Opcode Fuzzy Hash: f22dd1c2fdd686c3c2f54cf2612dd1b2b312c938556c7605be4ecf5b2faec8a7
Instruction Fuzzy Hash: 4C519365E0CE0786FB618B92E5C03BD329DAF00374F1441BAD92E466B5DF6CEA45C702

Function 00007FFE126D45B9 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 126networkCOMMON

Download Yara Rule

APIs

select.WS2_32 ref: 00007FFE126D4664
accept.WS2_32 ref: 00007FFE126D468B
htonl.WS2_32 ref: 00007FFE126D46BB
htons.WS2_32 ref: 00007FFE126D46CC

Part of subcall function 00007FFE126D3FD9: ioctlsocket.WS2_32 ref: 00007FFE126D3FFF

WSAGetLastError.WS2_32 ref: 00007FFE126D477E
WSAGetLastError.WS2_32 ref: 00007FFE126D47BA

Strings

[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u), xrefs: 00007FFE126D4715
tcp_accept, xrefs: 00007FFE126D470E, 00007FFE126D4757, 00007FFE126D478A, 00007FFE126D47C6
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126D4791
[W] (%s) -> select timedout(sock=0x%llx), xrefs: 00007FFE126D475E
[E] (%s) -> Failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126D47CD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLast$accepthtonlhtonsioctlsocketselect
String ID: [E] (%s) -> Failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u)$[W] (%s) -> select timedout(sock=0x%llx)$tcp_accept
API String ID: 2278979430-4175654481
Opcode ID: b15167baa39f87c9e19412fe59424759e963d6e486aca754582e955809ebfd41
Instruction ID: 28c1b23b65c7a58969732d11bf6b0abb0aaa356957580aba0ca7028e83184833
Opcode Fuzzy Hash: b15167baa39f87c9e19412fe59424759e963d6e486aca754582e955809ebfd41
Instruction Fuzzy Hash: B2518235A08E8A87E7208B16EC443F966A0EB45BB4F5403B1D9BD476F8EFBDD9158700

Function 00007FFE126DB668 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120registryCOMMON

Download Yara Rule

APIs

RegDeleteKeyExA.ADVAPI32 ref: 00007FFE126DB68B

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[E] (%s) -> RegDeleteKeyExA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE126DB764
(key != NULL), xrefs: 00007FFE126DB6FD
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE126DB6C6, 00007FFE126DB6F6
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DB6DB, 00007FFE126DB70B
(root != NULL), xrefs: 00007FFE126DB6CD
u, xrefs: 00007FFE126DB6EE
[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x), xrefs: 00007FFE126DB73D
registry_delete_key, xrefs: 00007FFE126DB6A1, 00007FFE126DB6D4, 00007FFE126DB704, 00007FFE126DB736, 00007FFE126DB75D
[I] (%s) -> Done(root=0x%p,key=%s), xrefs: 00007FFE126DB6A8
NULL, xrefs: 00007FFE126DB898

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Deletefflushfwrite
String ID: (key != NULL)$(root != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegDeleteKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_delete_key$u
API String ID: 2939363742-1701293196
Opcode ID: 424352b5c16577fcef74a4d4c8063d5f40111192ebe28781416230669f555a05
Instruction ID: c9993ea77259b04e64819b0047af50e774bf57b9fdc4282f7cb24d5864938650
Opcode Fuzzy Hash: 424352b5c16577fcef74a4d4c8063d5f40111192ebe28781416230669f555a05
Instruction Fuzzy Hash: B8414966D0CD5F83FA209756AC503B862506F047B4F5E01F2C89E5B6F8EEECAD858385

Function 00007FFE11504D48 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120registryCOMMON

Download Yara Rule

APIs

RegDeleteKeyExA.ADVAPI32 ref: 00007FFE11504D6B

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[I] (%s) -> Done(root=0x%p,key=%s), xrefs: 00007FFE11504D88
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11504DBB, 00007FFE11504DEB
[E] (%s) -> RegDeleteKeyExA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE11504E44
[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x), xrefs: 00007FFE11504E1D
(key != NULL), xrefs: 00007FFE11504DDD
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE11504DA6, 00007FFE11504DD6
(root != NULL), xrefs: 00007FFE11504DAD
u, xrefs: 00007FFE11504DCE
registry_delete_key, xrefs: 00007FFE11504D81, 00007FFE11504DB4, 00007FFE11504DE4, 00007FFE11504E16, 00007FFE11504E3D
NULL, xrefs: 00007FFE11504F78

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Deletefflushfwrite
String ID: (key != NULL)$(root != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegDeleteKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_delete_key$u
API String ID: 2939363742-1701293196
Opcode ID: 66bf5e16b675843c047dd5bcf32e8603fcaca12fb8c088c74fe4f08f4f45e0d2
Instruction ID: c2248b8c955c4281aa12c69d57033b268fb1f7dd1c6f9891fd223abcf68f1d66
Opcode Fuzzy Hash: 66bf5e16b675843c047dd5bcf32e8603fcaca12fb8c088c74fe4f08f4f45e0d2
Instruction Fuzzy Hash: 13417B63D0CD6782FB3097CAE4413BC1A596F00774F4A01FAD96E572B0DE5CAD858382

Function 00007FFE126D7703 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 113fileCOMMON

Download Yara Rule

APIs

UnlockFileEx.KERNEL32 ref: 00007FFE126D774B
CloseHandle.KERNEL32 ref: 00007FFE126D775C

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

GetLastError.KERNEL32 ref: 00007FFE126D7812

Strings

[E] (%s) -> Failed(lock=%p,err=%08x), xrefs: 00007FFE126D77FD
[I] (%s) -> Done(lock=%p), xrefs: 00007FFE126D776C
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D778C, 00007FFE126D77BD
fs_file_unlock, xrefs: 00007FFE126D7765, 00007FFE126D779A, 00007FFE126D77CB, 00007FFE126D77F6, 00007FFE126D7820
((*lock) != INVALID_HANDLE_VALUE), xrefs: 00007FFE126D77C4
(lock != NULL), xrefs: 00007FFE126D7793
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D77A1, 00007FFE126D77D2
[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu), xrefs: 00007FFE126D7827

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseErrorFileHandleLastUnlockfflushfwrite
String ID: ((*lock) != INVALID_HANDLE_VALUE)$(lock != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(lock=%p,err=%08x)$[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu)$[I] (%s) -> Done(lock=%p)$fs_file_unlock
API String ID: 497672076-1436771859
Opcode ID: 7be23ca87f09eee718d3021cbdd44a05adf3a9e995dd523e5db5aa8cae75dc7a
Instruction ID: 48e9031c3842092ee7b509cbe34122fe9bc20f5445d522f8efb36e0f1402119f
Opcode Fuzzy Hash: 7be23ca87f09eee718d3021cbdd44a05adf3a9e995dd523e5db5aa8cae75dc7a
Instruction Fuzzy Hash: C7412A61F0CD8FC2FA268717FC40BB812506F54B78F5406B2D99E5B6F0AEACA585C302

Function 00007FFE126D2FB2 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 80COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32 ref: 00007FFE126D2FD5
GetLastError.KERNEL32 ref: 00007FFE126D301C

Strings

sys_mem_info, xrefs: 00007FFE126D3002, 00007FFE126D3027
P, xrefs: 00007FFE126D309F
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D3009
~, xrefs: 00007FFE126D309A
(mi != NULL), xrefs: 00007FFE126D2FFB
, xrefs: 00007FFE126D303A
C:/Projects/rdp/bot/codebase/sys.c, xrefs: 00007FFE126D2FF4
;, xrefs: 00007FFE126D2FEC
[E] (%s) -> GlobalMemoryStatusEx failed(gle=%lu), xrefs: 00007FFE126D302E

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorGlobalLastMemoryStatus
String ID: $(mi != NULL)$;$C:/Projects/rdp/bot/codebase/sys.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GlobalMemoryStatusEx failed(gle=%lu)$sys_mem_info$~
API String ID: 3848946878-3004215591
Opcode ID: 61cfa59afa55dc0c5d2d279ce2976c6e81242ce9473eeed649ce93707e0ac7f6
Instruction ID: 1b7fedf726eb68aa97de93d446928db869e63905af50fb4fbe89bf2f32214794
Opcode Fuzzy Hash: 61cfa59afa55dc0c5d2d279ce2976c6e81242ce9473eeed649ce93707e0ac7f6
Instruction Fuzzy Hash: 99312550E0CE8F87FB25871A9C807BC2250AF14338F2445B7D68E865F2DFEEA895D601

Function 00007FFE1150BD32 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 80COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32 ref: 00007FFE1150BD55
GetLastError.KERNEL32 ref: 00007FFE1150BD9C

Strings

, xrefs: 00007FFE1150BDBA
C:/Projects/rdp/bot/codebase/sys.c, xrefs: 00007FFE1150BD74
;, xrefs: 00007FFE1150BD6C
[E] (%s) -> GlobalMemoryStatusEx failed(gle=%lu), xrefs: 00007FFE1150BDAE
P, xrefs: 00007FFE1150BE1F
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150BD89
(mi != NULL), xrefs: 00007FFE1150BD7B
sys_mem_info, xrefs: 00007FFE1150BD82, 00007FFE1150BDA7
~, xrefs: 00007FFE1150BE1A

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorGlobalLastMemoryStatus
String ID: $(mi != NULL)$;$C:/Projects/rdp/bot/codebase/sys.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GlobalMemoryStatusEx failed(gle=%lu)$sys_mem_info$~
API String ID: 3848946878-3004215591
Opcode ID: bd18ab770a9f7ff8caf3dd049ff7be8a6d92134794dafb974f7253b07fc17702
Instruction ID: d1d7c077464ce393272548c481d734890e290679e948003ccc19daecc4220615
Opcode Fuzzy Hash: bd18ab770a9f7ff8caf3dd049ff7be8a6d92134794dafb974f7253b07fc17702
Instruction Fuzzy Hash: 4B310B5AE0CF47C6FB318B96D4C037C5268AF58728F2451BBC60E066B2DE6DADC5D602

Function 00007FFE126D7EFC Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 73COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32 ref: 00007FFE126D7F2B
GetLastError.KERNEL32 ref: 00007FFE126D7F36

Strings

[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu), xrefs: 00007FFE126D7F55
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log, xrefs: 00007FFE126D7EFE
(path_sz != NULL), xrefs: 00007FFE126D8017
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D7FAD, 00007FFE126D7FDD, 00007FFE126D8010
(hnd != NULL), xrefs: 00007FFE126D7FB4
fs_module_path, xrefs: 00007FFE126D7F4E, 00007FFE126D7F87, 00007FFE126D7FBB, 00007FFE126D7FEB, 00007FFE126D801E
[E] (%s) -> Failed(hnd=0x%p,err=%08x), xrefs: 00007FFE126D7F8E
(path != NULL), xrefs: 00007FFE126D7FE4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D7FC2, 00007FFE126D7FF2, 00007FFE126D8025

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: (hnd != NULL)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu)$fs_module_path
API String ID: 2776309574-668612727
Opcode ID: f1f30cb962d20f73838f72ba81ecd51969fa8e708423d99813306ed40ad5a0a8
Instruction ID: 6b3227627d7509486cb6abac61c3506b3b59ad25dacf57cfafdccc22fd6a521a
Opcode Fuzzy Hash: f1f30cb962d20f73838f72ba81ecd51969fa8e708423d99813306ed40ad5a0a8
Instruction Fuzzy Hash: 40310CA1A08E4F92FB21CB16ED507B82350BB00778F9440F1E98D476F1EEFCA9058341

Function 00007FFE126D6DC3 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FFE126D6E09
GetFileSize.KERNEL32 ref: 00007FFE126D6E2C
CloseHandle.KERNEL32 ref: 00007FFE126D6E4E
GetLastError.KERNEL32 ref: 00007FFE126D6ED4
GetLastError.KERNEL32 ref: 00007FFE126D6F9A

Strings

(size != NULL), xrefs: 00007FFE126D6EB3
fs_file_size, xrefs: 00007FFE126D6E8A, 00007FFE126D6EBA
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D6E7C, 00007FFE126D6EAC
(path != NULL), xrefs: 00007FFE126D6E83
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D6E91, 00007FFE126D6EC1

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleSize
String ID: (path != NULL)$(size != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_size
API String ID: 3555958901-1687387729
Opcode ID: 523f5176cd2a95eed4221483572ea6ee8aa4e126005045c1d11278065c56e8a4
Instruction ID: a14da445345cf575f6bc6182f13658b14f445d2415569be4045a03f915333121
Opcode Fuzzy Hash: 523f5176cd2a95eed4221483572ea6ee8aa4e126005045c1d11278065c56e8a4
Instruction Fuzzy Hash: 80611661D0CD5E8BFA758A26BC4437912509B04778F6946F2C99E8B2F0DEEDEC8542C2

Function 00007FFE126DA032 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 87synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FFE126DA043
GetLastError.KERNEL32 ref: 00007FFE126DA09C

Strings

process_wait, xrefs: 00007FFE126DA082, 00007FFE126DA0AB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DA089
~, xrefs: 00007FFE126DA11E
[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu), xrefs: 00007FFE126DA0B2
(pi != NULL), xrefs: 00007FFE126DA07B
, xrefs: 00007FFE126DA0BE
P, xrefs: 00007FFE126DA123
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE126DA074

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastObjectSingleWait
String ID: $(pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu)$process_wait$~
API String ID: 1211598281-4195011794
Opcode ID: 33222ba2366101c01b252ae6301b05a5ab58f31267f596e88950aa1946cedbb3
Instruction ID: 42ae06af818244ca71558b2910cf4e3f189d7665cb845f1883629530e92bd42e
Opcode Fuzzy Hash: 33222ba2366101c01b252ae6301b05a5ab58f31267f596e88950aa1946cedbb3
Instruction Fuzzy Hash: 0731D520E0CA8F87FB609756ACC037C12949F1973CFA805B2C59E466F1DDDEACC59292

Function 00007FFE1150F9F2 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 87synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FFE1150FA03
GetLastError.KERNEL32 ref: 00007FFE1150FA5C

Strings

P, xrefs: 00007FFE1150FAE3
process_wait, xrefs: 00007FFE1150FA42, 00007FFE1150FA6B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150FA49
, xrefs: 00007FFE1150FA7E
(pi != NULL), xrefs: 00007FFE1150FA3B
[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu), xrefs: 00007FFE1150FA72
~, xrefs: 00007FFE1150FADE
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE1150FA34

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastObjectSingleWait
String ID: $(pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu)$process_wait$~
API String ID: 1211598281-4195011794
Opcode ID: 248ffea18eab27a6145b458739dfee685e23cc5e334c8328949daeb22b0749aa
Instruction ID: 64b3b77197543d8597123ad71cca0b0e160516e5a2601dc53361b81c6a735369
Opcode Fuzzy Hash: 248ffea18eab27a6145b458739dfee685e23cc5e334c8328949daeb22b0749aa
Instruction Fuzzy Hash: 9B31C760F1CF0383FBA097AAA49437C12999F09378E2411BBC60E462B1DD9DADC59643

Function 00007FFE126D70E4 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 129filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FFE126D7143
GetFileTime.KERNEL32 ref: 00007FFE126D715E
GetLastError.KERNEL32 ref: 00007FFE126D716C
CloseHandle.KERNEL32 ref: 00007FFE126D728E

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D7199, 00007FFE126D71CC
(ctime != NULL) || (atime != NULL) || (mtime != NULL), xrefs: 00007FFE126D71D3
(path != NULL), xrefs: 00007FFE126D71A0
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D71AE, 00007FFE126D71E1
fs_file_stat, xrefs: 00007FFE126D71A7, 00007FFE126D71DA

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastTime
String ID: (ctime != NULL) || (atime != NULL) || (mtime != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_stat
API String ID: 2291555494-3647951244
Opcode ID: 98bfd3265da5604791deef92f63323e3687dd05aea63e579915609cbd7d4b579
Instruction ID: 012ac91be81a16a5fe0d0b5a9229dac4d8e961736d41d2cfb3023d181ce36af6
Opcode Fuzzy Hash: 98bfd3265da5604791deef92f63323e3687dd05aea63e579915609cbd7d4b579
Instruction Fuzzy Hash: AA516461D0C9DE83FB6A8B639C843795250AF01774F1846B2E99D472F4DEEDAC458342

Function 00007FFE126D2076 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 70stringCOMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE126D2114
strtol.MSVCRT ref: 00007FFE126D212A
_errno.MSVCRT ref: 00007FFE126D2132
_errno.MSVCRT ref: 00007FFE126D213A

Strings

ini_get_uint16, xrefs: 00007FFE126D20F3, 00007FFE126D215B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D20FA
[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE126D2162
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126D20E5
(value != NULL), xrefs: 00007FFE126D20EC

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: _errno$strtol
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
API String ID: 3596500743-1991603811
Opcode ID: 64825c6309542d30ee2689645938860f6a5046a5c42dcd9b72a0ba098a2be6ed
Instruction ID: f6bc019e7ba13116933521276d932432a8be0d968a2f2a11cc9e99faaced2598
Opcode Fuzzy Hash: 64825c6309542d30ee2689645938860f6a5046a5c42dcd9b72a0ba098a2be6ed
Instruction Fuzzy Hash: B9216D21A08A4B96F7119B12EC407AA7361FB44BB4F4441B1EE8C07AF9DFBDE985C700

Function 00007FFE1150D576 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 70stringCOMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1150D614
strtol.MSVCRT ref: 00007FFE1150D62A
_errno.MSVCRT ref: 00007FFE1150D632
_errno.MSVCRT ref: 00007FFE1150D63A

Strings

(value != NULL), xrefs: 00007FFE1150D5EC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1150D5FA
ini_get_uint16, xrefs: 00007FFE1150D5F3, 00007FFE1150D65B
[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE1150D662
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1150D5E5

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: _errno$strtol
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
API String ID: 3596500743-1991603811
Opcode ID: 9552bb2bda148b1a40ad1404c5e2a8462fa6d9b251cb6eba0aa7c66b080a6eb3
Instruction ID: 4213278e4a105fda7b622aa74429e8c94b3a9416389fcb487b34cf4ba004acc4
Opcode Fuzzy Hash: 9552bb2bda148b1a40ad1404c5e2a8462fa6d9b251cb6eba0aa7c66b080a6eb3
Instruction Fuzzy Hash: 6021BC22A08A4792E7119F82E840BAE3369BB457A8F004175EE4C47774DF7EE985CB00

Function 00007FFE126DAE6E Relevance: 15.1, APIs: 6, Strings: 4, Instructions: 148stringmemoryCOMMON

Download Yara Rule

APIs

strcpy.MSVCRT ref: 00007FFE126DAEB4
strlen.MSVCRT ref: 00007FFE126DAEE3
GetProcessHeap.KERNEL32 ref: 00007FFE126DAF87
HeapFree.KERNEL32 ref: 00007FFE126DAF98
strlen.MSVCRT ref: 00007FFE126DAFE9
strcmp.MSVCRT ref: 00007FFE126DB00A

Strings

-RGMLWD-, xrefs: 00007FFE126DB03C
(, xrefs: 00007FFE126DB02C
exe, xrefs: 00007FFE126DB003
ORRE, xrefs: 00007FFE126DB034

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Heapstrlen$FreeProcessstrcmpstrcpy
String ID: ($-RGMLWD-$ORRE$exe
API String ID: 173675053-901114122
Opcode ID: 11a2caeb227a089ab727a8f333dd61d59964033babc5344b47066f642f710bcb
Instruction ID: b29a674a24a4b7b88227a5fb9dcc179959824acdff3b7b1a9e9c72ffdbe31202
Opcode Fuzzy Hash: 11a2caeb227a089ab727a8f333dd61d59964033babc5344b47066f642f710bcb
Instruction Fuzzy Hash: E6517662A0CB8E87EB609B23EC543BE6751EB847A4F440071E9CD476E9DFACD945C740

Function 00007FFE126DC894 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FFE126DC93D
VirtualProtect.KERNEL32 ref: 00007FFE126DC9A5
GetLastError.KERNEL32 ref: 00007FFE126DC9AF

Strings

Unknown pseudo relocation protocol version %d., xrefs: 00007FFE126DC899
VirtualProtect failed with code 0x%x, xrefs: 00007FFE126DC9B5
Mingw-w64 runtime failure:, xrefs: 00007FFE126DC85B
Address %p has no image-section, xrefs: 00007FFE126DC8F5
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FFE126DC952

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Virtual$ErrorLastProtectQuery
String ID: Unknown pseudo relocation protocol version %d.$ VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 637304234-2693646698
Opcode ID: 1061ffdd13e99e9696300e9951f80e08d87b1537a1cf5918fcce34f21a829f6f
Instruction ID: 14f2cf9bb0d2928a9fb78759167c612de59a45221e2de9b1fb80b8d8fb2bb9f2
Opcode Fuzzy Hash: 1061ffdd13e99e9696300e9951f80e08d87b1537a1cf5918fcce34f21a829f6f
Instruction Fuzzy Hash: 14317061B09E0E86EA01DF17EC416A86761FF84BA4B548175DD4D473F8DEBCE445C340

Function 00007FFE126D21F6 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE126D2290
_errno.MSVCRT ref: 00007FFE126D22AE
_errno.MSVCRT ref: 00007FFE126D22BA

Strings

ini_get_uint32, xrefs: 00007FFE126D226F, 00007FFE126D22DA
[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE126D22E1
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D2276
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126D2261
(value != NULL), xrefs: 00007FFE126D2268

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: _errno
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
API String ID: 2918714741-1670302297
Opcode ID: 7c09ed77c8e874615c8ea014a46ffa95f55d1f593164a3137fd829f44bd58e1b
Instruction ID: 7dcec2fb26cec161c228dbb9edc64aeafab2116d5beebf366da1c851553e2701
Opcode Fuzzy Hash: 7c09ed77c8e874615c8ea014a46ffa95f55d1f593164a3137fd829f44bd58e1b
Instruction Fuzzy Hash: F7217C62A08A4A9AE711DF56EC807AA3261BB447A4F4440B2EE8C476F5DFBCD985C700

Function 00007FFE126E050E Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 25libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FFE126E051E
GetProcAddress.KERNEL32 ref: 00007FFE126E0535
LoadLibraryW.KERNEL32 ref: 00007FFE126E0543
GetProcAddress.KERNEL32 ref: 00007FFE126E0553

Strings

advapi32.dll, xrefs: 00007FFE126E053C
SystemFunction036, xrefs: 00007FFE126E0549
rand_s, xrefs: 00007FFE126E052B
msvcrt.dll, xrefs: 00007FFE126E0517

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
API String ID: 384173800-4041758303
Opcode ID: 92bec230b7dd7ae9f9bbc3669ca63d39642e77e1892d4597da22ddc72aded575
Instruction ID: 7cce4256d6f118e77d888f341d8e11fac6d8ad7ad3a950615f142ba8a30c51b1
Opcode Fuzzy Hash: 92bec230b7dd7ae9f9bbc3669ca63d39642e77e1892d4597da22ddc72aded575
Instruction Fuzzy Hash: 92F0D464E1AE17D1EE0ADF13FC544A827A5BF487B4B8405B2C80D163B4EEACA54AC300

Function 00007FFE126D6629 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32 ref: 00007FFE126D66C7
GetLastError.KERNEL32 ref: 00007FFE126D66E2

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

fs_file_copy, xrefs: 00007FFE126D6696, 00007FFE126D66F9, 00007FFE126D6847
NULL, xrefs: 00007FFE126D6825, 00007FFE126D6831
[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d), xrefs: 00007FFE126D684E
[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu), xrefs: 00007FFE126D6700
[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x), xrefs: 00007FFE126D669D

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CopyErrorFileLastfflushfwrite
String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
API String ID: 2887799713-3464183404
Opcode ID: 47aa78f9715c757d15418383cbf686b7e332c4a858e1d6338a5e6343c50d03d1
Instruction ID: 94cc95ee4d22d14174d6177db4900e53d7e79064e0aa32fb53aa7e596a031ffe
Opcode Fuzzy Hash: 47aa78f9715c757d15418383cbf686b7e332c4a858e1d6338a5e6343c50d03d1
Instruction Fuzzy Hash: 3E416069D0CD9E8BFA208A17BC0037915547F05BB8F2401B2C99E476F1EEDCAE458716

Function 00007FFE11502C59 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32 ref: 00007FFE11502CF7
GetLastError.KERNEL32 ref: 00007FFE11502D12

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d), xrefs: 00007FFE11502E7E
[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x), xrefs: 00007FFE11502CCD
fs_file_copy, xrefs: 00007FFE11502CC6, 00007FFE11502D29, 00007FFE11502E77
NULL, xrefs: 00007FFE11502E55, 00007FFE11502E61
[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu), xrefs: 00007FFE11502D30

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CopyErrorFileLastfflushfwrite
String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
API String ID: 2887799713-3464183404
Opcode ID: d66d8130dc3d6d4f1d99bbc469e587a231d8cd05d92920e517c8e77ecd8b0f49
Instruction ID: 2ae9264ddbf07f1ca1ae578de85eec1be6f4c0b2cbf83455d4e56e9eca78f90e
Opcode Fuzzy Hash: d66d8130dc3d6d4f1d99bbc469e587a231d8cd05d92920e517c8e77ecd8b0f49
Instruction Fuzzy Hash: 59416A61D0CE1795FB614AD7E80037D665D7F04BF8F5840BAC90F0AAF4EEACAA818701

Function 00007FFE126D605D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32 ref: 00007FFE126D6074
GetLastError.KERNEL32 ref: 00007FFE126D60CB

Strings

NULL, xrefs: 00007FFE126D61FA
fs_file_delete, xrefs: 00007FFE126D60AD, 00007FFE126D60D9, 00007FFE126D6209
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D60B4
[I] (%s) -> Done(path=%s), xrefs: 00007FFE126D6210
[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu), xrefs: 00007FFE126D60E0

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
API String ID: 2018770650-4119452840
Opcode ID: 7dcf710799abc44ddf9b1729ff8e4c79730672ce58fc48c80c262d61a60e784d
Instruction ID: a0b456f0846c1d35f7af6f7149ac89aeb28bc2a1cd0c96c9bd54ff646d9d9ccb
Opcode Fuzzy Hash: 7dcf710799abc44ddf9b1729ff8e4c79730672ce58fc48c80c262d61a60e784d
Instruction Fuzzy Hash: E3311D51E0CE4F8BFA60A65ABD4037C22415F557B4F9500B6C99E172F2EDDDAC8A9302

Function 00007FFE126D489D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FFE126D48EB
WSAGetLastError.WS2_32 ref: 00007FFE126D48FA

Strings

tcp_send, xrefs: 00007FFE126D4906, 00007FFE126D4937
tcp_recv, xrefs: 00007FFE126D4957
[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126D490D
[E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d), xrefs: 00007FFE126D493E
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE126D495E

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastsend
String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
API String ID: 1802528911-690514478
Opcode ID: f5ed6a7e91a2a29f0ed113ceb27407fee5528338d24d9cfe335694d9ee608d87
Instruction ID: 2ff763cbaeae98dbdb81a8029af1da10622498828f97481690761be680439ce4
Opcode Fuzzy Hash: f5ed6a7e91a2a29f0ed113ceb27407fee5528338d24d9cfe335694d9ee608d87
Instruction Fuzzy Hash: 2221AE55B18D4A83FA208B2BAD806B85241BF18BF4F5443B0DDBD4BAF1DEACA9558300

Function 00007FFE1150B56D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FFE1150B5BB
WSAGetLastError.WS2_32 ref: 00007FFE1150B5CA

Strings

[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE1150B62E
tcp_send, xrefs: 00007FFE1150B5D6, 00007FFE1150B607
[E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d), xrefs: 00007FFE1150B60E
tcp_recv, xrefs: 00007FFE1150B627
[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1150B5DD

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastsend
String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
API String ID: 1802528911-690514478
Opcode ID: c9f19f32b5df819760338bec0d2a147b920345362efdfe3d7456cba7c5dbbd7a
Instruction ID: a81efd7b30064c1e5f96c4f9dd31861cf8146e5baf60e7bd43f2c73ccaf9d45e
Opcode Fuzzy Hash: c9f19f32b5df819760338bec0d2a147b920345362efdfe3d7456cba7c5dbbd7a
Instruction Fuzzy Hash: E621DE65B08E0341EB214FA7A9806BC525AAF097F0F5803B8DC2C8B6F2FE2DA5458300

Function 00007FFE126D9281 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FFE126D9297
strcmp.MSVCRT ref: 00007FFE126D92DA
OpenProcess.KERNEL32 ref: 00007FFE126D92F2
TerminateProcess.KERNEL32 ref: 00007FFE126D930C
GetLastError.KERNEL32 ref: 00007FFE126D931A
GetLastError.KERNEL32 ref: 00007FFE126D9514
CloseHandle.KERNEL32 ref: 00007FFE126D96A5

Strings

[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FFE126D932C
process_kill, xrefs: 00007FFE126D9325

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$OpenTerminatestrcmp
String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1221532209-1116693529
Opcode ID: 6f4592497d5f64ef2bbb820cb7689dfd57b1a9d751fb8f01230840f11b2ddb6a
Instruction ID: a7e4cc8ca7edfc6897539c73f7becb6b11b92f97657dae8a29a38d1e819d2703
Opcode Fuzzy Hash: 6f4592497d5f64ef2bbb820cb7689dfd57b1a9d751fb8f01230840f11b2ddb6a
Instruction Fuzzy Hash: 76117C15E1AF0B47FB659B97ACC037A2392AF55775F1400B5C88E066F1EEEEE8498200

Function 00007FFE126D927A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FFE126D9297
strcmp.MSVCRT ref: 00007FFE126D92DA
OpenProcess.KERNEL32 ref: 00007FFE126D92F2
TerminateProcess.KERNEL32 ref: 00007FFE126D930C
GetLastError.KERNEL32 ref: 00007FFE126D931A
GetLastError.KERNEL32 ref: 00007FFE126D9514
CloseHandle.KERNEL32 ref: 00007FFE126D96A5

Strings

[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FFE126D932C
process_kill, xrefs: 00007FFE126D9325

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$OpenTerminatestrcmp
String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1221532209-1116693529
Opcode ID: 93fc96329f73007c35746c868cfb508d14210149105aa23a18dee84d4ea970eb
Instruction ID: a5cb12af1a6d1604919bf24f773c16ce3ada4229474d448dfd1f62d99700df28
Opcode Fuzzy Hash: 93fc96329f73007c35746c868cfb508d14210149105aa23a18dee84d4ea970eb
Instruction Fuzzy Hash: 2B117F15E1AF0F47FB659B97ACD037A2392AF55775F1400B5C88E062F1EEEEE8498200

Function 00007FFE126D9273 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FFE126D9297
strcmp.MSVCRT ref: 00007FFE126D92DA
OpenProcess.KERNEL32 ref: 00007FFE126D92F2
TerminateProcess.KERNEL32 ref: 00007FFE126D930C
GetLastError.KERNEL32 ref: 00007FFE126D931A
GetLastError.KERNEL32 ref: 00007FFE126D9514
CloseHandle.KERNEL32 ref: 00007FFE126D96A5

Strings

[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FFE126D932C
process_kill, xrefs: 00007FFE126D9325

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$OpenTerminatestrcmp
String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1221532209-1116693529
Opcode ID: d7a0d7f5a7b2a4e3d400a787d61450851b263e017d5bd8201c9c34e13afcf3dd
Instruction ID: 658427271041e55cedc357951787912004ddc9a77b9385e894096a9b19ba9030
Opcode Fuzzy Hash: d7a0d7f5a7b2a4e3d400a787d61450851b263e017d5bd8201c9c34e13afcf3dd
Instruction Fuzzy Hash: FC117C15E1AF0B47FB659B97ACD037A2392AF55775F1400B5C88E062F1EEEEE8498200

Function 00007FFE126D936D Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FFE126D9297
strcmp.MSVCRT ref: 00007FFE126D92DA
OpenProcess.KERNEL32 ref: 00007FFE126D92F2
TerminateProcess.KERNEL32 ref: 00007FFE126D930C
GetLastError.KERNEL32 ref: 00007FFE126D931A
GetLastError.KERNEL32 ref: 00007FFE126D9514
CloseHandle.KERNEL32 ref: 00007FFE126D96A5

Strings

[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FFE126D932C
process_kill, xrefs: 00007FFE126D9325

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$OpenTerminatestrcmp
String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1221532209-1116693529
Opcode ID: f74b715ccb6925c361faf0dc0f44663209a238fdca931a3afb68363d493b3dfd
Instruction ID: c93d6ad777fddae2c8314393a477b1491b82584603a727603ff8325330a00e69
Opcode Fuzzy Hash: f74b715ccb6925c361faf0dc0f44663209a238fdca931a3afb68363d493b3dfd
Instruction Fuzzy Hash: 9E117C15E1AF0B47FB659B97ACC037A2292AF55775F1440B5C88E062F1EEEEE8498200

Function 00007FFE1150EC41 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FFE1150EC57
strcmp.MSVCRT ref: 00007FFE1150EC9A
OpenProcess.KERNEL32 ref: 00007FFE1150ECB2
TerminateProcess.KERNEL32 ref: 00007FFE1150ECCC
GetLastError.KERNEL32 ref: 00007FFE1150ECDA
GetLastError.KERNEL32 ref: 00007FFE1150EED4
CloseHandle.KERNEL32 ref: 00007FFE1150F065

Strings

process_kill, xrefs: 00007FFE1150ECE5
[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FFE1150ECEC

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$OpenTerminatestrcmp
String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1221532209-1116693529
Opcode ID: 6b2bf3dba12848de8549e9a6170e6c7b27bbc81ec1cc257075f236f2d8ffd292
Instruction ID: 761cb948efcb60f6e1969ce9e34a7f5bb361f38d695cbd8467bf9a86e88a4d19
Opcode Fuzzy Hash: 6b2bf3dba12848de8549e9a6170e6c7b27bbc81ec1cc257075f236f2d8ffd292
Instruction Fuzzy Hash: 3B118112A0DF1396FB554BC7909033E1699FF057A5F1800BDCC0E4A2B1DF6EF849A201

Function 00007FFE1150ED2D Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FFE1150EC57
strcmp.MSVCRT ref: 00007FFE1150EC9A
OpenProcess.KERNEL32 ref: 00007FFE1150ECB2
TerminateProcess.KERNEL32 ref: 00007FFE1150ECCC
GetLastError.KERNEL32 ref: 00007FFE1150ECDA
GetLastError.KERNEL32 ref: 00007FFE1150EED4
CloseHandle.KERNEL32 ref: 00007FFE1150F065

Strings

process_kill, xrefs: 00007FFE1150ECE5
[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FFE1150ECEC

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$OpenTerminatestrcmp
String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1221532209-1116693529
Opcode ID: 2170fb843dc9024c7a72dd777fd7c8e8f87c2e469e68bf6523431c34d069a559
Instruction ID: 954152c7cb4bb720f8c84544127936eb4b10c0f8ce2c156cdb1ee48b504f0e47
Opcode Fuzzy Hash: 2170fb843dc9024c7a72dd777fd7c8e8f87c2e469e68bf6523431c34d069a559
Instruction Fuzzy Hash: CA117F12A0DF1396FB554BC7949033E1699FF057A5F1840BDCC0E462B1DF6EE889A201

Function 00007FFE126D893C Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 157stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE126D8976
strlen.MSVCRT ref: 00007FFE126D8981

Strings

(pattern != NULL), xrefs: 00007FFE126D89E5
((match == NULL) || (match_len != NULL)), xrefs: 00007FFE126D8A1E
str_match, xrefs: 00007FFE126D89B3, 00007FFE126D89EC, 00007FFE126D8A25
C:/Projects/rdp/bot/codebase/utils.c, xrefs: 00007FFE126D89A5, 00007FFE126D89DE, 00007FFE126D8A17
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D89BA, 00007FFE126D89F3, 00007FFE126D8A2C
(needle != NULL), xrefs: 00007FFE126D89AC

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strlen
String ID: ((match == NULL) || (match_len != NULL))$(needle != NULL)$(pattern != NULL)$C:/Projects/rdp/bot/codebase/utils.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$str_match
API String ID: 39653677-892027187
Opcode ID: dda567349ec99dcddd5be3e3eef9e17723494d5e456f79aab727309c5bcd18ac
Instruction ID: a9ec1131fb016230743accf0a0949d9a656f5ea61ea71e29c8e60fbbcdc0328a
Opcode Fuzzy Hash: dda567349ec99dcddd5be3e3eef9e17723494d5e456f79aab727309c5bcd18ac
Instruction Fuzzy Hash: 9751D751B0CD8F92FE208B57AD197B91651BF017A8F8840B2D98D0B6F1EEBDA916C300

Function 00007FFE126D2ADD Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

EnterCriticalSection.KERNEL32 ref: 00007FFE126D2B15
GetProcessHeap.KERNEL32 ref: 00007FFE126D2B62
HeapFree.KERNEL32 ref: 00007FFE126D2B73
LeaveCriticalSection.KERNEL32 ref: 00007FFE126D2B96

Strings

[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE126D2B83
[E] (%s) -> Failed(handler=0x%p), xrefs: 00007FFE126D2BBA
[D] (%s) -> Requested(handler=0x%p), xrefs: 00007FFE126D2AF0
ebus_unsubscribe, xrefs: 00007FFE126D2AE9, 00007FFE126D2B7C, 00007FFE126D2BB3

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CriticalHeapSection$EnterFreeLeaveProcessfflushfwrite
String ID: [D] (%s) -> Requested(handler=0x%p)$[E] (%s) -> Failed(handler=0x%p)$[I] (%s) -> Done(handler=0x%p)$ebus_unsubscribe
API String ID: 2011334650-1527096901
Opcode ID: 60dbd24cb8195e753da08d34ad23b942db4597d253108ddfd3f1a4b75fba148a
Instruction ID: 024db4204976cf9b7a67ec58b0f0045c28f2bfae6964a67674c316fcc09cb1f2
Opcode Fuzzy Hash: 60dbd24cb8195e753da08d34ad23b942db4597d253108ddfd3f1a4b75fba148a
Instruction Fuzzy Hash: 2F21DC50A0AE0F96FE159F23EC911B82391AF54FB4F4894B5C94D0A7F6EEECE4468310

Function 00007FFE126D8139 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 57stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE126D81B2
strlen.MSVCRT ref: 00007FFE126D81CE
strcat.MSVCRT ref: 00007FFE126D81DD
strlen.MSVCRT ref: 00007FFE126D81E8

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D8187
(file_path != NULL), xrefs: 00007FFE126D818E
fs_module_file, xrefs: 00007FFE126D8195
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D819C

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: strlen$strcat
String ID: (file_path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_module_file
API String ID: 2335785903-2423714266
Opcode ID: 98633d643f2fa153ff4bd1d2eb28ca78fc1e22ebfa149f2c4a083f6ca115ba09
Instruction ID: 4e47b20e507a6278607cdedd3c45640a9ba070e0d8e213a962163445689c0b38
Opcode Fuzzy Hash: 98633d643f2fa153ff4bd1d2eb28ca78fc1e22ebfa149f2c4a083f6ca115ba09
Instruction Fuzzy Hash: 03119691A0CE4F85FB559B179D087B957515F11BE4F4C41B0DE8D0A2F2EEBC941AC340

Function 00007FFE126D7937 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FFE126D7940
GetLastError.KERNEL32 ref: 00007FFE126D7985

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE126D795D
(path != NULL), xrefs: 00007FFE126D7964
fs_path_exists, xrefs: 00007FFE126D796B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D7972

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
API String ID: 1799206407-4111913120
Opcode ID: 3e653d2a1f3f8e34072ed63f7c5697a327472162f466aec2d27c6ce9d0a95ad8
Instruction ID: 7436161436954d5e76f944176e2c5c1daff75c5bf67788e0e36ba8b6b9346c57
Opcode Fuzzy Hash: 3e653d2a1f3f8e34072ed63f7c5697a327472162f466aec2d27c6ce9d0a95ad8
Instruction Fuzzy Hash: E321B761E0CCDF83FB2A466AAC5437D11415F04336F6445B2D09E8D1F4DEDDE9855243

Function 00007FFE126D3E70 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 42COMMON

Download Yara Rule

APIs

inet_addr.WS2_32 ref: 00007FFE126D3E82

Strings

(v != NULL), xrefs: 00007FFE126D3EF9
(s != NULL), xrefs: 00007FFE126D3EC9
ip4_from_str, xrefs: 00007FFE126D3ED0, 00007FFE126D3F00
C:/Projects/rdp/bot/codebase/net.c, xrefs: 00007FFE126D3EC2, 00007FFE126D3EF2
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126D3ED7, 00007FFE126D3F07

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: inet_addr
String ID: (s != NULL)$(v != NULL)$C:/Projects/rdp/bot/codebase/net.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$ip4_from_str
API String ID: 1393076350-1216860922
Opcode ID: 620f199b0a00be557768cdf46eda07ecd77f5febd471f9397a369252cefe9704
Instruction ID: fe93699486878787bd7e56d33af10ef822c59ff296fe7dcb41f0198d79a2be89
Opcode Fuzzy Hash: 620f199b0a00be557768cdf46eda07ecd77f5febd471f9397a369252cefe9704
Instruction Fuzzy Hash: B51130A1A08E4FD3FB11DB23AC503B85360AF10328F4441B2D59D4A1F0EFFDA9668B41

Function 00007FFE126D4CFC Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE126D3E04: LoadLibraryA.KERNEL32 ref: 00007FFE126D3E12

GetLastError.KERNEL32 ref: 00007FFE126D4D78

Part of subcall function 00007FFE126D3D83: GetProcAddress.KERNEL32 ref: 00007FFE126D3DA3

Strings

Done, xrefs: 00007FFE126D4D54
[I] (%s) -> %s, xrefs: 00007FFE126D4D62
Wow64RevertWow64FsRedirection, xrefs: 00007FFE126D4D1D
kernel32, xrefs: 00007FFE126D4D09
[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu), xrefs: 00007FFE126D4D88
fs_wow_redir_revert, xrefs: 00007FFE126D4D5B, 00007FFE126D4D81

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: AddressErrorLastLibraryLoadProc
String ID: Done$Wow64RevertWow64FsRedirection$[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_revert$kernel32
API String ID: 3511525774-1584720945
Opcode ID: e8dd00e081f08df5f59cc19417fbb6108acdd2fa6c1e8984d2d542c1b529ee79
Instruction ID: ed1036e94a6adde977fc777685f334fb4ecc99350cddf3999dc783deafa01bda
Opcode Fuzzy Hash: e8dd00e081f08df5f59cc19417fbb6108acdd2fa6c1e8984d2d542c1b529ee79
Instruction Fuzzy Hash: 7E11A560E1EE4B82FB11DB17AC513B42260AF44764F9400B2D48E862F5EEEDE994C750

Function 00007FFE11508563 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

scm_stop, xrefs: 00007FFE11508814
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$CloseControlErrorHandleLastOpen
String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
API String ID: 3311966420-638458398
Opcode ID: 39d226b17c5d19a97b0f081be26e22e7528f54a1ea2593885e11c26f739b76bf
Instruction ID: c991bcb21e4ecb6f72219ee7f5797a14c6bb703f6697aff61ec7dc96b0d058ac
Opcode Fuzzy Hash: 39d226b17c5d19a97b0f081be26e22e7528f54a1ea2593885e11c26f739b76bf
Instruction Fuzzy Hash: 53018C62F08E0382FF509B87A48467913A9BF49BA4F0454BAC90E433B5EE7CE4448300

Function 00007FFE1150854F Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

scm_stop, xrefs: 00007FFE11508814
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$CloseControlErrorHandleLastOpen
String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
API String ID: 3311966420-638458398
Opcode ID: 1354183fb5f3b1a4a496faa34c4fce142fe0e3d090115fcd85ed68cc77a5d5cb
Instruction ID: 7b7e5c504f72f9387ffadabbaab48cafe37409aaf43e332e85c81da85efd1e36
Opcode Fuzzy Hash: 1354183fb5f3b1a4a496faa34c4fce142fe0e3d090115fcd85ed68cc77a5d5cb
Instruction Fuzzy Hash: 6F018C62F08E0381FF509B87A88467913A9BF49BA4F0454BAC90E433B5EE7CE5448301

Function 00007FFE11508559 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

scm_stop, xrefs: 00007FFE11508814
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$CloseControlErrorHandleLastOpen
String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
API String ID: 3311966420-638458398
Opcode ID: d755a79ff02b9631c0372abdcf40374a3b633505cadf7dddc6cc8c77f0f91b2d
Instruction ID: b0bc9b315e9999d16610045f74d64bedf4f84c3c9afb88e4c44de4a55c209bcc
Opcode Fuzzy Hash: d755a79ff02b9631c0372abdcf40374a3b633505cadf7dddc6cc8c77f0f91b2d
Instruction Fuzzy Hash: DE018C62F08E0381FF509B87A48467913A9BF49BA5F0454B9C90E433B6EE7CE4448300

Function 00007FFE115084A4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

scm_stop, xrefs: 00007FFE11508814
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$CloseControlErrorHandleLastOpen
String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
API String ID: 3311966420-638458398
Opcode ID: 1354183fb5f3b1a4a496faa34c4fce142fe0e3d090115fcd85ed68cc77a5d5cb
Instruction ID: 7b7e5c504f72f9387ffadabbaab48cafe37409aaf43e332e85c81da85efd1e36
Opcode Fuzzy Hash: 1354183fb5f3b1a4a496faa34c4fce142fe0e3d090115fcd85ed68cc77a5d5cb
Instruction Fuzzy Hash: 6F018C62F08E0381FF509B87A88467913A9BF49BA4F0454BAC90E433B5EE7CE5448301

Function 00007FFE115084AE Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

scm_stop, xrefs: 00007FFE11508814
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$CloseControlErrorHandleLastOpen
String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
API String ID: 3311966420-638458398
Opcode ID: d755a79ff02b9631c0372abdcf40374a3b633505cadf7dddc6cc8c77f0f91b2d
Instruction ID: b0bc9b315e9999d16610045f74d64bedf4f84c3c9afb88e4c44de4a55c209bcc
Opcode Fuzzy Hash: d755a79ff02b9631c0372abdcf40374a3b633505cadf7dddc6cc8c77f0f91b2d
Instruction Fuzzy Hash: DE018C62F08E0381FF509B87A48467913A9BF49BA5F0454B9C90E433B6EE7CE4448300

Function 00007FFE115084B8 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

scm_stop, xrefs: 00007FFE11508814
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$CloseControlErrorHandleLastOpen
String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
API String ID: 3311966420-638458398
Opcode ID: 39d226b17c5d19a97b0f081be26e22e7528f54a1ea2593885e11c26f739b76bf
Instruction ID: c991bcb21e4ecb6f72219ee7f5797a14c6bb703f6697aff61ec7dc96b0d058ac
Opcode Fuzzy Hash: 39d226b17c5d19a97b0f081be26e22e7528f54a1ea2593885e11c26f739b76bf
Instruction Fuzzy Hash: 53018C62F08E0382FF509B87A48467913A9BF49BA4F0454BAC90E433B5EE7CE4448300

Function 00007FFE1150889A Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

scm_stop, xrefs: 00007FFE11508814
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$CloseControlErrorHandleLastOpen
String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
API String ID: 3311966420-638458398
Opcode ID: c33561d12d3229e8870e97e301ee69838ae1b1f69a4fb9fb7f5ba37d45c04149
Instruction ID: 5abbb35e846caa1a36decf62a35e7d5f08d7df47bb41201d694f7f7c15a6e3a4
Opcode Fuzzy Hash: c33561d12d3229e8870e97e301ee69838ae1b1f69a4fb9fb7f5ba37d45c04149
Instruction Fuzzy Hash: 62018C62F08E0381FF509B87E88467913A9BF49BA4F0454B9C90E433B5EE7CE4888300

Function 00007FFE1150884A Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE115087AF
OpenServiceA.ADVAPI32 ref: 00007FFE115087CD
ControlService.ADVAPI32 ref: 00007FFE115087EC
GetLastError.KERNEL32 ref: 00007FFE115087FA

Strings

scm_stop, xrefs: 00007FFE11508814
[E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu), xrefs: 00007FFE1150881B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Service$CloseControlErrorHandleLastOpen
String ID: [E] (%s) -> ControlService(SERVICE_CONTROL_STOP) failed(lpServiceName=%s,gle=%lu)$scm_stop
API String ID: 3311966420-638458398
Opcode ID: c33561d12d3229e8870e97e301ee69838ae1b1f69a4fb9fb7f5ba37d45c04149
Instruction ID: 5abbb35e846caa1a36decf62a35e7d5f08d7df47bb41201d694f7f7c15a6e3a4
Opcode Fuzzy Hash: c33561d12d3229e8870e97e301ee69838ae1b1f69a4fb9fb7f5ba37d45c04149
Instruction Fuzzy Hash: 62018C62F08E0381FF509B87E88467913A9BF49BA4F0454B9C90E433B5EE7CE4888300

Function 00007FFE126D4C60 Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE126D3E04: LoadLibraryA.KERNEL32 ref: 00007FFE126D3E12

Part of subcall function 00007FFE126D3D83: GetProcAddress.KERNEL32 ref: 00007FFE126D3DA3

GetLastError.KERNEL32 ref: 00007FFE126D4CC0

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

fs_wow_redir_disable, xrefs: 00007FFE126D4CA3, 00007FFE126D4CC9
Wow64DisableWow64FsRedirection, xrefs: 00007FFE126D4C78
Done, xrefs: 00007FFE126D4C9C
[I] (%s) -> %s, xrefs: 00007FFE126D4CAA
kernel32, xrefs: 00007FFE126D4C64
[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu), xrefs: 00007FFE126D4CD0

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: AddressErrorLastLibraryLoadProcfflushfwrite
String ID: Done$Wow64DisableWow64FsRedirection$[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_disable$kernel32
API String ID: 1533789296-1853374401
Opcode ID: 3c6fde57ad9de5adf9d03fa5379e8ba19824a2bc27a12cabdc5cee2dc70506b6
Instruction ID: 9426e6b0476af6cd5e6be2e71c912db7edf5eb14f289f401f0f656c9336504da
Opcode Fuzzy Hash: 3c6fde57ad9de5adf9d03fa5379e8ba19824a2bc27a12cabdc5cee2dc70506b6
Instruction Fuzzy Hash: 1D019360E1EE4FD2FB10DB17AC913B81260AF04B64F8404F2D44E866F1EEECE9958750

Function 00007FFE11506C55 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE1150BC64: LoadLibraryA.KERNEL32 ref: 00007FFE1150BC72

Part of subcall function 00007FFE1150B989: FindResourceA.KERNEL32 ref: 00007FFE1150B9B6
Part of subcall function 00007FFE1150B989: LoadResource.KERNEL32 ref: 00007FFE1150B9CE

FreeLibrary.KERNEL32 ref: 00007FFE11506C87

Strings

(ver != NULL), xrefs: 00007FFE11506CA5
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11506CB3
termsrv.dll, xrefs: 00007FFE11506C63
rdp_version, xrefs: 00007FFE11506CAC
C:/Projects/rdp/bot/rpd-controller/rdp.c, xrefs: 00007FFE11506C9E

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: LibraryLoadResource$FindFree
String ID: (ver != NULL)$C:/Projects/rdp/bot/rpd-controller/rdp.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$rdp_version$termsrv.dll
API String ID: 3272429154-2519045969
Opcode ID: 1ae8dc0e7033f0d680bada044a56bc459b1fd35c778bb9db268845c80eb1e7a7
Instruction ID: 058ac08102e3c122b928f1fbcc5fda0b60bb0022b91d66ba3e3dd75e41024c8e
Opcode Fuzzy Hash: 1ae8dc0e7033f0d680bada044a56bc459b1fd35c778bb9db268845c80eb1e7a7
Instruction Fuzzy Hash: 69F0E760E0DE0791FF21DB93A8945B81259AF48774F9801BAD90E063B2EE2CB94AC314

Function 00007FFE126D2EAB Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 28synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FFE126D2ECB
CloseHandle.KERNEL32 ref: 00007FFE126D2ED8

Part of subcall function 00007FFE126D2ADD: EnterCriticalSection.KERNEL32 ref: 00007FFE126D2B15
Part of subcall function 00007FFE126D2ADD: GetProcessHeap.KERNEL32 ref: 00007FFE126D2B62
Part of subcall function 00007FFE126D2ADD: HeapFree.KERNEL32 ref: 00007FFE126D2B73
Part of subcall function 00007FFE126D2ADD: LeaveCriticalSection.KERNEL32 ref: 00007FFE126D2B96

DeleteCriticalSection.KERNEL32 ref: 00007FFE126D2F06

Strings

[I] (%s) -> %s, xrefs: 00007FFE126D2F30
Done, xrefs: 00007FFE126D2F22
ebus_cleanup, xrefs: 00007FFE126D2F29

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CriticalSection$Heap$CloseDeleteEnterFreeHandleLeaveObjectProcessSingleWait
String ID: Done$[I] (%s) -> %s$ebus_cleanup
API String ID: 3198640931-3713968270
Opcode ID: 70793c2a016fe52366cf0e1d994800624d52a6a0fdbe5a5cf153969d17cf4d9a
Instruction ID: 00bcafb46d81632830885a0b2ebe78316228f601134c4471db21db5bb138be76
Opcode Fuzzy Hash: 70793c2a016fe52366cf0e1d994800624d52a6a0fdbe5a5cf153969d17cf4d9a
Instruction Fuzzy Hash: 28019320A08E8A81FA14DB23EC953B42361BF80774F5447F5D47D4A2F5EFEDA9899710

Function 00007FFE126DAB58 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 187memorystringCOMMON

Download Yara Rule

APIs

strcpy.MSVCRT ref: 00007FFE126DABB8

Part of subcall function 00007FFE126D5A75: fopen.MSVCRT ref: 00007FFE126D5ABA
Part of subcall function 00007FFE126D5A75: fseek.MSVCRT ref: 00007FFE126D5AD9
Part of subcall function 00007FFE126D5A75: _errno.MSVCRT ref: 00007FFE126D5AED
Part of subcall function 00007FFE126D5A75: _errno.MSVCRT ref: 00007FFE126D5B08

Part of subcall function 00007FFE126D489D: send.WS2_32 ref: 00007FFE126D48EB
Part of subcall function 00007FFE126D489D: WSAGetLastError.WS2_32 ref: 00007FFE126D48FA

GetProcessHeap.KERNEL32 ref: 00007FFE126DABE5
HeapFree.KERNEL32 ref: 00007FFE126DABF6

Strings

(, xrefs: 00007FFE126DABFC
-RGMLWD-, xrefs: 00007FFE126DAC0C
ORRE, xrefs: 00007FFE126DAC04

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Heap_errno$ErrorFreeLastProcessfopenfseeksendstrcpy
String ID: ($-RGMLWD-$ORRE
API String ID: 1421482426-2390005167
Opcode ID: 9bd85fb98a04c2d7f282292f880e28581716fbf9b3cf189157d077e1d52ab63c
Instruction ID: 47aff7d7aa583c1aa84ec27c7082726885dc1862b62f97dcd095154204c36db3
Opcode Fuzzy Hash: 9bd85fb98a04c2d7f282292f880e28581716fbf9b3cf189157d077e1d52ab63c
Instruction Fuzzy Hash: A7719572A0CE9E83EA609B26A9403BD6751DB41BB4F500271EADD077F5CEADDC468B40

Function 00007FFE126D100C Relevance: 9.1, APIs: 6, Instructions: 102sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,00000000,00007FFE126E1034,00007FFE126D1243), ref: 00007FFE126D1081
_amsg_exit.MSVCRT ref: 00007FFE126D10A3
_initterm.MSVCRT ref: 00007FFE126D10DD
Sleep.KERNEL32(?,00000000,00007FFE126E1034,00007FFE126D1243), ref: 00007FFE126D1135
_amsg_exit.MSVCRT ref: 00007FFE126D114C

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Sleep_amsg_exit$_initterm
String ID:
API String ID: 2193611136-0
Opcode ID: 0d59a9bbdadfa98793d80cd63363695fbedac232d6db2798325d0230d2e31b90
Instruction ID: 93001bf90636edd9fde984d994cc379f50f5db709080a3a5a870018aabd16685
Opcode Fuzzy Hash: 0d59a9bbdadfa98793d80cd63363695fbedac232d6db2798325d0230d2e31b90
Instruction Fuzzy Hash: 3A413821A09E8EC6FB55DB13EC5027922A1BF58BA4F5844F1CA4D973F5EEECE8418310

Function 00007FFE126DA1D0 Relevance: 9.0, APIs: 2, Strings: 4, Instructions: 24COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FFE126DA1E8
CloseHandle.KERNEL32 ref: 00007FFE126DA1EE

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126DA219
process_free, xrefs: 00007FFE126DA212
(pi != NULL), xrefs: 00007FFE126DA20B
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FFE126DA204

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CloseHandle
String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$process_free
API String ID: 2962429428-1801624891
Opcode ID: 48091f2a0962f079f29521df7b3f5c81ad1906a3e722640791fc8fab62d4ab0b
Instruction ID: 9b3e67fc830fc9dc4b1b52fa6217c8ec5f40dcd821d133a0453ad98b0febf6c1
Opcode Fuzzy Hash: 48091f2a0962f079f29521df7b3f5c81ad1906a3e722640791fc8fab62d4ab0b
Instruction Fuzzy Hash: 61F0F861A18D9F85FA00DB26FC501B82720AF50768F8441B2D94D176F0DEACD946C340

Function 00007FFE115081B3 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 33COMMON

Download Yara Rule

APIs

_stricmp.MSVCRT ref: 00007FFE115081F7

Strings

(name != NULL), xrefs: 00007FFE11508212
scm_find, xrefs: 00007FFE11508219
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11508220
C:/Projects/rdp/bot/codebase/scm.c, xrefs: 00007FFE1150820B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: _stricmp
String ID: (name != NULL)$C:/Projects/rdp/bot/codebase/scm.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$scm_find
API String ID: 2884411883-2863218139
Opcode ID: c277aa45597e2b8e077a23331a0580097456e195fb04bf7e1bf7432c4daca58d
Instruction ID: 07112cd2ae8dcf238d1434ddeb6a737f2202b1e0816597cbf402d3fab3e16768
Opcode Fuzzy Hash: c277aa45597e2b8e077a23331a0580097456e195fb04bf7e1bf7432c4daca58d
Instruction Fuzzy Hash: 1F014B61E0EE0790FF559BA2E4447BA63A9EF447A4F4810B9E94F062B0EF7CE545C701

Function 00007FFE126D4042 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28networkCOMMON

Download Yara Rule

APIs

shutdown.WS2_32 ref: 00007FFE126D4050
WSAGetLastError.WS2_32 ref: 00007FFE126D4079

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[D] (%s) -> Done(sock=0x%llx), xrefs: 00007FFE126D4065
[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d), xrefs: 00007FFE126D4097
sock_shutdown, xrefs: 00007FFE126D405E, 00007FFE126D4090

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteshutdown
String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d)$sock_shutdown
API String ID: 2143829457-932964775
Opcode ID: 593188122a7cfa4796afd97ec4a7eab56fafb39927c9130e4034bde85502587f
Instruction ID: f1a169f60b4b8f903f4230d02fb9e23d24c9de2bb1a0edb871cd35dcae2bef55
Opcode Fuzzy Hash: 593188122a7cfa4796afd97ec4a7eab56fafb39927c9130e4034bde85502587f
Instruction Fuzzy Hash: 6DF05E21E0CC4BD2FA20A72BEC450F92650AF10BB0F9445B2E94C462F5EFECA95A8301

Function 00007FFE126D40A5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26networkCOMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00007FFE126D40C6
WSAGetLastError.WS2_32 ref: 00007FFE126D40E9

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[D] (%s) -> Done(sock=0x%llx), xrefs: 00007FFE126D40DB
[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126D40FC
sock_close, xrefs: 00007FFE126D40D4, 00007FFE126D40F5

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastclosesocketfflushfwrite
String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d)$sock_close
API String ID: 152032778-2221966578
Opcode ID: f7103db33014c39b255244beb88c324541c5afc457535d89a7f2c5182b634700
Instruction ID: 20f52e4dd9314662cc152839a4144e9ad441ba68c692d37feabdcfcba603feea
Opcode Fuzzy Hash: f7103db33014c39b255244beb88c324541c5afc457535d89a7f2c5182b634700
Instruction Fuzzy Hash: 68F05E50E08D8F82FA10AB67EC410F922509F14BB0F9413B5D57D462F5ADECA9598301

Function 00007FFE1150AD75 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26networkCOMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00007FFE1150AD96
WSAGetLastError.WS2_32 ref: 00007FFE1150ADB9

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1150ADCC
[D] (%s) -> Done(sock=0x%llx), xrefs: 00007FFE1150ADAB
sock_close, xrefs: 00007FFE1150ADA4, 00007FFE1150ADC5

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastclosesocketfflushfwrite
String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d)$sock_close
API String ID: 152032778-2221966578
Opcode ID: bb115bf1a3de3cb7bfef1c94fb363b858f8f74bf0ac96ec09b59a5527da0d493
Instruction ID: efaa5d3860f74aaa780615935d8ac2eb26afb7d541f01594bdcf37e2b6f404c1
Opcode Fuzzy Hash: bb115bf1a3de3cb7bfef1c94fb363b858f8f74bf0ac96ec09b59a5527da0d493
Instruction Fuzzy Hash: D4F05E61E4CD0392FB116BE7E8514B823299F15B71F1403F9D53D062F2AF1CA5458301

Function 00007FFE1150CCAC Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE1150CCC6
DeleteCriticalSection.KERNEL32 ref: 00007FFE1150CCF3

Strings

[I] (%s) -> %s, xrefs: 00007FFE1150CD12
Done, xrefs: 00007FFE1150CD04
debug_cleanup, xrefs: 00007FFE1150CD0B

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalDeleteSectionfclose
String ID: Done$[I] (%s) -> %s$debug_cleanup
API String ID: 3387974148-4247581856
Opcode ID: aeb4f1ca7e14951c31381153f3446be483603443577fafeadf4f5bda74db2a5f
Instruction ID: c60917ecea395240720e1a285ede7a52164eda40bc31b7337444f8f72057a0f0
Opcode Fuzzy Hash: aeb4f1ca7e14951c31381153f3446be483603443577fafeadf4f5bda74db2a5f
Instruction Fuzzy Hash: B1F03A21E0AE03C5FB419BD3E8A53B4236EAF58324F5414F9C44D06671CF7DB0498782

Function 00007FFE11508D53 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 19serviceCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE11507607: GetProcessHeap.KERNEL32 ref: 00007FFE1150763D
Part of subcall function 00007FFE11507607: HeapFree.KERNEL32 ref: 00007FFE1150764E
Part of subcall function 00007FFE11507607: GetProcessHeap.KERNEL32 ref: 00007FFE11507662
Part of subcall function 00007FFE11507607: HeapFree.KERNEL32 ref: 00007FFE11507673

CloseServiceHandle.ADVAPI32 ref: 00007FFE11508D68
DeleteCriticalSection.KERNEL32 ref: 00007FFE11508D7A

Strings

Done, xrefs: 00007FFE11508D96
[I] (%s) -> %s, xrefs: 00007FFE11508DA4
scm_cleanup, xrefs: 00007FFE11508D9D

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$FreeProcess$CloseCriticalDeleteHandleSectionService
String ID: Done$[I] (%s) -> %s$scm_cleanup
API String ID: 3170896351-2182690050
Opcode ID: 57e7b2d492cb600557f65335f972399dcba93579e55ec1ad9c8988fd1aa638ab
Instruction ID: d1ef011f8f3d36b79dcdda82a86073aee6a82100e2b93b130586ca2e96be8127
Opcode Fuzzy Hash: 57e7b2d492cb600557f65335f972399dcba93579e55ec1ad9c8988fd1aa638ab
Instruction Fuzzy Hash: 2CF0152AE0AE03C4FB95DBD3E891778236AAF48768F9401B9C44D022719F3CB108C346

Function 00007FFE126DC9DB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?,?,00007FFE126E1034,?,?,00007FFE126D11A1), ref: 00007FFE126DCC32

Strings

Unknown pseudo relocation bit size %d., xrefs: 00007FFE126DCB5B
Unknown pseudo relocation protocol version %d., xrefs: 00007FFE126DCAD2
%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FFE126DCBCD

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
API String ID: 544645111-1286557213
Opcode ID: d0f3fb6da05cc254e0b3ff34542b3f475c5facd6cc65ea65544b784f58289625
Instruction ID: 977d30ace46e557ae45daabc20291fe0d9671979d396078e6617abc2733fdda4
Opcode Fuzzy Hash: d0f3fb6da05cc254e0b3ff34542b3f475c5facd6cc65ea65544b784f58289625
Instruction Fuzzy Hash: 55615C61F18E5E86EA14CB27ED4067827A0AB44BB4F1481B1DA9D477F9DEBCE541C700

Function 00007FFE126D4176 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE126D419E
WSAGetLastError.WS2_32 ref: 00007FFE126D41B5

Strings

tcp_set_keepalive, xrefs: 00007FFE126D41C5
[E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126D41CC

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_keepalive
API String ID: 1729277954-536111009
Opcode ID: 7ecc009d2ed3ae8a9b0078967a05074eb7a03867f61cbee3818ba73ef7baa526
Instruction ID: 9ca48767a09735fb6c125a33d88d11c99f6e244442e039ee69068fc429061078
Opcode Fuzzy Hash: 7ecc009d2ed3ae8a9b0078967a05074eb7a03867f61cbee3818ba73ef7baa526
Instruction Fuzzy Hash: 67F0BB61A1894587F3509F27BC044756690FF98774F508271ED6D837F4DEBCD90A8B00

Function 00007FFE126D17AC Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 21COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32 ref: 00007FFE126D17F3

Strings

debug_cleanup, xrefs: 00007FFE126D180B
[I] (%s) -> %s, xrefs: 00007FFE126D1812
Done, xrefs: 00007FFE126D1804

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CriticalDeleteSection
String ID: Done$[I] (%s) -> %s$debug_cleanup
API String ID: 166494926-4247581856
Opcode ID: b2552b2603190d3dfbcad6e125bc77a0089a5f81a6dfc14119ca7b5ee64b6f79
Instruction ID: d25525f88869d45f18f4bd3af347a3f613f0743399556c0f5d66edbf5accee36
Opcode Fuzzy Hash: b2552b2603190d3dfbcad6e125bc77a0089a5f81a6dfc14119ca7b5ee64b6f79
Instruction Fuzzy Hash: AFF09D20A19E8BC5FA05DB23ECA43B52260BF51734F8405B5C04D162F5EFED6189C360

Function 00007FFE1150A1DF Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 20COMMON

Download Yara Rule

APIs

DeleteCriticalSection.KERNEL32 ref: 00007FFE1150A215

Strings

[I] (%s) -> %s, xrefs: 00007FFE1150A234
proxy_init, xrefs: 00007FFE1150A22D
Done, xrefs: 00007FFE1150A226

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalDeleteSection
String ID: Done$[I] (%s) -> %s$proxy_init
API String ID: 166494926-991486753
Opcode ID: 2975420c0a3c075b2e3cd463d9d46d928e6aae1cded662ae34a472e4de050931
Instruction ID: 2147b4f76176b156395331e248f6f51a92f425106298825dd9bfc9df838f7cca
Opcode Fuzzy Hash: 2975420c0a3c075b2e3cd463d9d46d928e6aae1cded662ae34a472e4de050931
Instruction Fuzzy Hash: A0F0D425D0BE47C4FB419B93E8457B822AABF54774F8041BAC10E02271DF3CA589C301

Function 00007FFE126D3AD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON

Download Yara Rule

APIs

GetModuleHandleExA.KERNEL32 ref: 00007FFE126D3AEE
GetLastError.KERNEL32 ref: 00007FFE126D3B0B

Strings

module_current, xrefs: 00007FFE126D3B14
[E] (%s) -> GetModuleHandleExA failed(gle=%lu), xrefs: 00007FFE126D3B1B

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: ErrorHandleLastModule
String ID: [E] (%s) -> GetModuleHandleExA failed(gle=%lu)$module_current
API String ID: 4242514867-2427012484
Opcode ID: d11d240018aab1f42355d239cf3f525ac66d3e20a7cc312227a91e68f9aaca59
Instruction ID: 727ed38fd280d448bc0d1197106782500d1f3816ed164268b456b32ad2572b44
Opcode Fuzzy Hash: d11d240018aab1f42355d239cf3f525ac66d3e20a7cc312227a91e68f9aaca59
Instruction Fuzzy Hash: 91F03061A08E0A91F720DB12EC403792760EB447B8F9800B5D58D466F4DEACD258CB40

Function 00007FFE1150B930 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON

Download Yara Rule

APIs

GetModuleHandleExA.KERNEL32 ref: 00007FFE1150B94E
GetLastError.KERNEL32 ref: 00007FFE1150B96B

Strings

[E] (%s) -> GetModuleHandleExA failed(gle=%lu), xrefs: 00007FFE1150B97B
module_current, xrefs: 00007FFE1150B974

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorHandleLastModule
String ID: [E] (%s) -> GetModuleHandleExA failed(gle=%lu)$module_current
API String ID: 4242514867-2427012484
Opcode ID: a689698aadfcd3d6d4072a0834da6b3aa0b2ec0d04f59930c527e4dd69370b82
Instruction ID: c4ce05d2fb2088309d5da4feb2ed910a20efedc867f9a1bbb4d50ee1a3681dcd
Opcode Fuzzy Hash: a689698aadfcd3d6d4072a0834da6b3aa0b2ec0d04f59930c527e4dd69370b82
Instruction Fuzzy Hash: 33F06D65A1CE07D0EB219F92E8803AD2769FF487B8F8801B9C58D026B4CF3CE248C741

Function 00007FFE126D4C27 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9networkCOMMON

Download Yara Rule

APIs

WSACleanup.WS2_32 ref: 00007FFE126D4C2B

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> %s, xrefs: 00007FFE126D4C3F
net_cleanup, xrefs: 00007FFE126D4C38
Done, xrefs: 00007FFE126D4C31

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Cleanupfflushfwrite
String ID: Done$[I] (%s) -> %s$net_cleanup
API String ID: 1441811225-3926276259
Opcode ID: 11f392ae5c464eb5dd1a1c6ad7e6d60bc081ecf5e2099df0fbf8ecaee2072699
Instruction ID: 5cf7221b79ff1cfb1792b86ca8609ca795c17aed758dcd0e658af0fe644f3053
Opcode Fuzzy Hash: 11f392ae5c464eb5dd1a1c6ad7e6d60bc081ecf5e2099df0fbf8ecaee2072699
Instruction Fuzzy Hash: B8D0C964D59C4BD1EA00E716DC460B51320AB50764F9050B1C00D010F09EACA1AA8710

Function 00007FFE126E0850 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FFE126E08CB
IsDBCSLeadByteEx.KERNEL32 ref: 00007FFE126E08E6
MultiByteToWideChar.KERNEL32 ref: 00007FFE126E093A
_errno.MSVCRT ref: 00007FFE126E0944

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Byte$CharMultiWide$Lead_errno
String ID:
API String ID: 2766522060-0
Opcode ID: f125edc36d3b8c8eb07748e4d7d74821e8797b385320d5e951b27f540b9cdcff
Instruction ID: 109220707c275adeea440b88ed8447feccaf87edf1f69e555df53fcc34d850e3
Opcode Fuzzy Hash: f125edc36d3b8c8eb07748e4d7d74821e8797b385320d5e951b27f540b9cdcff
Instruction Fuzzy Hash: A431F872A0CA828AF7708F22AC4037D6A50FB657A8F149171DA9C637E5DBBDD445CB00

Function 00007FFE126D126E Relevance: 6.1, APIs: 4, Instructions: 59COMMON

Download Yara Rule

APIs

_lock.MSVCRT ref: 00007FFE126E0750
_unlock.MSVCRT ref: 00007FFE126E0777
realloc.MSVCRT ref: 00007FFE126E07AD
_unlock.MSVCRT ref: 00007FFE126E07DC

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: _unlock$_lockrealloc
String ID:
API String ID: 4047297157-0
Opcode ID: 2a7e4f9ecfc54b828ce2ac12068c354f055dfaff74910f07e8cc230d271ba141
Instruction ID: 7d6d495d1294f7e7a02d01100bfe5ed0e4107d7c0e2b7d86542e45f094ac4a5b
Opcode Fuzzy Hash: 2a7e4f9ecfc54b828ce2ac12068c354f055dfaff74910f07e8cc230d271ba141
Instruction Fuzzy Hash: DA118E22A0AF4185EF45DF62EC1136862D5EF44BA8F188074DA4C5B3D5EEBCE891C310

Function 00007FFE126D2660 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE126D2699
LeaveCriticalSection.KERNEL32 ref: 00007FFE126D271B

Strings

[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE126D2706
ebus_dispatch, xrefs: 00007FFE126D26FF

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: 49ea56a97abc367d7c5f7885a608cb66da50d361340aeccd66cb374a8bf68df5
Instruction ID: f97910d40bbfa7153639cf1656318922ec349d8087c621fd43606b1a2ba81e1e
Opcode Fuzzy Hash: 49ea56a97abc367d7c5f7885a608cb66da50d361340aeccd66cb374a8bf68df5
Instruction Fuzzy Hash: 4D213B32A08F8A86EB25CF16EC505696360FB54BB4F144171DA9D476F8EFBCE852C710

Function 00007FFE115089A1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE11508A73

Strings

scm_stop, xrefs: 00007FFE115083AA
[E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x), xrefs: 00007FFE115083B1

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x)$scm_stop
API String ID: 1725840886-2743387298
Opcode ID: eada9341f7b65974e50c900dd1b2d16e4aafaf64b06467ad1ef1277b257a6ef0
Instruction ID: af47cd3a9b5031e1cc9d54d09e6604a69786aa327bbdd5b1f372774d2c335cb0
Opcode Fuzzy Hash: eada9341f7b65974e50c900dd1b2d16e4aafaf64b06467ad1ef1277b257a6ef0
Instruction Fuzzy Hash: A3018062F08E4342F7716AD76880BBE128D6F91774F0801BECE5D462B1DE6CE9858300

Function 00007FFE115089AB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE11508A73

Strings

scm_stop, xrefs: 00007FFE115083AA
[E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x), xrefs: 00007FFE115083B1

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x)$scm_stop
API String ID: 1725840886-2743387298
Opcode ID: d37e6684921ac6afd3a3190e2d155180c18594454b0321776bc693f2bf8bce3a
Instruction ID: 83d24077f4e352ae021f9e17cc4bc3d0f1f1529a9da8b8ec40b72199107f0578
Opcode Fuzzy Hash: d37e6684921ac6afd3a3190e2d155180c18594454b0321776bc693f2bf8bce3a
Instruction Fuzzy Hash: 98018062F08E4342F7716AD76880BBE128D6F91774F0801BECE5D462B1DE6CE9858300

Function 00007FFE11508997 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE11508A73

Strings

scm_stop, xrefs: 00007FFE115083AA
[E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x), xrefs: 00007FFE115083B1

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x)$scm_stop
API String ID: 1725840886-2743387298
Opcode ID: b0e45bea8efca1ee1d99ad525f4bd780d33b18cb6567acc56d3d14e090869979
Instruction ID: c4616ab93f2b0cdeee9b96dcd730f7a7ee220cf68bf280633d207ce7e33d3654
Opcode Fuzzy Hash: b0e45bea8efca1ee1d99ad525f4bd780d33b18cb6567acc56d3d14e090869979
Instruction Fuzzy Hash: 18018062F08E4342F7716AD76880BBE128DAF91774F0801BECE5D462B1DE6CE9858300

Function 00007FFE11508A39 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE11508A73

Strings

scm_stop, xrefs: 00007FFE115083AA
[E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x), xrefs: 00007FFE115083B1

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x)$scm_stop
API String ID: 1725840886-2743387298
Opcode ID: 9e9aaee555912c83f6fc53b451cab8b2b66ab17b373ff7a645e401c1bf3bdc3c
Instruction ID: c4616ab93f2b0cdeee9b96dcd730f7a7ee220cf68bf280633d207ce7e33d3654
Opcode Fuzzy Hash: 9e9aaee555912c83f6fc53b451cab8b2b66ab17b373ff7a645e401c1bf3bdc3c
Instruction Fuzzy Hash: 18018062F08E4342F7716AD76880BBE128DAF91774F0801BECE5D462B1DE6CE9858300

Function 00007FFE115089BF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE11508A73

Strings

scm_stop, xrefs: 00007FFE115083AA
[E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x), xrefs: 00007FFE115083B1

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service stop failed(lpServiceName=%s,pid=%lu,err=%08x)$scm_stop
API String ID: 1725840886-2743387298
Opcode ID: 0093b8fea805837825659e0f3e0aaf3ff064e882623dd3e4ab1f24279e994d2e
Instruction ID: d62fab5ed4393aec4aa7f16f19e33d5ec39d2d2071d8f95867a889a37fd1ec39
Opcode Fuzzy Hash: 0093b8fea805837825659e0f3e0aaf3ff064e882623dd3e4ab1f24279e994d2e
Instruction Fuzzy Hash: EB019E62F0CE4382F7716AD76880BBE128DAF91774F0801BECE5D462B1DE6CE9858300

Function 00007FFE126D5E46 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: ecb2b89b5e7aa1af6933886f6cd76dfa94bf214193f3cb43210aadc99fb1fce7
Instruction ID: c0c41f5fb2c4bc762a7f0244a4523a8c1b9dd32c9d4aa43145c6f5ac81d66c16
Opcode Fuzzy Hash: ecb2b89b5e7aa1af6933886f6cd76dfa94bf214193f3cb43210aadc99fb1fce7
Instruction Fuzzy Hash: ABF08913B08A0F83F9529A067D417BD12416F41775F4D05F6DD8D0FAE1AEBD6C868200

Function 00007FFE126D5FBC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 651b008547de0a0734efe05499035938bc8e2b426924568dcd9034468eb89c87
Instruction ID: b5f6e1fac01226c58b96aeb1285064e8eaf43227bd4e81bb52d6b2c958242a92
Opcode Fuzzy Hash: 651b008547de0a0734efe05499035938bc8e2b426924568dcd9034468eb89c87
Instruction Fuzzy Hash: 31F08913B08A0F83F9539A067D417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5FB5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 651b008547de0a0734efe05499035938bc8e2b426924568dcd9034468eb89c87
Instruction ID: b5f6e1fac01226c58b96aeb1285064e8eaf43227bd4e81bb52d6b2c958242a92
Opcode Fuzzy Hash: 651b008547de0a0734efe05499035938bc8e2b426924568dcd9034468eb89c87
Instruction Fuzzy Hash: 31F08913B08A0F83F9539A067D417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5FAE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 651b008547de0a0734efe05499035938bc8e2b426924568dcd9034468eb89c87
Instruction ID: b5f6e1fac01226c58b96aeb1285064e8eaf43227bd4e81bb52d6b2c958242a92
Opcode Fuzzy Hash: 651b008547de0a0734efe05499035938bc8e2b426924568dcd9034468eb89c87
Instruction Fuzzy Hash: 31F08913B08A0F83F9539A067D417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D602B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: b0a2e04803684ab1046b6b72119038998ad8c3b2f1bd8de1f186fb5461de7af0
Instruction ID: 1c4432cd7b6349f1d0135f06d10094f50be44377df4a723f55965e3104b563b7
Opcode Fuzzy Hash: b0a2e04803684ab1046b6b72119038998ad8c3b2f1bd8de1f186fb5461de7af0
Instruction Fuzzy Hash: F4F05413B0890F82F9529A067C417BD12416F41775F4D05F2DD8D0FAE1AEBD6C868200

Function 00007FFE126D5C25 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: ecb2b89b5e7aa1af6933886f6cd76dfa94bf214193f3cb43210aadc99fb1fce7
Instruction ID: c0c41f5fb2c4bc762a7f0244a4523a8c1b9dd32c9d4aa43145c6f5ac81d66c16
Opcode Fuzzy Hash: ecb2b89b5e7aa1af6933886f6cd76dfa94bf214193f3cb43210aadc99fb1fce7
Instruction Fuzzy Hash: ABF08913B08A0F83F9529A067D417BD12416F41775F4D05F6DD8D0FAE1AEBD6C868200

Function 00007FFE126D5C1B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 52bddc3ceb909860e75a6136755f9cccd486d613cc30ae5d59a6bec256897139
Instruction ID: 2c09301333e7e061ff2ce14073a043598c22f75f565642e3daa76c52bd7e28b4
Opcode Fuzzy Hash: 52bddc3ceb909860e75a6136755f9cccd486d613cc30ae5d59a6bec256897139
Instruction Fuzzy Hash: D5F08913B08A0F83F9529A06BD417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5C11 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 7027c4c35489a5b710680c362744ee6bbf84f9fee4b5875ad56ece3a20df7e47
Instruction ID: cd0b7b99f5b08b9c63f518d502ab92a4dacaf1fbac4244d3dd0f5201ea5d18c4
Opcode Fuzzy Hash: 7027c4c35489a5b710680c362744ee6bbf84f9fee4b5875ad56ece3a20df7e47
Instruction Fuzzy Hash: A8F08913B08A0F83F9529A067D417BD12416F41775F4D05F6DD9D0F6E1AEBD6C868200

Function 00007FFE126D5C07 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: e6c6f4eb72822a7a18e31b5cbf2feec447158e6a93172f1e437b3715734c4219
Instruction ID: af28dc0a987c5eadfa041dc712e54d4abdeccfdd358ab17c276472c7c83d9d62
Opcode Fuzzy Hash: e6c6f4eb72822a7a18e31b5cbf2feec447158e6a93172f1e437b3715734c4219
Instruction Fuzzy Hash: EDF08913B08A0F87F9529A067D417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5BFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 5224d5ab997a7560d73d6d6af1e78d01773b4518d5cb3d20f5b7b8dad6205f8b
Instruction ID: f7e991e140601f4d8eeafeb0af900d11b7f935d8084fce3191abeb8a2445a14e
Opcode Fuzzy Hash: 5224d5ab997a7560d73d6d6af1e78d01773b4518d5cb3d20f5b7b8dad6205f8b
Instruction Fuzzy Hash: 2CF08913B08A0F83F9529A06BD417BD12416F41775F4D05F6DD8C0F6E1AEBD6C868200

Function 00007FFE126D5C70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: ecb2b89b5e7aa1af6933886f6cd76dfa94bf214193f3cb43210aadc99fb1fce7
Instruction ID: c0c41f5fb2c4bc762a7f0244a4523a8c1b9dd32c9d4aa43145c6f5ac81d66c16
Opcode Fuzzy Hash: ecb2b89b5e7aa1af6933886f6cd76dfa94bf214193f3cb43210aadc99fb1fce7
Instruction Fuzzy Hash: ABF08913B08A0F83F9529A067D417BD12416F41775F4D05F6DD8D0FAE1AEBD6C868200

Function 00007FFE126D5C66 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 52bddc3ceb909860e75a6136755f9cccd486d613cc30ae5d59a6bec256897139
Instruction ID: 2c09301333e7e061ff2ce14073a043598c22f75f565642e3daa76c52bd7e28b4
Opcode Fuzzy Hash: 52bddc3ceb909860e75a6136755f9cccd486d613cc30ae5d59a6bec256897139
Instruction Fuzzy Hash: D5F08913B08A0F83F9529A06BD417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 7027c4c35489a5b710680c362744ee6bbf84f9fee4b5875ad56ece3a20df7e47
Instruction ID: cd0b7b99f5b08b9c63f518d502ab92a4dacaf1fbac4244d3dd0f5201ea5d18c4
Opcode Fuzzy Hash: 7027c4c35489a5b710680c362744ee6bbf84f9fee4b5875ad56ece3a20df7e47
Instruction Fuzzy Hash: A8F08913B08A0F83F9529A067D417BD12416F41775F4D05F6DD9D0F6E1AEBD6C868200

Function 00007FFE126D5C52 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: e6c6f4eb72822a7a18e31b5cbf2feec447158e6a93172f1e437b3715734c4219
Instruction ID: af28dc0a987c5eadfa041dc712e54d4abdeccfdd358ab17c276472c7c83d9d62
Opcode Fuzzy Hash: e6c6f4eb72822a7a18e31b5cbf2feec447158e6a93172f1e437b3715734c4219
Instruction Fuzzy Hash: EDF08913B08A0F87F9529A067D417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5C48 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 5224d5ab997a7560d73d6d6af1e78d01773b4518d5cb3d20f5b7b8dad6205f8b
Instruction ID: f7e991e140601f4d8eeafeb0af900d11b7f935d8084fce3191abeb8a2445a14e
Opcode Fuzzy Hash: 5224d5ab997a7560d73d6d6af1e78d01773b4518d5cb3d20f5b7b8dad6205f8b
Instruction Fuzzy Hash: 2CF08913B08A0F83F9529A06BD417BD12416F41775F4D05F6DD8C0F6E1AEBD6C868200

Function 00007FFE126D5D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: ecb2b89b5e7aa1af6933886f6cd76dfa94bf214193f3cb43210aadc99fb1fce7
Instruction ID: c0c41f5fb2c4bc762a7f0244a4523a8c1b9dd32c9d4aa43145c6f5ac81d66c16
Opcode Fuzzy Hash: ecb2b89b5e7aa1af6933886f6cd76dfa94bf214193f3cb43210aadc99fb1fce7
Instruction Fuzzy Hash: ABF08913B08A0F83F9529A067D417BD12416F41775F4D05F6DD8D0FAE1AEBD6C868200

Function 00007FFE126D5D26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 52bddc3ceb909860e75a6136755f9cccd486d613cc30ae5d59a6bec256897139
Instruction ID: 2c09301333e7e061ff2ce14073a043598c22f75f565642e3daa76c52bd7e28b4
Opcode Fuzzy Hash: 52bddc3ceb909860e75a6136755f9cccd486d613cc30ae5d59a6bec256897139
Instruction Fuzzy Hash: D5F08913B08A0F83F9529A06BD417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5D1C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 7027c4c35489a5b710680c362744ee6bbf84f9fee4b5875ad56ece3a20df7e47
Instruction ID: cd0b7b99f5b08b9c63f518d502ab92a4dacaf1fbac4244d3dd0f5201ea5d18c4
Opcode Fuzzy Hash: 7027c4c35489a5b710680c362744ee6bbf84f9fee4b5875ad56ece3a20df7e47
Instruction Fuzzy Hash: A8F08913B08A0F83F9529A067D417BD12416F41775F4D05F6DD9D0F6E1AEBD6C868200

Function 00007FFE126D5D12 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: e6c6f4eb72822a7a18e31b5cbf2feec447158e6a93172f1e437b3715734c4219
Instruction ID: af28dc0a987c5eadfa041dc712e54d4abdeccfdd358ab17c276472c7c83d9d62
Opcode Fuzzy Hash: e6c6f4eb72822a7a18e31b5cbf2feec447158e6a93172f1e437b3715734c4219
Instruction Fuzzy Hash: EDF08913B08A0F87F9529A067D417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5D08 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 5224d5ab997a7560d73d6d6af1e78d01773b4518d5cb3d20f5b7b8dad6205f8b
Instruction ID: f7e991e140601f4d8eeafeb0af900d11b7f935d8084fce3191abeb8a2445a14e
Opcode Fuzzy Hash: 5224d5ab997a7560d73d6d6af1e78d01773b4518d5cb3d20f5b7b8dad6205f8b
Instruction Fuzzy Hash: 2CF08913B08A0F83F9529A06BD417BD12416F41775F4D05F6DD8C0F6E1AEBD6C868200

Function 00007FFE126D5E3C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 52bddc3ceb909860e75a6136755f9cccd486d613cc30ae5d59a6bec256897139
Instruction ID: 2c09301333e7e061ff2ce14073a043598c22f75f565642e3daa76c52bd7e28b4
Opcode Fuzzy Hash: 52bddc3ceb909860e75a6136755f9cccd486d613cc30ae5d59a6bec256897139
Instruction Fuzzy Hash: D5F08913B08A0F83F9529A06BD417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5E32 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 7027c4c35489a5b710680c362744ee6bbf84f9fee4b5875ad56ece3a20df7e47
Instruction ID: cd0b7b99f5b08b9c63f518d502ab92a4dacaf1fbac4244d3dd0f5201ea5d18c4
Opcode Fuzzy Hash: 7027c4c35489a5b710680c362744ee6bbf84f9fee4b5875ad56ece3a20df7e47
Instruction Fuzzy Hash: A8F08913B08A0F83F9529A067D417BD12416F41775F4D05F6DD9D0F6E1AEBD6C868200

Function 00007FFE126D5E28 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: e6c6f4eb72822a7a18e31b5cbf2feec447158e6a93172f1e437b3715734c4219
Instruction ID: af28dc0a987c5eadfa041dc712e54d4abdeccfdd358ab17c276472c7c83d9d62
Opcode Fuzzy Hash: e6c6f4eb72822a7a18e31b5cbf2feec447158e6a93172f1e437b3715734c4219
Instruction Fuzzy Hash: EDF08913B08A0F87F9529A067D417BD12416F41775F4D05F6DD8D0F6E1AEBD6C868200

Function 00007FFE126D5E1E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE126D5FD0

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE126D600C
fs_file_read, xrefs: 00007FFE126D6005

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 5224d5ab997a7560d73d6d6af1e78d01773b4518d5cb3d20f5b7b8dad6205f8b
Instruction ID: f7e991e140601f4d8eeafeb0af900d11b7f935d8084fce3191abeb8a2445a14e
Opcode Fuzzy Hash: 5224d5ab997a7560d73d6d6af1e78d01773b4518d5cb3d20f5b7b8dad6205f8b
Instruction Fuzzy Hash: 2CF08913B08A0F83F9529A06BD417BD12416F41775F4D05F6DD8C0F6E1AEBD6C868200

Function 00007FFE11502237 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 5709c0765b6f8496f8df3a7eccd76d6d0a261959c6e34066c548116b593456d8
Instruction ID: 5cc0175fb2c42c4725221c9bc5a0f6358e1db8c89ccdb41a7118a0f19a9e5e80
Opcode Fuzzy Hash: 5709c0765b6f8496f8df3a7eccd76d6d0a261959c6e34066c548116b593456d8
Instruction Fuzzy Hash: 48F08263B09E0341FB539A46B9517BD124A2F817B5E4A05B9CD5D0E6F1EF3DA8869200

Function 00007FFE1150222D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 21e72524f4de20b60197deac3f47e72fc40ad3756a2ba98f2743e3b9b0231261
Instruction ID: 385a699bc1e65567d4f59795ce288a04c013e145004f3b635dfbf8b976148e1a
Opcode Fuzzy Hash: 21e72524f4de20b60197deac3f47e72fc40ad3756a2ba98f2743e3b9b0231261
Instruction Fuzzy Hash: 69F08C63F09E0341FB539A46B9517BD128A2F817B5E4A05BACD5C0E6F1EF3DA8869200

Function 00007FFE115025EC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1ef5e7788548105050074cc7d457cb1886e5be0a844f57c89e2bed23bb7e37e0
Instruction ID: 158e8e66602e835f204b1aab700f6c55d453a605df66dc88a44eee78b4727910
Opcode Fuzzy Hash: 1ef5e7788548105050074cc7d457cb1886e5be0a844f57c89e2bed23bb7e37e0
Instruction Fuzzy Hash: 12F0EC23B08E0341FB539A46B8507BD028A2F807B4E4A05BACD4C0E2F1EF3DA8828200

Function 00007FFE115025E5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1ef5e7788548105050074cc7d457cb1886e5be0a844f57c89e2bed23bb7e37e0
Instruction ID: 158e8e66602e835f204b1aab700f6c55d453a605df66dc88a44eee78b4727910
Opcode Fuzzy Hash: 1ef5e7788548105050074cc7d457cb1886e5be0a844f57c89e2bed23bb7e37e0
Instruction Fuzzy Hash: 12F0EC23B08E0341FB539A46B8507BD028A2F807B4E4A05BACD4C0E2F1EF3DA8828200

Function 00007FFE115025DE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1ef5e7788548105050074cc7d457cb1886e5be0a844f57c89e2bed23bb7e37e0
Instruction ID: 158e8e66602e835f204b1aab700f6c55d453a605df66dc88a44eee78b4727910
Opcode Fuzzy Hash: 1ef5e7788548105050074cc7d457cb1886e5be0a844f57c89e2bed23bb7e37e0
Instruction Fuzzy Hash: 12F0EC23B08E0341FB539A46B8507BD028A2F807B4E4A05BACD4C0E2F1EF3DA8828200

Function 00007FFE11502458 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 5709c0765b6f8496f8df3a7eccd76d6d0a261959c6e34066c548116b593456d8
Instruction ID: 5cc0175fb2c42c4725221c9bc5a0f6358e1db8c89ccdb41a7118a0f19a9e5e80
Opcode Fuzzy Hash: 5709c0765b6f8496f8df3a7eccd76d6d0a261959c6e34066c548116b593456d8
Instruction Fuzzy Hash: 48F08263B09E0341FB539A46B9517BD124A2F817B5E4A05B9CD5D0E6F1EF3DA8869200

Function 00007FFE1150244E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 21e72524f4de20b60197deac3f47e72fc40ad3756a2ba98f2743e3b9b0231261
Instruction ID: 385a699bc1e65567d4f59795ce288a04c013e145004f3b635dfbf8b976148e1a
Opcode Fuzzy Hash: 21e72524f4de20b60197deac3f47e72fc40ad3756a2ba98f2743e3b9b0231261
Instruction Fuzzy Hash: 69F08C63F09E0341FB539A46B9517BD128A2F817B5E4A05BACD5C0E6F1EF3DA8869200

Function 00007FFE11502476 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 3dea84561a08eda02289668b5a23641fe69872ad0f932d5545ca6a8a00d9cad3
Instruction ID: b53a2962233827cbdf3ef57d6807b30313552aa38b22123fc0d0bb676225770d
Opcode Fuzzy Hash: 3dea84561a08eda02289668b5a23641fe69872ad0f932d5545ca6a8a00d9cad3
Instruction Fuzzy Hash: 25F08263B09E0341FB539A46B9517BD124A2F817B5E4A05BACD5D0E6F1EF3DA8869200

Function 00007FFE1150246C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 04483584c3d709d6abb3ad9167d0459b9fcb057600e22160db0457c365a132de
Instruction ID: 1a14a1b171110b43eb99972a0218b7405ffe3b76348b4cf5b14245e5ec41c090
Opcode Fuzzy Hash: 04483584c3d709d6abb3ad9167d0459b9fcb057600e22160db0457c365a132de
Instruction Fuzzy Hash: AAF08C63F09E0341FB539A46B9517BD128A2F817B5E4A05BACD5D0E6F1EF3DA8869200

Function 00007FFE11502462 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FFE11502600

Strings

fs_file_read, xrefs: 00007FFE11502635
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FFE1150263C

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 4ff5b688d0eeb14e3199faf831a151054604e1485ebc29b41b24802f0f268173
Instruction ID: bcae75193750e0b87704b3810a703e7f105d74078f01733b97a0ad8dcf8cced5
Opcode Fuzzy Hash: 4ff5b688d0eeb14e3199faf831a151054604e1485ebc29b41b24802f0f268173
Instruction Fuzzy Hash: 60F08C63B09E0341FB539A46B9517BD128A2F817B5E4A05BACD5D0F6F1EF3DA8869200

Function 00007FFE1150815A Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE1150810C

Strings

scm_start, xrefs: 00007FFE11507F33
[E] (%s) -> Service start failed(lpServiceName=%s,err=%08x), xrefs: 00007FFE11507F3A

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
API String ID: 1725840886-2678404757
Opcode ID: 519a86a81fc24fe0f0d928815388edf54c40d8e89bece97ed147f38440b7f34e
Instruction ID: d492b5ba31d4f7af08dfb2a4710081c8a33d8002a05717de6f3ede8c1a32feee
Opcode Fuzzy Hash: 519a86a81fc24fe0f0d928815388edf54c40d8e89bece97ed147f38440b7f34e
Instruction Fuzzy Hash: 30F05432E0CD1382FB625B96A5409BC12595F01BB8F0901FDCDAE576F0DD2CAC86D381

Function 00007FFE11508061 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE1150810C

Strings

scm_start, xrefs: 00007FFE11507F33
[E] (%s) -> Service start failed(lpServiceName=%s,err=%08x), xrefs: 00007FFE11507F3A

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
API String ID: 1725840886-2678404757
Opcode ID: c39ec0f83fba0b7bb5aab92eed5ff1988cfd920119d1b498418e2ae0e516b84a
Instruction ID: ddbb000c03f675914780a7a1b62dd919bfafaa354e6b0b61771f34263f63f186
Opcode Fuzzy Hash: c39ec0f83fba0b7bb5aab92eed5ff1988cfd920119d1b498418e2ae0e516b84a
Instruction Fuzzy Hash: 1FF05432E0CD1382FB725B96A5409BC12595F01BB8F0911FCCDAE576F1ED2DA881D381

Function 00007FFE11508043 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE1150810C

Strings

scm_start, xrefs: 00007FFE11507F33
[E] (%s) -> Service start failed(lpServiceName=%s,err=%08x), xrefs: 00007FFE11507F3A

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
API String ID: 1725840886-2678404757
Opcode ID: a7ee9a9b2b16f88340efb8a0b2b52e36d0927bfe179ea8e4806cd418094a4123
Instruction ID: aa6c6e224b2280a7d44b4ef257fbceb28c4ef4d18a2f248c3da1fe7365e5f4e7
Opcode Fuzzy Hash: a7ee9a9b2b16f88340efb8a0b2b52e36d0927bfe179ea8e4806cd418094a4123
Instruction Fuzzy Hash: 9DF05432E0CD1382FB625B96A5409BC12595F01BB8F0911FDCDAE576F1ED2CAC81D381

Function 00007FFE1150804D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE1150810C

Strings

scm_start, xrefs: 00007FFE11507F33
[E] (%s) -> Service start failed(lpServiceName=%s,err=%08x), xrefs: 00007FFE11507F3A

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
API String ID: 1725840886-2678404757
Opcode ID: d49c7b6acef5f8fc4d26a5d8f535081e48d87aeb39909334141a3080d2214463
Instruction ID: 518bfeb42af71910a2d1474d6b0f49af8833513620aceb7e0b6ca521c6b89580
Opcode Fuzzy Hash: d49c7b6acef5f8fc4d26a5d8f535081e48d87aeb39909334141a3080d2214463
Instruction Fuzzy Hash: C6F05432E0CD1382FB625B96A5409BC12595F01BB8F0911FDCDAE576F1ED2CAC81D391

Function 00007FFE11508129 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31serviceCOMMON

Download Yara Rule

APIs

CloseServiceHandle.ADVAPI32 ref: 00007FFE1150810C

Strings

scm_start, xrefs: 00007FFE11507F33
[E] (%s) -> Service start failed(lpServiceName=%s,err=%08x), xrefs: 00007FFE11507F3A

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: CloseHandleService
String ID: [E] (%s) -> Service start failed(lpServiceName=%s,err=%08x)$scm_start
API String ID: 1725840886-2678404757
Opcode ID: 519a86a81fc24fe0f0d928815388edf54c40d8e89bece97ed147f38440b7f34e
Instruction ID: d492b5ba31d4f7af08dfb2a4710081c8a33d8002a05717de6f3ede8c1a32feee
Opcode Fuzzy Hash: 519a86a81fc24fe0f0d928815388edf54c40d8e89bece97ed147f38440b7f34e
Instruction Fuzzy Hash: 30F05432E0CD1382FB625B96A5409BC12595F01BB8F0901FDCDAE576F0DD2CAC86D381

Function 00007FFE126DC4B5 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC565

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC585
registry_set_value, xrefs: 00007FFE126DC57E

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: cc422ce8ee68a8959793c21b2fdc4b79ac324035df3c0b44995fd49cc8f8ba1c
Instruction ID: 5d1746f5e6f1740753d032d398d0aba7f0e1f5a4d897220eebd0f80c710d1574
Opcode Fuzzy Hash: cc422ce8ee68a8959793c21b2fdc4b79ac324035df3c0b44995fd49cc8f8ba1c
Instruction Fuzzy Hash: FDE01252A0CE0E82F651DF56FC000792214EF90BB5F4411F5DD8E425F5EEACE9899305

Function 00007FFE126DC4BF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC565

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC585
registry_set_value, xrefs: 00007FFE126DC57E

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: d0c45932989ffefb138983b759f83f943f427ff6741bc40ce204d7911cdd7924
Instruction ID: faee86d66b4b3fcab3f7e3d9db735c0cebb954268fd1cee8a6e1561bcd0e963d
Opcode Fuzzy Hash: d0c45932989ffefb138983b759f83f943f427ff6741bc40ce204d7911cdd7924
Instruction Fuzzy Hash: 46E04852A0CD0E82F651DF57FC001792214EF90BB0F4411F5DD8E425F4DEACE5899304

Function 00007FFE126DC596 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC565

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC585
registry_set_value, xrefs: 00007FFE126DC57E

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: e7af9f531cdda218fbdddf15989a8a8fcdeb87563891bd7e896eacbffbfd5397
Instruction ID: 80a96f12aa45f2a6dd2bba5545d98aee7e5f76fd834fcf770fbc095c5ecd1b3e
Opcode Fuzzy Hash: e7af9f531cdda218fbdddf15989a8a8fcdeb87563891bd7e896eacbffbfd5397
Instruction Fuzzy Hash: 63E01252A0CE0E82F651DF56FC000782214EF907B4F4451F5DD8E425F4DEACE9899305

Function 00007FFE126DC554 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC565

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC585
registry_set_value, xrefs: 00007FFE126DC57E

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: 52ec67bb2cd6948e4ba0fba69181c63a6a7864344478762952f3758870e9c4cc
Instruction ID: 78ad7917269a87940544a9760024406708de67ea74e96a91883473f551451555
Opcode Fuzzy Hash: 52ec67bb2cd6948e4ba0fba69181c63a6a7864344478762952f3758870e9c4cc
Instruction Fuzzy Hash: E1E01252A0CE0E82F651DF56FC001796214EF90BB4F4411F5DD8E425F4DEACE9899305

Function 00007FFE126DC546 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC565

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC585
registry_set_value, xrefs: 00007FFE126DC57E

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: 50fdb24fed43a9ced9cc134ccbb0a60065d76e948486d6e738506ef65be9f7f6
Instruction ID: 087f8fd927027f5d72cd827a7642a4149258c8efa8d0813c73eb4ce9f97eb244
Opcode Fuzzy Hash: 50fdb24fed43a9ced9cc134ccbb0a60065d76e948486d6e738506ef65be9f7f6
Instruction Fuzzy Hash: 9AE01252A0CE0E82F651DF56FC000792214EF90BB4F4411F5DD8E425F4DEACEA899305

Function 00007FFE11505C76 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11505C45

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE11505C65
registry_set_value, xrefs: 00007FFE11505C5E

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: f30cd13dbcdb34b275e08cb9c0a1b4bf37e0cf362818ecba85d79cd8ea6bc73c
Instruction ID: f067f8b056b94eb08f7a6060986198247fe4cc850beed6a37cd0adead82d78a8
Opcode Fuzzy Hash: f30cd13dbcdb34b275e08cb9c0a1b4bf37e0cf362818ecba85d79cd8ea6bc73c
Instruction Fuzzy Hash: 08E01262A1CF0681F762AB82FC400BD2358EF807B9F4441B9DD4E466B19E7CDAC9D305

Function 00007FFE126DC131 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC1D7

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC1F7
registry_del_value, xrefs: 00007FFE126DC1F0

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: 4e5aa02ca7c9843f842698dd8ece679557bb6567bdaef6c7e70fa2f570dc5ecf
Instruction ID: 04cb1e8ae5bccaa847565cdd91169dd3d2473a7b2950a74dfb62ffa45a931eaa
Opcode Fuzzy Hash: 4e5aa02ca7c9843f842698dd8ece679557bb6567bdaef6c7e70fa2f570dc5ecf
Instruction Fuzzy Hash: C8E04F61A4CE4E82F522AF56FC402B92214FF90BB4F4400B5ED8E465F49EADEA899340

Function 00007FFE126DC127 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC1D7

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC1F7
registry_del_value, xrefs: 00007FFE126DC1F0

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: 7034be72048aec7c00143ac9ce14abb55da6642a4719b0dcd64bb02a88672d65
Instruction ID: f82dfc34e9502e031b1669e1d486613813471c975e860acc0399e13397d569d1
Opcode Fuzzy Hash: 7034be72048aec7c00143ac9ce14abb55da6642a4719b0dcd64bb02a88672d65
Instruction Fuzzy Hash: B2E0D861A4CE0E82F521DF12FC001792204FF80BB4F4400B1ED8E025F49DACE9899300

Function 00007FFE126DC1B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC1D7

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC1F7
registry_del_value, xrefs: 00007FFE126DC1F0

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: da65e3582d5bee4f70acca21ab3bed44824ff8daa4ea177b503a265cbcb84fb9
Instruction ID: cd2449a0878862abbc280cb895daa7037d9eeedcc88fbe5b4b02c50032be36ea
Opcode Fuzzy Hash: da65e3582d5bee4f70acca21ab3bed44824ff8daa4ea177b503a265cbcb84fb9
Instruction Fuzzy Hash: BCE04F61A4CE4E82F522EF56FC401B92214FF90BB4F4400B5ED8E466F49EADEA899341

Function 00007FFE126DC208 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC1D7

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC1F7
registry_del_value, xrefs: 00007FFE126DC1F0

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: 4f5cfa6df5a0aa0a7afd4c4dee5a8abe4dc35c94694f4bfeac8150aeffe7ff31
Instruction ID: 63c04419a6fef277f67dae1c786f24770d0c7e40c6972a654a71796817561398
Opcode Fuzzy Hash: 4f5cfa6df5a0aa0a7afd4c4dee5a8abe4dc35c94694f4bfeac8150aeffe7ff31
Instruction Fuzzy Hash: F5E0D861A4CE0E82F521DF12FC401792204FF80BB4F4400B1ED8E025F49DADE9899300

Function 00007FFE126DC1C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126DC1D7

Part of subcall function 00007FFE126D1352: fwrite.MSVCRT ref: 00007FFE126D13FE
Part of subcall function 00007FFE126D1352: fflush.MSVCRT ref: 00007FFE126D140A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126DC1F7
registry_del_value, xrefs: 00007FFE126DC1F0

Memory Dump Source

Source File: 0000000E.00000002.2484217372.00007FFE126D1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FFE126D0000, based on PE: true

Associated: 0000000E.00000002.2484179322.00007FFE126D0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484275825.00007FFE126E2000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484307514.00007FFE126EB000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484396562.00007FFE126EE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484448384.00007FFE126EF000.00000008.00000001.01000000.00000008.sdmpDownload File
Associated: 0000000E.00000002.2484498239.00007FFE126F2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe126d0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: 795eca84448f132f94cc4907e02e8ff1cd009b933e2d03c3c54d4f87f65ecc77
Instruction ID: a1e28a8f34adce67b16de0b7ce68fbd231c532172eb6135026162bf5d751e3f5
Opcode Fuzzy Hash: 795eca84448f132f94cc4907e02e8ff1cd009b933e2d03c3c54d4f87f65ecc77
Instruction Fuzzy Hash: 2DE04F61A4CE4E83F522EF56FC401B96214FF90BB4F4400B5ED8E466F49EADEA899350

Function 00007FFE11505898 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE115058B7

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE115058D7
registry_del_value, xrefs: 00007FFE115058D0

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: 5d6129e3ec844c67532fc437771ab920fdd01362ef31499ba0784a8a643b47c4
Instruction ID: 83b66e03a39f1ea9110847a67411b0a4320cf4ce3280c8b2564764374cd9af0a
Opcode Fuzzy Hash: 5d6129e3ec844c67532fc437771ab920fdd01362ef31499ba0784a8a643b47c4
Instruction Fuzzy Hash: 6DE04862A1CE0681F7625B92FC000BD321CFF407F8F4400B9DD4E466719E2CE7C99241

Function 00007FFE115058A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE115058B7

Part of subcall function 00007FFE1150C852: fwrite.MSVCRT ref: 00007FFE1150C8FE
Part of subcall function 00007FFE1150C852: fflush.MSVCRT ref: 00007FFE1150C90A

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE115058D7
registry_del_value, xrefs: 00007FFE115058D0

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: 0f759002f524cc00935ec0c9206375d4caee05aa24c77603e7d1fbd4b10431a4
Instruction ID: fe9ddc353c504cfaa3d9e922c11ed661fdb5a4f18b3ab56317a649dc9fda0a0e
Opcode Fuzzy Hash: 0f759002f524cc00935ec0c9206375d4caee05aa24c77603e7d1fbd4b10431a4
Instruction Fuzzy Hash: 81E04862A1CE0681F7625B92FC001BD721CFF407F8F4400B9DD4E466719E2CE6C99650

Function 00007FFE11507607 Relevance: 5.0, APIs: 4, Instructions: 33memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE1150763D
HeapFree.KERNEL32 ref: 00007FFE1150764E
GetProcessHeap.KERNEL32 ref: 00007FFE11507662
HeapFree.KERNEL32 ref: 00007FFE11507673

Memory Dump Source

Source File: 0000000E.00000002.2483588049.00007FFE11501000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 0000000E.00000002.2483515591.00007FFE11500000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483632071.00007FFE11516000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483680951.00007FFE11520000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483730130.00007FFE11523000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000E.00000002.2483779800.00007FFE11524000.00000008.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 52071573abfc37b688244c61e326d04804cb9da7333af29a775557c74bcfae91
Instruction ID: f0dc974a7bb283af8f010e42ec9d1b12c1d65f1c7ddbecae145bbdfbfd482eb3
Opcode Fuzzy Hash: 52071573abfc37b688244c61e326d04804cb9da7333af29a775557c74bcfae91
Instruction Fuzzy Hash: 7901FF6290EE42D1FF945B97E85437822A9AF48BB5F4C04B8CA8E467B1DF3CA544C612

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use hidden users to hide the presence of user accounts they create or modify. Administrators may want to hide users when there are many user accounts on a given system or if they want to hide their administrative or other management accounts from other users.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as `sc query` , `tasklist /svc` , `systemctl --type=service` , and `net start` .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report QTmGYKK6SL.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_main.exe_812666da5b2f51c4c16d2b07f719a7c78639de5_61e28721_b69b9da0-b8cd-49e8-a98d-ee4ba4c1be48\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4A20.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B4A.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4B8A.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4BB6.tmp.csv

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4C06.tmp.txt

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ZsL2hKzmRChz.acl

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\u3cozamv2napan6s563do2h7pnvzklvqd43ogmp2xjqrbfpnktra.dat

Windows Analysis Report
QTmGYKK6SL.exe

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre