Edit tour

Windows Analysis Report
A74lw30K2g.exe

Overview

General Information

Sample name:	A74lw30K2g.exe renamed because original name is a hash value
Original sample name:	80efe3fa59592ab4d895db396ced8d10.exe
Analysis ID:	1589403
MD5:	80efe3fa59592ab4d895db396ced8d10
SHA1:	0a35c3b26b86188908cd3d60db68c43fa211f4b0
SHA256:	69e0e00babc6365144a98c2866353ef973b7dfe69ae37068f807d4b12c017161
Tags:	exeValleyRATuser-abuse_ch
Infos:

Detection

GhostRat

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected GhostRat

AI detected suspicious sample

Contains functionality to capture and log keystrokes

Contains functionality to inject code into remote processes

Contains functionality to inject threads in other processes

Creates an autostart registry key pointing to binary in C:\Windows

Found evasive API chain (may stop execution after checking mutex)

Found stalling execution ending in API Sleep call

Sample is not signed and drops a device driver

Sigma detected: Potentially Suspicious Malware Callback Communication

Tries to detect sandboxes / dynamic malware analysis system (QueryWinSAT)

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Checks for available system drives (often done to infect USB drives)

Contains functionality for read data from the clipboard

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)

Contains functionality to clear windows event logs (to hide its activities)

Contains functionality to communicate with device drivers

Contains functionality to dynamically determine API calls

Contains functionality to enumerate process and check for explorer.exe or svchost.exe (often used for thread injection)

Contains functionality to modify clipboard data

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the clipboard data

Contains functionality to record screenshots

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a DirectInput object (often for capturing keystrokes)

Creates driver files

Detected non-DNS traffic on DNS port

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found decision node followed by non-executed suspicious APIs

Found evasive API chain checking for process token information

Installs a global mouse hook

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Sigma detected: CurrentVersion Autorun Keys Modification

Stores large binary data to the registry

Classification

Process Tree

System is w10x64

A74lw30K2g.exe (PID: 7496 cmdline: "C:\Users\user\Desktop\A74lw30K2g.exe" MD5: 80EFE3FA59592AB4D895DB396CED8D10)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
A74lw30K2g.exe	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: A74lw30K2g.exe PID: 7496	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security

Unpacked PEs

Source	Rule	Description	Author	Strings
0.0.A74lw30K2g.exe.7ff6297d0000.0.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security
0.2.A74lw30K2g.exe.7ff6297d0000.8.unpack	JoeSecurity_GhostRat	Yara detected GhostRat	Joe Security

Sigma Signatures

System Summary

Sigma detected: Potentially Suspicious Malware Callback Communication

Source: Network Connection

Author: Florian Roth (Nextron Systems): Data: DestinationIp: 192.238.132.117, DestinationIsIpv6: false, DestinationPort: 4433, EventID: 3, Image: C:\Users\user\Desktop\A74lw30K2g.exe, Initiated: true, ProcessId: 7496, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: , EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\A74lw30K2g.exe, ProcessId: 7496, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CleanTempTrash

Suricata Signatures

ET MALWARE Anonymous RAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-12T08:32:08.202281+0100	2052875	1	A Network Trojan was detected	192.168.2.4	49730	192.238.132.117	4433	TCP
2025-01-12T08:33:11.269672+0100	2052875	1	A Network Trojan was detected	192.168.2.4	49730	192.238.132.117	4433	TCP
2025-01-12T08:34:45.059992+0100	2052875	1	A Network Trojan was detected	192.168.2.4	61740	192.238.132.117	4433	TCP
2025-01-12T08:35:49.021455+0100	2052875	1	A Network Trojan was detected	192.168.2.4	61743	192.238.132.117	10443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: A74lw30K2g.exe	ReversingLabs: Detection: 75%
Source: A74lw30K2g.exe	Virustotal: Detection: 70%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 99.9% probability

Source: A74lw30K2g.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File opened: [:	Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018002262C FindFirstFileExW,	0_3_000000018002262C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DF410 GetLastInputInfo,GetTickCount,wsprintfW,GetForegroundWindow,GetWindowTextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,SHGetFolderPathW,lstrcatW,CreateFileW,lstrlenW,WriteFile,CloseHandle,FindFirstFileW,FindClose,_invalid_parameter_noinfo_noreturn,	0_2_00007FF6297DF410
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629803EF0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF629803EF0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297D62F0 gethostname,gethostbyname,inet_ntoa,inet_ntoa,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,LoadLibraryW,GetProcAddress,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,FreeLibrary,GetSystemInfo,wsprintfW,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetForegroundWindow,GetWindowTextW,lstrlenW,GetLocalTime,wsprintfW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,OpenProcess,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,lstrcmpiW,lstrcmpiW,QueryDosDeviceW,lstrlenW,lstrcpyW,CloseHandle,CoInitializeEx,CoCreateInstance,SysFreeString,CoUninitialize,RegOpenKeyExW,RegQueryInfoKeyW,RegEnumKeyExW,lstrlenW,lstrlenW,RegCloseKey,lstrlenW,GetTickCount,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,lstrcpyW,lstrcatW,lstrlenW,GetLocalTime,wsprintfW,RegOpenKeyExW,RegDeleteValueW,RegCloseKey,RegCreateKeyW,lstrlenW,RegSetValueExW,RegCloseKey,RegCloseKey,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,

0_2_00007FF6297D62F0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:49730 -> 192.238.132.117:4433
Source: Network traffic	Suricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:61740 -> 192.238.132.117:4433
Source: Network traffic	Suricata IDS: 2052875 - Severity 1 - ET MALWARE Anonymous RAT CnC Checkin : 192.168.2.4:61743 -> 192.238.132.117:10443

Source: global traffic

TCP traffic: 192.168.2.4:61472 -> 1.1.1.1:53

Source: Joe Sandbox View

ASN Name: LEASEWEB-USA-LAX-11US LEASEWEB-USA-LAX-11US

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297D3B00 select,recv,timeGetTime,

0_2_00007FF6297D3B00

Source: global traffic

DNS traffic detected: DNS query: huazai789.top

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to capture and log keystrokes

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: [esc]

0_2_00007FF6297DADB0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297E0E20 _invalid_parameter_noinfo_noreturn,lstrlenW,Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalUnlock,CloseClipboard,CloseClipboard,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,SetClipboardData,CloseClipboard,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF6297E0E20

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297E0E20

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297E0E20

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297DFD10 GetVersion,GetDesktopWindow,GetDC,CreateCompatibleDC,GetDC,GetDeviceCaps,GetDeviceCaps,ReleaseDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,CreateCompatibleBitmap,SelectObject,SetStretchBltMode,GetSystemMetrics,GetSystemMetrics,StretchBlt,GetDIBits,DeleteObject,DeleteObject,ReleaseDC,DeleteObject,DeleteObject,ReleaseDC,_invalid_parameter_noinfo_noreturn,

0_2_00007FF6297DFD10

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297D7250 MultiByteToWideChar,MultiByteToWideChar,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,CreateMutexExW,GetLastError,Sleep,CreateMutexW,GetLastError,lstrlenW,lstrcmpW,SleepEx,GetModuleHandleW,GetConsoleWindow,SHGetFolderPathW,lstrcatW,CreateMutexW,WaitForSingleObject,CreateFileW,GetFileSize,CloseHandle,DeleteFileW,ReleaseMutex,DirectInput8Create,GetTickCount,GetKeyState,

0_2_00007FF6297D7250

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Windows user hook set: 0 mouse low level C:\Windows\SYSTEM32\DINPUT8.dll

Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297EC2E0: wsprintfW,CreateFileW,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,CloseHandle,CloseHandle,

0_2_00007FF6297EC2E0

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DE4EE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,ExitWindowsEx,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,	0_2_00007FF6297DE4EE
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DE46D GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,ExitWindowsEx,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,	0_2_00007FF6297DE46D
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DE3E9 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,ExitWindowsEx,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,	0_2_00007FF6297DE3E9

Source: C:\Users\user\Desktop\A74lw30K2g.exe

File created: C:\ProgramData\kernelquick.sys

Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180024114	0_3_0000000180024114
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_00000001800181DC	0_3_00000001800181DC
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180012A04	0_3_0000000180012A04
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180026A14	0_3_0000000180026A14
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180011A3C	0_3_0000000180011A3C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_00000001800192A8	0_3_00000001800192A8
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_00000001800212CC	0_3_00000001800212CC
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180016AF0	0_3_0000000180016AF0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018001630C	0_3_000000018001630C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018001B420	0_3_000000018001B420
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180011C40	0_3_0000000180011C40
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_00000001800124F8	0_3_00000001800124F8
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018001CCFC	0_3_000000018001CCFC
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180019DBC	0_3_0000000180019DBC
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180003600	0_3_0000000180003600
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018002262C	0_3_000000018002262C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180011E44	0_3_0000000180011E44
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180015660	0_3_0000000180015660
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018001973C	0_3_000000018001973C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018002579C	0_3_000000018002579C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D62F0	0_2_00007FF6297D62F0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D7250	0_2_00007FF6297D7250
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D79E0	0_2_00007FF6297D79E0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EB500	0_2_00007FF6297EB500
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D1500	0_2_00007FF6297D1500
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DFD10	0_2_00007FF6297DFD10
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F8C10	0_2_00007FF6297F8C10
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DF410	0_2_00007FF6297DF410
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DCD40	0_2_00007FF6297DCD40
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EAD80	0_2_00007FF6297EAD80
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EA5A0	0_2_00007FF6297EA5A0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629801DA8	0_2_00007FF629801DA8
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D8040	0_2_00007FF6297D8040
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297FD320	0_2_00007FF6297FD320
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D9320	0_2_00007FF6297D9320
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297E9250	0_2_00007FF6297E9250
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297FF21C	0_2_00007FF6297FF21C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F6228	0_2_00007FF6297F6228
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF62980714C	0_2_00007FF62980714C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F5168	0_2_00007FF6297F5168
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297FA4F8	0_2_00007FF6297FA4F8
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297FC51C	0_2_00007FF6297FC51C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629805D34	0_2_00007FF629805D34
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297FFD30	0_2_00007FF6297FFD30
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297FAC80	0_2_00007FF6297FAC80
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DB410	0_2_00007FF6297DB410
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DD410	0_2_00007FF6297DD410
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F7340	0_2_00007FF6297F7340
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297FB350	0_2_00007FF6297FB350
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F536C	0_2_00007FF6297F536C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297E2EC0	0_2_00007FF6297E2EC0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629803EF0	0_2_00007FF629803EF0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D2E50	0_2_00007FF6297D2E50
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297FF6B0	0_2_00007FF6297FF6B0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F4D58	0_2_00007FF6297F4D58
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F5578	0_2_00007FF6297F5578
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629808584	0_2_00007FF629808584
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DADB0	0_2_00007FF6297DADB0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F65AC	0_2_00007FF6297F65AC
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297E78F0	0_2_00007FF6297E78F0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297E0900	0_2_00007FF6297E0900
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629802024	0_2_00007FF629802024
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629802744	0_2_00007FF629802744
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F6F3C	0_2_00007FF6297F6F3C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629803760	0_2_00007FF629803760
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F4F5C	0_2_00007FF6297F4F5C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F577C	0_2_00007FF6297F577C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D97A0	0_2_00007FF6297D97A0

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/1@1/1

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EB500 SleepEx,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,RegOpenKeyExW,RegDeleteValueW,RegSetValueExW,RegCloseKey,SleepEx,CreateEventA,Sleep,Sleep,CloseHandle,_invalid_parameter_noinfo_noreturn,IsDebuggerPresent,LoadLibraryW,GetProcAddress,FreeLibrary,GetLocalTime,wsprintfW,CreateFileW,FreeLibrary,GetCurrentThreadId,GetCurrentProcessId,GetCurrentProcess,CloseHandle,FreeLibrary,	0_2_00007FF6297EB500
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297D9320 GetSystemDirectoryA,CreateProcessA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,OpenProcess,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,GetModuleFileNameA,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,ResumeThread,	0_2_00007FF6297D9320
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DE4EE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,ExitWindowsEx,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,	0_2_00007FF6297DE4EE
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DE46D GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,ExitWindowsEx,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,	0_2_00007FF6297DE46D
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DE3E9 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,ExitWindowsEx,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,CloseHandle,CloseHandle,	0_2_00007FF6297DE3E9

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Mutant created: \Sessions\1\BaseNamedObjects\????

Source: A74lw30K2g.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: A74lw30K2g.exe	ReversingLabs: Detection: 75%
Source: A74lw30K2g.exe	Virustotal: Detection: 70%

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: dinput8.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: devenum.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: devobj.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: msdmo.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}\InprocServer32

Jump to behavior

Source: A74lw30K2g.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: A74lw30K2g.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: A74lw30K2g.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Persistence and Installation Behavior

Sample is not signed and drops a device driver

Source: C:\Users\user\Desktop\A74lw30K2g.exe

File created: C:\ProgramData\kernelquick.sys

Jump to behavior

Boot Survival

Creates an autostart registry key pointing to binary in C:\Windows

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CleanTempTrash

Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CleanTempTrash			Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run CleanTempTrash			Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297DE36A OpenEventLogW,ClearEventLogW,CloseEventLog,

0_2_00007FF6297DE36A

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE VenkernalData_info

Jump to behavior

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking mutex)

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Evasive API call chain: CreateMutex,DecisionNodes,Sleep

graph_0-21452

Found stalling execution ending in API Sleep call

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Stalling execution: Execution stalls by calling Sleep

graph_0-21758

Tries to detect sandboxes / dynamic malware analysis system (QueryWinSAT)

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05DF8D13-C355-47F4-A11E-851B338CEFB8}

Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Window / User API: threadDelayed 1448	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Window / User API: threadDelayed 3393	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Window / User API: threadDelayed 4599	Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_0-21483

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Check user administrative privileges: GetTokenInformation,DecisionNodes

graph_0-21390

Source: C:\Users\user\Desktop\A74lw30K2g.exe TID: 7556	Thread sleep count: 1448 > 30	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe TID: 7556	Thread sleep time: -1448000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe TID: 7576	Thread sleep count: 3393 > 30	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe TID: 7576	Thread sleep time: -33930s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe TID: 7556	Thread sleep count: 4599 > 30	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe TID: 7556	Thread sleep time: -4599000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Users\user\Desktop\A74lw30K2g.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018002262C FindFirstFileExW,	0_3_000000018002262C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297DF410 GetLastInputInfo,GetTickCount,wsprintfW,GetForegroundWindow,GetWindowTextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,RegOpenKeyExW,RegQueryValueExW,RegQueryValueExW,RegCloseKey,SHGetFolderPathW,lstrcatW,CreateFileW,lstrlenW,WriteFile,CloseHandle,FindFirstFileW,FindClose,_invalid_parameter_noinfo_noreturn,	0_2_00007FF6297DF410
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF629803EF0 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,	0_2_00007FF629803EF0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Source: A74lw30K2g.exe, 00000000.00000002.4141751919.0000020870307000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_3_000000018000C160 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_3_000000018000C160

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297EC70C GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00007FF6297EC70C

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297D62F0

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_3_00000001800239B8 GetProcessHeap,

0_3_00000001800239B8

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018000C160 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_3_000000018000C160
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_000000018000C32C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_3_000000018000C32C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_3_0000000180013728 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_3_0000000180013728
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EBCD0 SetUnhandledExceptionFilter,GetConsoleWindow,ShowWindow,GetCurrentThreadId,PostThreadMessageA,GetInputState,CreateThread,WaitForSingleObject,CloseHandle,Sleep,	0_2_00007FF6297EBCD0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EB500 SleepEx,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,RegOpenKeyExW,RegDeleteValueW,RegSetValueExW,RegCloseKey,SleepEx,CreateEventA,Sleep,Sleep,CloseHandle,_invalid_parameter_noinfo_noreturn,IsDebuggerPresent,LoadLibraryW,GetProcAddress,FreeLibrary,GetLocalTime,wsprintfW,CreateFileW,FreeLibrary,GetCurrentThreadId,GetCurrentProcessId,GetCurrentProcess,CloseHandle,FreeLibrary,	0_2_00007FF6297EB500
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297F3A6C RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6297F3A6C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EE6F4 SetUnhandledExceptionFilter,	0_2_00007FF6297EE6F4
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EE54C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	0_2_00007FF6297EE54C
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: 0_2_00007FF6297EE8E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	0_2_00007FF6297EE8E0

HIPS / PFW / Operating System Protection Evasion

Contains functionality to inject code into remote processes

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297DCD40 GetSystemDirectoryA,CreateProcessA,VirtualAllocEx,WriteProcessMemory,GetThreadContext,SetThreadContext,ResumeThread,

0_2_00007FF6297DCD40

Contains functionality to inject threads in other processes

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297D9320 GetSystemDirectoryA,CreateProcessA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,OpenProcess,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,GetModuleFileNameA,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,ResumeThread,

0_2_00007FF6297D9320

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: GetSystemDirectoryA,CreateProcessA,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,OpenProcess,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcessId,GetModuleFileNameA,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,VirtualAllocEx,WriteProcessMemory,VirtualProtectEx,CreateRemoteThread,Sleep,VirtualProtectEx,VirtualProtectEx,ResumeThread, Windows\System32\svchost.exe

0_2_00007FF6297D9320

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF6297EB500 SleepEx,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,GetModuleHandleA,GetProcAddress,GetCurrentProcessId,OpenProcess,GetLocalTime,wsprintfW,SetUnhandledExceptionFilter,CloseHandle,AllocateAndInitializeSid,CheckTokenMembership,FreeSid,RegOpenKeyExW,RegDeleteValueW,RegSetValueExW,RegCloseKey,SleepEx,CreateEventA,Sleep,Sleep,CloseHandle,_invalid_parameter_noinfo_noreturn,IsDebuggerPresent,LoadLibraryW,GetProcAddress,FreeLibrary,GetLocalTime,wsprintfW,CreateFileW,FreeLibrary,GetCurrentThreadId,GetCurrentProcessId,GetCurrentProcess,CloseHandle,FreeLibrary,

0_2_00007FF6297EB500

Source: A74lw30K2g.exe, 00000000.00000003.3694551319.0000020870389000.00000004.00000020.00020000.00000000.sdmp, A74lw30K2g.exe, 00000000.00000002.4141751919.0000020870389000.00000004.00000020.00020000.00000000.sdmp, A74lw30K2g.exe, 00000000.00000003.3273626053.0000020870389000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 0 minProgram Manager
Source: A74lw30K2g.exe, 00000000.00000003.2568805479.000002087037E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_3_000000018002A660 cpuid

0_3_000000018002A660

Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_3_0000000180027808
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,	0_3_00000001800278B8
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_3_00000001800279EC
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: EnumSystemLocalesW,	0_3_0000000180027300
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: EnumSystemLocalesW,	0_3_000000018001D3B4
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: EnumSystemLocalesW,	0_3_00000001800273D0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_3_0000000180027468
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,	0_3_00000001800276B0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,	0_3_000000018001D748
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_3_0000000180026FA4
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: gethostname,gethostbyname,inet_ntoa,inet_ntoa,MultiByteToWideChar,MultiByteToWideChar,GetLastInputInfo,GetTickCount,wsprintfW,MultiByteToWideChar,MultiByteToWideChar,LoadLibraryW,GetProcAddress,RegOpenKeyExW,RegQueryValueExW,RegCloseKey,FreeLibrary,GetSystemInfo,wsprintfW,GetDriveTypeW,GetDiskFreeSpaceExW,GlobalMemoryStatusEx,GetForegroundWindow,GetWindowTextW,lstrlenW,GetLocalTime,wsprintfW,lstrlenW,GetModuleHandleW,GetProcAddress,GetNativeSystemInfo,GetSystemInfo,wsprintfW,GetCurrentProcessId,OpenProcess,K32GetProcessImageFileNameW,GetLogicalDriveStringsW,lstrcmpiW,lstrcmpiW,QueryDosDeviceW,lstrlenW,lstrcpyW,CloseHandle,CoInitializeEx,CoCreateInstance,SysFreeString,CoUninitialize,RegOpenKeyExW,RegQueryInfoKeyW,RegEnumKeyExW,lstrlenW,lstrlenW,RegCloseKey,lstrlenW,GetTickCount,wsprintfW,GetLocaleInfoW,GetSystemDirectoryW,GetCurrentHwProfileW,lstrcpyW,lstrcatW,lstrlenW,GetLocalTime,wsprintfW,RegOpenKeyExW,RegDeleteValueW,RegCloseKey,RegCreateKeyW,lstrlenW,RegSetValueExW,RegCloseKey,RegCloseKey,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,	0_2_00007FF6297D62F0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: EnumSystemLocalesW,	0_2_00007FF629807B08
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: EnumSystemLocalesW,	0_2_00007FF629807A38
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,	0_2_00007FF629800D10
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF629807BA0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF6298076DC
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,	0_2_00007FF629807DE8
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF629808124
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: EnumSystemLocalesW,	0_2_00007FF629800838
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,	0_2_00007FF629807FF0
Source: C:\Users\user\Desktop\A74lw30K2g.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF629807F40

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_3_000000018000C064 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_3_000000018000C064

Source: C:\Users\user\Desktop\A74lw30K2g.exe

Code function: 0_2_00007FF629801DA8 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF629801DA8

Source: C:\Users\user\Desktop\A74lw30K2g.exe

0_2_00007FF6297DFD10

Source: A74lw30K2g.exe, 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmp, A74lw30K2g.exe, 00000000.00000000.1683836257.00007FF62980F000.00000002.00000001.01000000.00000003.sdmp

Binary or memory string: KSafeTray.exe

Stealing of Sensitive Information

Yara detected GhostRat

Source: Yara match	File source: A74lw30K2g.exe, type: SAMPLE
Source: Yara match	File source: 0.0.A74lw30K2g.exe.7ff6297d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.A74lw30K2g.exe.7ff6297d0000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: A74lw30K2g.exe PID: 7496, type: MEMORYSTR

Remote Access Functionality

Yara detected GhostRat

Source: Yara match	File source: A74lw30K2g.exe, type: SAMPLE
Source: Yara match	File source: 0.0.A74lw30K2g.exe.7ff6297d0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.A74lw30K2g.exe.7ff6297d0000.8.unpack, type: UNPACKEDPE
Source: Yara match	File source: Process Memory Space: A74lw30K2g.exe PID: 7496, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	12 Native API	1 DLL Side-Loading	1 DLL Side-Loading	1 DLL Side-Loading	121 Input Capture	2 System Time Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Windows Service	1 Access Token Manipulation	1 Modify Registry	LSASS Memory	11 Peripheral Device Discovery	Remote Desktop Protocol	1 Screen Capture	1 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	11 Registry Run Keys / Startup Folder	1 Windows Service	1 Virtualization/Sandbox Evasion	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	121 Input Capture	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	211 Process Injection	1 Access Token Manipulation	NTDS	26 System Information Discovery	Distributed Component Object Model	3 Clipboard Data	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	11 Registry Run Keys / Startup Folder	211 Process Injection	LSA Secrets	151 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Indicator Removal	Cached Domain Credentials	1 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	3 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 Application Window Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
A74lw30K2g.exe	75%	ReversingLabs	Win64.Backdoor.GhostRAT
A74lw30K2g.exe	70%	Virustotal		Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
huazai789.top	192.238.132.117	true	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
192.238.132.117	huazai789.top	United States		395954	LEASEWEB-USA-LAX-11US	true

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589403
Start date and time:	2025-01-12 08:31:06 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 7m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	A74lw30K2g.exe renamed because original name is a hash value
Original Sample Name:	80efe3fa59592ab4d895db396ced8d10.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/1@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 58 Number of non-executed functions: 187
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:32:34	API Interceptor	6515166x Sleep call for process: A74lw30K2g.exe modified

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
LEASEWEB-USA-LAX-11US	https://199.188.109.181	Get hash	malicious	Unknown	Browse	192.238.129.52
	Fantazy.mips.elf	Get hash	malicious	Unknown	Browse	23.87.149.48
	arm7.elf	Get hash	malicious	Mirai	Browse	23.86.58.197
	sh4.elf	Get hash	malicious	Mirai	Browse	23.87.103.160
	6.elf	Get hash	malicious	Unknown	Browse	23.86.11.148
	WgnsGjhA3P.exe	Get hash	malicious	GhostRat	Browse	192.238.134.52
	WgnsGjhA3P.exe	Get hash	malicious	GhostRat	Browse	192.238.134.52
	Mes_Drivers_3.0.4.exe	Get hash	malicious	Unknown	Browse	23.83.76.85
	fuckunix.sh4.elf	Get hash	malicious	Mirai	Browse	23.85.171.227
	armv7l.elf	Get hash	malicious	Unknown	Browse	23.83.17.216

Process:	C:\Users\user\Desktop\A74lw30K2g.exe
File Type:	data
Category:	dropped
Size (bytes):	30
Entropy (8bit):	2.6616157143988106
Encrypted:	false
SSDEEP:	3:tblM6lEjln:tbhEZn
MD5:	AE50B29A0B8DCC411F24F1863B0EAFDE
SHA1:	D415A55627B1ADED8E4B2CBBA402F816B0461155
SHA-256:	6B4BBBCE480FBC50D39A8EC4B72CDB7D781B151921E063DD899FD9B736ADCF68
SHA-512:	D9A9BA42D99BE32D26667060BE1D523DCD20EAFA187A67F7919002CC6DA349FD058053C9C6F721D6FDB730EA02FBAA3013E51C0C653368BD6B3F57A4C0FCABA8
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.

Static File Info

General

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.060222083682462
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	A74lw30K2g.exe
File size:	389'632 bytes
MD5:	80efe3fa59592ab4d895db396ced8d10
SHA1:	0a35c3b26b86188908cd3d60db68c43fa211f4b0
SHA256:	69e0e00babc6365144a98c2866353ef973b7dfe69ae37068f807d4b12c017161
SHA512:	8a8d45c9e22d5f0f78057f2abcef3735877c609ef0f69e41c20033d3c5d165c907d73a6cc5b1a23dd316c5b842d82ffb48e4c47e1dfe6a768c72e07a1f556a35
SSDEEP:	6144:tKtL0RSVgMoEao8ItdKwzBFdYmT+xmyiRLBVhLhkM:ItwSqEao8It4wlDCxmPfx
TLSH:	DA848E49F79405F8E5678138C9634916EBB27C6D03A09BDF33A4866A2F237D0AD3E711
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........A...A...A.......D...............@.......@...Q(..K...Q(..S...Q(..........U.......X...A...m....)..S....)..@...RichA..........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x14001e13c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x677A4401 [Sun Jan 5 08:34:09 2025 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	d7444b6dc7c8cddb50fba5269ad57bce

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F79851849E0h
dec eax
add esp, 28h
jmp 00007F7985184237h
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007F79851843D2h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007F79851843D5h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007F79851843CDh
movzx eax, byte ptr [ecx+eax+03h]
and eax, FFFFFFF0h
dec esp
add ecx, eax
dec esp
xor ecx, edx
dec ecx
mov ecx, ecx
pop ebx
jmp 00007F79851843DAh
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
nop word ptr [eax+eax+00000000h]
dec eax
cmp ecx, dword ptr [00036E59h]
jne 00007F79851843D2h
dec eax
rol ecx, 10h
test cx, FFFFh
jne 00007F79851843C3h
ret
dec eax
ror ecx, 10h
jmp 00007F7985184ADBh
int3
int3
dec eax
mov dword ptr [esp+00h], ebx

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x523b0	0x104	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x60000	0x3420	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x64000	0xc80	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x4c7b0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4c980	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x4c670	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3f000	0x918	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3dbf0	0x3dc00	d3f6189e43bbd290b28f7518c02b76a1	False	0.5461593813259109	data	6.462564110280856	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x3f000	0x1519e	0x15200	9e26fd4c3ae6978d53ec06e02524102f	False	0.41498705621301774	data	4.93197088749888	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x55000	0xaa6c	0x7c00	8f65573ed32594cbde8ff9ccb2da7eb9	False	0.10631930443548387	DOS executable (block device driver \377\3)	1.5564681329279173	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x60000	0x3420	0x3600	20b7b9769859dd90801ea597a1d992be	False	0.4626736111111111	data	5.517914471579984	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x64000	0xc80	0xe00	316f5780e4a2c74c1946985bacab1ae4	False	0.4916294642857143	data	5.228910762857474	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL	Import
KERNEL32.dll	QueryDosDeviceW, WriteProcessMemory, GetCommandLineW, GetCurrentProcess, WriteFile, OutputDebugStringA, GetModuleFileNameW, GetProcessId, CreateMutexW, GetLocaleInfoW, LocalAlloc, CreateFileW, GetVersionExW, K32GetProcessImageFileNameW, GetSystemDirectoryW, ResumeThread, GetModuleHandleA, OpenProcess, GetVersion, GetLogicalDriveStringsW, CreateToolhelp32Snapshot, MultiByteToWideChar, Process32NextW, GetDiskFreeSpaceExW, GetSystemDirectoryA, LoadLibraryA, lstrcatW, GlobalAlloc, Process32FirstW, GlobalFree, GetSystemInfo, LoadLibraryW, GetLocalTime, VirtualProtectEx, GetThreadContext, GetProcAddress, VirtualAllocEx, LocalFree, ExitProcess, GetCurrentProcessId, GlobalMemoryStatusEx, CreateProcessW, GetModuleHandleW, FreeLibrary, GetConsoleWindow, lstrcpyW, CreateRemoteThread, CreateProcessA, SetThreadContext, GetModuleFileNameA, GetTickCount, lstrcmpW, GetDriveTypeW, GetExitCodeProcess, SetFilePointer, ReleaseMutex, GlobalSize, DeleteFileW, GlobalLock, GetFileSize, GlobalUnlock, FindFirstFileW, ExpandEnvironmentStringsW, FindClose, GetFileAttributesW, TerminateThread, VirtualProtect, IsBadReadPtr, CreateThread, IsDebuggerPresent, SetUnhandledExceptionFilter, WriteConsoleW, GetCurrentThreadId, GetConsoleMode, GetConsoleOutputCP, FlushFileBuffers, SetFilePointerEx, SetStdHandle, SetEnvironmentVariableW, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetOEMCP, GetACP, IsValidCodePage, FindNextFileW, FindFirstFileExW, GetTimeZoneInformation, EnumSystemLocalesW, GetUserDefaultLCID, IsValidLocale, LCMapStringW, CompareStringW, FlsFree, FlsSetValue, GetStartupInfoW, CreateWaitableTimerW, SetWaitableTimer, TryEnterCriticalSection, WideCharToMultiByte, ResetEvent, CreateEventW, lstrlenW, CancelIo, GetNativeSystemInfo, SetLastError, lstrcmpiW, CreateEventA, CloseHandle, SetEvent, Sleep, HeapFree, WaitForSingleObject, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, EnterCriticalSection, HeapCreate, GetProcessHeap, DeleteCriticalSection, HeapDestroy, DecodePointer, HeapAlloc, HeapReAlloc, GetLastError, HeapSize, InitializeCriticalSectionEx, VirtualAlloc, VirtualFree, FlsGetValue, FlsAlloc, GetFileType, GetCommandLineA, GetStdHandle, VirtualQuery, GetModuleHandleExW, FreeLibraryAndExitThread, ExitThread, LoadLibraryExW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, RtlPcToFileHeader, RtlUnwindEx, lstrcpyA, CreateFileA, GetSystemDefaultLangID, DeviceIoControl, TerminateProcess, InitializeSListHead, GetSystemTimeAsFileTime, QueryPerformanceCounter, IsProcessorFeaturePresent, UnhandledExceptionFilter, RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, SleepConditionVariableSRW, WakeAllConditionVariable, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, GetCPInfo, LCMapStringEx, EncodePointer, CompareStringEx, GetStringTypeW, RaiseException, OutputDebugStringW, SwitchToThread
USER32.dll	MsgWaitForMultipleObjects, GetWindowTextW, wsprintfW, GetForegroundWindow, GetLastInputInfo, GetClipboardData, CloseClipboard, OpenClipboard, GetKeyState, ReleaseDC, GetDesktopWindow, SetClipboardData, ExitWindowsEx, EmptyClipboard, GetSystemMetrics, GetDC, GetInputState, PostThreadMessageA, TranslateMessage, DispatchMessageW, PeekMessageW, ShowWindow
GDI32.dll	CreateCompatibleBitmap, SelectObject, CreateDIBSection, SetDIBColorTable, CreateCompatibleDC, StretchBlt, GetDIBits, GetDeviceCaps, GetObjectW, SetStretchBltMode, DeleteObject, DeleteDC
ADVAPI32.dll	OpenProcessToken, RegQueryValueExW, AllocateAndInitializeSid, FreeSid, CheckTokenMembership, ClearEventLogW, CloseEventLog, OpenEventLogW, LookupPrivilegeValueW, AdjustTokenPrivileges, GetCurrentHwProfileW, RegCloseKey, RegQueryInfoKeyW, GetSidSubAuthorityCount, GetSidSubAuthority, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCreateKeyW, RegDeleteValueW, LookupAccountSidW, GetTokenInformation
SHELL32.dll	SHGetFolderPathW
ole32.dll	CreateStreamOnHGlobal, GetHGlobalFromStream, CoInitialize, CoUninitialize, CoCreateInstance
OLEAUT32.dll	SysFreeString
WS2_32.dll	WSASetLastError, WSAEventSelect, WSAResetEvent, WSAWaitForMultipleEvents, WSAEnumNetworkEvents, WSAGetLastError, WSACleanup, WSAIoctl, closesocket, WSACreateEvent, select, WSAStartup, send, socket, connect, recv, htons, setsockopt, inet_ntoa, WSACloseEvent, gethostbyname, gethostname, shutdown
WINMM.dll	timeGetTime
gdiplus.dll	GdipCreateBitmapFromStream, GdipBitmapUnlockBits, GdipCloneImage, GdipAlloc, GdiplusShutdown, GdipDrawImageI, GdipCreateBitmapFromScan0, GdipCreateBitmapFromHBITMAP, GdipGetImageWidth, GdipGetImagePalette, GdipDeleteGraphics, GdipGetImageEncodersSize, GdipGetImageGraphicsContext, GdipFree, GdipGetImagePixelFormat, GdipDisposeImage, GdipSaveImageToStream, GdipBitmapLockBits, GdipGetImagePaletteSize, GdiplusStartup, GdipGetImageHeight, GdipGetImageEncoders
dxgi.dll	CreateDXGIFactory
DINPUT8.dll	DirectInput8Create

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-12T08:32:08.202281+0100	2052875	ET MALWARE Anonymous RAT CnC Checkin	1	192.168.2.4	49730	192.238.132.117	4433	TCP
2025-01-12T08:33:11.269672+0100	2052875	ET MALWARE Anonymous RAT CnC Checkin	1	192.168.2.4	49730	192.238.132.117	4433	TCP
2025-01-12T08:34:45.059992+0100	2052875	ET MALWARE Anonymous RAT CnC Checkin	1	192.168.2.4	61740	192.238.132.117	4433	TCP
2025-01-12T08:35:49.021455+0100	2052875	ET MALWARE Anonymous RAT CnC Checkin	1	192.168.2.4	61743	192.238.132.117	10443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 08:32:06.107074022 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:06.111850977 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:06.111954927 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:07.559760094 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:07.564892054 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:07.564959049 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:07.564989090 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:07.565016985 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.108464956 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.159501076 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.197230101 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.202214956 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.202253103 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.202280998 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.202286005 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.207123041 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.865739107 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.865791082 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.865828991 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.865864038 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.865895033 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.865926981 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.865941048 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.865966082 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.865989923 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.865995884 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.866024971 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.866045952 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.866072893 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.868964911 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.869106054 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:08.873948097 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.873977900 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.874006033 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.874207973 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.874234915 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:08.874267101 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194207907 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194268942 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194304943 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194322109 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.194341898 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194396019 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.194453955 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194489956 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194525003 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194545984 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.194557905 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194591999 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194622993 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.194628954 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.194685936 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.195219994 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.195255995 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.195288897 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.195297003 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.195353985 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.195391893 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.195425987 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.196090937 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.196135044 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.196141958 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.237637043 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.417604923 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417654037 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417695999 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417730093 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417752028 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.417766094 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417789936 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.417804003 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417851925 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417855978 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.417907953 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417943001 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417975903 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.417988062 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.418010950 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.418045998 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.418050051 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.418092966 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.418812990 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.418864965 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.418899059 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.418919086 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.418931007 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.418966055 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.418977976 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.419001102 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.419055939 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.419709921 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.419744015 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.419776917 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.419790030 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.419811964 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.419847012 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.419867039 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.419882059 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.419929028 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.420567036 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.420603037 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.420649052 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.640073061 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640113115 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640147924 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640199900 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640207052 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.640235901 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640264988 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640270948 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.640315056 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.640400887 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640434027 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640465975 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640486956 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.640499115 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640532970 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640549898 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.640566111 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640600920 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.640619993 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.641073942 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641124964 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.641127110 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641160965 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641192913 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641216040 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.641227007 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641261101 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641295910 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641295910 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.641350985 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.641885996 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641920090 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641952991 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.641969919 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.641987085 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642019987 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642030954 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.642055035 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642087936 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642100096 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.642122030 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642154932 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642169952 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.642756939 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642811060 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.642847061 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642896891 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642930031 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642950058 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.642961979 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.642997026 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643021107 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.643028975 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643064022 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643084049 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.643098116 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643141031 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.643806934 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643858910 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643893003 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643907070 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.643927097 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643959999 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.643971920 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.643994093 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.644026995 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.644042015 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.644062042 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.644108057 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863171101 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863234997 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863270044 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863302946 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863368034 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863380909 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863419056 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863435030 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863471031 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863490105 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863523006 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863557100 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863573074 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863590002 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863624096 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863641977 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863656998 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863691092 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863708019 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863723040 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863758087 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863774061 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863791943 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863825083 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863847017 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.863862038 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863895893 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.863912106 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.864406109 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864439964 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864459038 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.864474058 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864506960 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864521980 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.864542007 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864576101 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864592075 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.864609957 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864643097 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864675999 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864698887 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.864708900 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864722013 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.864742994 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864779949 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.864794016 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.865364075 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865397930 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865417957 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.865433931 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865467072 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865487099 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.865500927 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865533113 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865552902 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.865567923 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865601063 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865622044 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.865634918 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865668058 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865688086 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.865701914 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865736961 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.865750074 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.866202116 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866250992 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.866252899 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866295099 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866329908 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866353989 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.866363049 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866396904 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866409063 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.866430998 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866465092 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866486073 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.866498947 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866532087 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866554022 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.866564989 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866600037 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.866622925 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.867178917 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867230892 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867233038 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.867265940 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867300034 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867319107 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.867351055 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867383003 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867398024 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.867418051 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867450953 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867464066 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.867485046 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867517948 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867531061 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.867551088 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867585897 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.867598057 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.868043900 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868094921 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868094921 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.868129969 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868163109 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868180037 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.868196964 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868228912 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868259907 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.868263006 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868297100 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868321896 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.868334055 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868369102 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:09.868381023 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:09.909498930 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086188078 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086242914 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086294889 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086316109 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086330891 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086380959 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086414099 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086419106 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086466074 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086474895 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086499929 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086568117 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086572886 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086601019 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086633921 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086659908 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086668015 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086715937 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086716890 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086750984 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086805105 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086807013 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086853981 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086889029 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086903095 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.086922884 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086956978 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086990118 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.086993933 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087024927 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087057114 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087058067 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087093115 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087105036 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087126017 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087160110 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087186098 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087192059 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087228060 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087240934 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087261915 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087295055 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087323904 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087352037 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087384939 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087434053 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087435007 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087503910 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087507010 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087541103 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087574005 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087600946 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087609053 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087642908 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087673903 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087676048 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087712049 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087748051 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087764978 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087769985 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087800980 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087821960 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087833881 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087869883 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.087869883 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.087918997 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088084936 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088135958 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088170052 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088186026 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088205099 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088238955 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088270903 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088273048 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088305950 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088326931 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088342905 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088378906 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088408947 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088413000 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088447094 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088469982 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088481903 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088515997 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088551044 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088552952 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088584900 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088608027 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088620901 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088654995 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088686943 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088721037 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088735104 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088753939 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.088761091 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.088819027 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.092771053 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.092802048 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.092835903 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.092850924 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.092964888 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.092998981 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093019009 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093033075 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093065023 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093084097 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093099117 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093131065 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093148947 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093166113 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093198061 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093214035 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093231916 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093265057 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093274117 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093300104 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093334913 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093348980 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093477011 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093506098 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093530893 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093555927 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093590021 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093606949 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093662024 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093712091 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093722105 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093741894 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093775034 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093786955 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093813896 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093847990 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093879938 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.093910933 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.093991041 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094024897 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094043016 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094074011 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094079018 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094121933 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094130993 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094165087 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094172001 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094198942 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094217062 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094233036 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094264984 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094288111 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094299078 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094332933 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094356060 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094367027 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094399929 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094424963 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094434023 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094466925 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094482899 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094500065 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094562054 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094801903 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094835043 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094866991 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094871998 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094901085 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094947100 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.094954014 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.094980955 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.095015049 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.095031023 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.095048904 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.095082998 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.095115900 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.095136881 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.095151901 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.095165968 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.095185995 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.095220089 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.095233917 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.103781939 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.108633995 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.111536980 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.116383076 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.176713943 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.176763058 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.176814079 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.176814079 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.176847935 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.176882982 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.176896095 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.176915884 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.176968098 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.176969051 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.177004099 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177051067 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.177057028 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177107096 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177141905 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177166939 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.177175045 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177211046 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177228928 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.177246094 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177278996 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177294016 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.177309990 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177344084 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177360058 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.177382946 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177414894 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177433968 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.177450895 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177484035 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177501917 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.177522898 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177573919 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.177580118 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.222003937 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309243917 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309273958 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309324980 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309325933 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309362888 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309412956 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309413910 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309449911 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309498072 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309500933 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309537888 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309586048 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309587955 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309653997 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309686899 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309701920 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309722900 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309753895 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309770107 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309789896 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309838057 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309839964 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309873104 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309923887 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.309923887 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.309977055 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310009003 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310024023 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310044050 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310077906 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310091019 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310117006 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310165882 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310168028 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310204983 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310252905 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310260057 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310332060 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310364962 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310379028 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310416937 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310450077 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310467958 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310486078 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310518980 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310533047 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310554981 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310606003 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310606003 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310657978 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310709000 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310709000 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310745001 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310776949 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310792923 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310811996 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310846090 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310862064 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310880899 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310914993 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310928106 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.310949087 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310981989 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.310993910 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311016083 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311048985 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311062098 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311104059 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311151028 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311153889 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311188936 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311220884 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311233997 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311255932 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311289072 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311304092 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311343908 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311378002 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311389923 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311413050 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311444044 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311458111 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311477900 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311527967 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311532021 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311583042 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311615944 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311634064 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311650991 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311683893 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311697960 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311719894 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311768055 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311770916 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311803102 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311836004 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311849117 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311868906 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311903000 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311917067 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.311954975 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.311989069 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312000990 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312025070 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312067032 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312067986 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312119007 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312151909 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312165976 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312187910 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312220097 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312232971 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312254906 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312288046 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312300920 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312323093 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312356949 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312369108 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312396049 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312429905 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312443972 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312465906 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312499046 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312514067 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312582016 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312614918 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312628031 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312649012 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312681913 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312695026 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312717915 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312747002 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312762022 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312782049 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312815905 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312836885 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312849998 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312884092 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312899113 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312917948 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312951088 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.312980890 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.312983990 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313019991 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313026905 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313055038 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313088894 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313103914 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313122988 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313155890 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313169003 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313188076 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313220024 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313234091 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313256025 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313287973 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313316107 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313323975 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313358068 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313371897 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313393116 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313426971 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313446045 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313461065 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313492060 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313503981 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313527107 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313560963 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313572884 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313596010 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313628912 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313642979 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313663960 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313697100 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313710928 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313731909 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313766003 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313776016 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313801050 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313833952 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313846111 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.313868046 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.313916922 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400134087 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400172949 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400207043 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400238991 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400240898 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400274992 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400289059 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400307894 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400352001 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400367022 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400399923 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400433064 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400446892 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400485039 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400518894 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400532007 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400578022 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400610924 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400625944 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400680065 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400728941 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400731087 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400764942 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400798082 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400810957 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400832891 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400876999 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400885105 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400911093 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400944948 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.400960922 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.400974989 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401006937 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401014090 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401041031 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401073933 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401084900 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401108027 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401145935 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401150942 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401181936 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401213884 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401226997 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401247978 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401281118 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401299953 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401316881 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401350021 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401365042 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401385069 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401417971 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401431084 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401453018 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401487112 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401516914 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401521921 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401556015 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401566029 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:10.401591063 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:10.401637077 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:19.901254892 CET	61472	53	192.168.2.4	1.1.1.1
Jan 12, 2025 08:32:19.906234980 CET	53	61472	1.1.1.1	192.168.2.4
Jan 12, 2025 08:32:19.906316042 CET	61472	53	192.168.2.4	1.1.1.1
Jan 12, 2025 08:32:19.911252975 CET	53	61472	1.1.1.1	192.168.2.4
Jan 12, 2025 08:32:20.383785963 CET	61472	53	192.168.2.4	1.1.1.1
Jan 12, 2025 08:32:20.388933897 CET	53	61472	1.1.1.1	192.168.2.4
Jan 12, 2025 08:32:20.388994932 CET	61472	53	192.168.2.4	1.1.1.1
Jan 12, 2025 08:32:22.675349951 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:22.680331945 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:22.994316101 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:23.050239086 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:38.565959930 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:38.571105957 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:38.884982109 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:38.925254107 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:55.097237110 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:32:55.102264881 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:55.416117907 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:32:55.456571102 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:11.269671917 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:11.274528027 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:11.588386059 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:11.628386974 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:28.003571033 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:28.003674984 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:28.008538961 CET	4433	49730	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:28.008636951 CET	49730	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:32.973053932 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:32.977979898 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:32.978065968 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:34.002747059 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:34.007710934 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:34.007745028 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:34.007771969 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:34.008025885 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:34.586107016 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:34.737997055 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:34.751467943 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:34.756333113 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:34.756387949 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:34.756417036 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:34.756417036 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:34.761272907 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.301228046 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.301255941 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.301270962 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.301285982 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.301363945 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.301382065 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.301393032 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.301393032 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.301445961 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.301574945 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.305480957 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.306462049 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.306487083 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.306595087 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.310355902 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.310369968 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.310498953 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625083923 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625101089 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625125885 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625142097 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625154972 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625161886 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.625173092 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625190020 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.625205040 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.625725031 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625741005 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625756979 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625771046 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625780106 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.625785112 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.625803947 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.626461983 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.626492977 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.626502037 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.626509905 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.626524925 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.626542091 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.626552105 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.626588106 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.627279043 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.630053997 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.630072117 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.630098104 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.737952948 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.848268986 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848337889 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848354101 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848378897 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848392963 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848395109 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.848408937 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848419905 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.848424911 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848439932 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848445892 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.848457098 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848470926 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.848803997 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848819971 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848834991 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848845959 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.848856926 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.848869085 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.849318981 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849344015 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849359989 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849359989 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.849375010 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849390030 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849395990 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.849406004 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849422932 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849425077 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.849438906 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849455118 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.849457026 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.849490881 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.850215912 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.850277901 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.850292921 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.850307941 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.850320101 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:35.850322008 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:35.850338936 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.050318003 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074350119 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074392080 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074431896 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074453115 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074508905 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074542046 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074553013 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074577093 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074615955 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074619055 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074650049 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074682951 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074690104 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074717045 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074748993 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074749947 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074784040 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074815035 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074820042 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074863911 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074897051 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074903965 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074929953 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.074963093 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.074965954 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075000048 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075032949 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075042009 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075069904 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075102091 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075103998 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075135946 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075166941 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075167894 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075201988 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075232983 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075237989 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075268984 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075335979 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075351954 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075392008 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075433969 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075448990 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075503111 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075536013 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075539112 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075570107 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075607061 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075608015 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075639963 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075673103 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075676918 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075707912 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075740099 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075752020 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075773954 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075808048 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075817108 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.075844049 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.075882912 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.076304913 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.076339960 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.076374054 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.076375008 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.076407909 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.076442957 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.076443911 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.076478004 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.076514006 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.076519966 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.237818003 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.294600964 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.294723988 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.294759035 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.294761896 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.294792891 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.294826031 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.294827938 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.294857979 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.294893026 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.294900894 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.294990063 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295025110 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.295027971 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295123100 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295156956 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295159101 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.295191050 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295222998 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295226097 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.295255899 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295289040 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295291901 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.295352936 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295387030 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295389891 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.295423985 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295456886 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295456886 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.295489073 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295522928 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295526028 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.295557976 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295591116 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295593977 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.295625925 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.295660973 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.296101093 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296133995 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296166897 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296170950 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.296200991 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296233892 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296235085 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.296267033 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296299934 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296304941 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.296333075 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296365976 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296370983 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.296399117 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296432018 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296433926 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.296468019 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.296503067 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.296952963 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297005892 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297040939 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297041893 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.297074080 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297106028 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297108889 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.297139883 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297172070 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297174931 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.297205925 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297235966 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.297239065 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297272921 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297305107 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297308922 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.297341108 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297378063 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.297713041 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297777891 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297811031 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297818899 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.297846079 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297882080 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.297888041 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.347191095 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.381764889 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.381833076 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.381871939 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.381941080 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.381975889 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382009029 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382009983 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382042885 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382076025 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382076025 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382107973 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382141113 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382143974 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382174015 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382206917 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382206917 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382241011 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382272959 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382275105 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382307053 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382339954 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382343054 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382370949 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382402897 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382405996 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382437944 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382472038 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382474899 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382510900 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382546902 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382550955 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382585049 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382617950 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382625103 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382651091 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382683992 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382687092 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382718086 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382750988 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382751942 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382783890 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382817030 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382822037 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.382850885 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.382885933 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.517834902 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.517923117 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.517997026 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518068075 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518096924 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518096924 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.518146992 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518173933 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.518188953 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518307924 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518333912 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.518377066 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518471003 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518472910 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.518568039 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518594980 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.518644094 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518697023 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518728971 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518757105 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.518763065 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518798113 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518831015 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518853903 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.518866062 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518899918 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518925905 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.518934011 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.518966913 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519000053 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519025087 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519032955 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519049883 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519064903 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519081116 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519088030 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519097090 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519114017 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519119978 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519129992 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519203901 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519220114 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519243002 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519277096 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519293070 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519309044 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519336939 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519352913 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519357920 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519370079 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519386053 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519402027 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519407988 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519418955 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519424915 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519435883 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519452095 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519467115 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519474030 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519483089 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519499063 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519515038 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519519091 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519531012 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519546986 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519562960 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519568920 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519579887 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.519603014 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.519675970 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.520159006 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520174980 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520190954 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520205021 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520220041 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520226955 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.520236015 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520251989 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520256996 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.520268917 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520275116 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.520284891 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520302057 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520318031 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520333052 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520348072 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520354986 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.520363092 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520379066 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520385027 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.520395994 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520401001 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.520415068 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.520436049 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.521110058 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521126032 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521141052 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521156073 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521162987 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.521173000 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521187067 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521193027 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.521203041 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521208048 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.521219015 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521234989 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521239996 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.521250963 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521265984 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521270037 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.521281958 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521297932 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521311998 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521317959 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.521328926 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521334887 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.521347046 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.521363974 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522068977 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522083044 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522098064 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522113085 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522119999 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522130013 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522134066 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522146940 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522151947 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522165060 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522180080 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522195101 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522209883 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522216082 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522227049 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522242069 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522258043 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522265911 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522274017 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522289991 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522295952 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522306919 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522322893 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522330999 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522341967 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522897959 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522922039 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522937059 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522952080 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522967100 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522974014 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.522984028 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.522988081 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.523001909 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.523008108 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.523020029 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.523035049 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.523036957 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.523052931 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.523067951 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.523113012 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.523113012 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.534526110 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.539366007 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.601665974 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.604595900 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.604691982 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.604705095 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.604748011 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.604783058 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.604809046 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.604840040 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.604931116 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.604964972 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.604991913 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.605034113 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605086088 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605118990 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605144024 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.605154037 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605185986 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605212927 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.605221033 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605256081 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605288982 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605315924 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.605321884 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605360985 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605391026 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605416059 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.605423927 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605459929 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605490923 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605515957 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.605525970 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605559111 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605592012 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605618000 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.605624914 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605659962 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605694056 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.605719090 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.606781006 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.740994930 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741115093 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741149902 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741180897 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741183996 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741209030 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741291046 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741324902 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741353989 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741358995 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741394043 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741427898 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741452932 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741489887 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741518021 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741554022 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741589069 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741614103 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741622925 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741730928 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741764069 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741791964 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741797924 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741832972 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741857052 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741866112 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741902113 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741934061 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.741959095 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.741966009 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742069960 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742103100 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742129087 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742140055 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742242098 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742275953 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742280006 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742310047 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742343903 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742369890 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742377043 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742409945 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742441893 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742465973 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742475033 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742510080 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742536068 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742543936 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742580891 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742614985 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742628098 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742650986 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742683887 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742708921 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742716074 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742748976 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742774963 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742783070 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742815971 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742851019 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742875099 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742882967 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742916107 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742949009 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.742973089 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.742981911 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743015051 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743046045 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743077040 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.743081093 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743114948 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743139982 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.743146896 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743180990 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743207932 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.743215084 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743248940 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743273973 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.743283033 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743335962 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.743452072 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.748450994 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748572111 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748605967 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748639107 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748680115 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748707056 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.748754978 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748790026 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748822927 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748848915 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.748893976 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748944998 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.748970985 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749027014 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749061108 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749087095 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749094009 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749128103 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749161005 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749180079 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749193907 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749228001 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749252081 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749259949 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749293089 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749319077 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749325037 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749358892 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749386072 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749392986 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749425888 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749507904 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749532938 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749541998 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749576092 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749602079 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749609947 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749644041 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749670982 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749677896 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749712944 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749747038 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749758959 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749758959 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749782085 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749814987 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749833107 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749847889 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749881029 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749905109 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.749912977 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749947071 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.749979019 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750003099 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.750010967 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750044107 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750076056 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750102043 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.750108957 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750148058 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750180960 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750202894 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.750214100 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750248909 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750272036 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.750281096 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750314951 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750345945 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750370979 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.750377893 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750411987 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750443935 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750468016 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.750477076 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750507116 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750540972 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750565052 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.750574112 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750607967 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750641108 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.750664949 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.752659082 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.827744007 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.827817917 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.827871084 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.827903986 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.827945948 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.827974081 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828032017 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828068018 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828094006 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828102112 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828170061 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828222990 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828250885 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828300953 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828325987 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828362942 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828437090 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828460932 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828469992 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828506947 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828538895 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828563929 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828572035 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828608036 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828639984 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828664064 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828672886 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828707933 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828732967 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828741074 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828773975 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828808069 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828825951 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828841925 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828876019 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828902960 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828910112 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828938007 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.828944921 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828979015 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.828995943 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.829013109 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.829046965 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.829066992 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.829080105 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.829113007 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.829138994 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:36.829149008 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:36.829205036 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:49.130964994 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:33:49.136497021 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:49.445759058 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:33:49.487963915 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:06.003722906 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:06.008827925 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:06.318912029 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:06.362926006 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:22.519356966 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:22.524358988 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:22.834304094 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:22.878635883 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:38.488025904 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:38.488091946 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:38.493160009 CET	10443	61700	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:38.493228912 CET	61700	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:43.441919088 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:43.447154045 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:43.447252035 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:44.402214050 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:44.407535076 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:44.407574892 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:44.407603979 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:44.407636881 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:44.978682995 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.019284010 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.054573059 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.059916019 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.059953928 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.059983015 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.059992075 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.064860106 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.590213060 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.590260983 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.590296030 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.590328932 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.590363026 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.590393066 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.590426922 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.590465069 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.590466022 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.590466022 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.590581894 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.590682983 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.595530987 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.595701933 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.595730066 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.595756054 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.595782042 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.595808983 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.912938118 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.912976980 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.913009882 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.913122892 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.913156033 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.913172960 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.913204908 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.913220882 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.913238049 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.913258076 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.913271904 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.914060116 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.914093018 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.914117098 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.914128065 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.914136887 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.914160967 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.914194107 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.914241076 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.914946079 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.914978981 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.915011883 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.915028095 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.915045023 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.915051937 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:45.915076971 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:45.918688059 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.134119034 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134157896 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134191990 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134224892 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134257078 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134290934 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134336948 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.134336948 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.134336948 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.134526968 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134561062 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134593964 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134608984 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.134628057 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.134818077 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.135067940 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.135102034 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.135134935 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.135163069 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.135166883 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.135201931 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.135216951 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.135236025 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.135293007 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.136038065 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.136086941 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.136120081 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.136135101 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.136152983 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.136187077 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.136199951 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.136221886 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.136292934 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.136945009 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.136977911 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.137011051 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.137042046 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.137063980 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.137074947 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.137089968 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.191144943 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.355223894 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355333090 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355369091 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355403900 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355436087 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355472088 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355515957 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.355515957 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.355602980 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.355695963 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355729103 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355762959 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355794907 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355798006 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.355829000 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355860949 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355890989 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.355911016 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355912924 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.355943918 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.355993986 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.356720924 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.356784105 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.356817007 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.356839895 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.356848955 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.356883049 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.356910944 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.356914043 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.356949091 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.356961012 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.356977940 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357044935 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.357546091 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357578993 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357611895 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357645035 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357645988 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.357677937 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357700109 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.357711077 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357743979 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357763052 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.357778072 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.357835054 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.358551025 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.358583927 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.358618021 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.358650923 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.358654976 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.358684063 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.358700037 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.358716965 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.358750105 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.358762980 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.358782053 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.358836889 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.359570980 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.359605074 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.359637976 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.359669924 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.359682083 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.359704018 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.359718084 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.359736919 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.359770060 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.359802008 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.359808922 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.359848022 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.360428095 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.360457897 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.360507965 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.576198101 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576231003 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576280117 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576354980 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576380968 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.576387882 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576422930 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576458931 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.576464891 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576520920 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.576554060 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576586962 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576618910 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576652050 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576652050 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.576672077 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.576683998 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576718092 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576780081 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.576865911 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576898098 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.576924086 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.576932907 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577169895 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577202082 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577229023 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.577234983 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577246904 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.577269077 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577301025 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577332973 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577358007 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.577366114 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577378035 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.577399015 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577662945 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577712059 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577722073 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.577745914 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577764988 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.577776909 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577810049 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577841043 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577866077 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.577872992 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.577884912 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.578221083 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578270912 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578304052 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578331947 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.578336000 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578352928 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.578370094 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578402042 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578434944 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578459978 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.578466892 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578476906 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.578499079 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578530073 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578562021 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578584909 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.578608036 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.578613043 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.578649044 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579258919 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579293013 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579322100 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.579338074 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.579344988 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579377890 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579410076 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579442024 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579468966 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.579473972 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579487085 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.579507113 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579539061 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579571009 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579596043 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.579603910 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579615116 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.579636097 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579672098 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.579730034 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.580153942 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580213070 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.580221891 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580271959 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580303907 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580337048 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580359936 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.580368996 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580382109 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.580403090 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580435038 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580468893 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580492973 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.580501080 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580513000 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.580533981 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580564976 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580599070 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.580620050 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.580642939 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.581187010 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581221104 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581254005 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581286907 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581317902 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581350088 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581352949 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.581382990 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581432104 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.581471920 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581505060 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.581653118 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.797494888 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797595978 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797630072 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797704935 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797756910 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797789097 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797811031 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.797811031 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.797869921 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797919035 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797934055 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.797952890 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.797972918 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.797990084 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798043966 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798074961 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798105001 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798106909 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798125029 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798141003 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798173904 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798233032 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798240900 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798293114 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798300982 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798327923 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798360109 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798393011 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798408031 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798424959 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798438072 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798458099 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798490047 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798522949 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798538923 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798554897 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798562050 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798588991 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798619986 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798654079 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798672915 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798686028 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798738003 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798798084 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798830986 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798852921 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798863888 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798894882 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798928022 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798945904 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798962116 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.798980951 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.798994064 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799025059 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799057007 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799074888 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799098015 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799153090 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799237013 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799284935 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799340963 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799345970 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799377918 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799400091 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799411058 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799443007 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799474955 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799498081 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799506903 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799515963 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799539089 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799570084 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799602985 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799622059 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799634933 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799644947 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799669981 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799701929 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799734116 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799766064 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799771070 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799792051 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799798965 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799830914 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799853086 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799861908 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799894094 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799926996 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799958944 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.799971104 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799971104 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.799993038 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800024986 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800050974 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800059080 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800208092 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800240993 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800272942 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800277948 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800297976 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800307989 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800340891 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800364017 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800374031 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800410986 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800429106 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800446033 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800477982 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800508976 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800517082 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800543070 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800543070 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800575018 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800606966 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800632000 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800638914 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800654888 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800674915 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800708055 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800741911 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800765038 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800775051 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800792933 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800806999 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800838947 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800873041 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.800893068 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.800930977 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801147938 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801197052 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801230907 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801264048 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801285028 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801304102 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801323891 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801337004 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801369905 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801402092 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801434994 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801435947 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801455975 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801465988 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801500082 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801532030 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801558971 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801565886 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801589966 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801598072 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801632881 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801661968 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801665068 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801698923 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801717043 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801731110 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801764011 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801796913 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801821947 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.801830053 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.801839113 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.802010059 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.802043915 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.802076101 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.802093983 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.802108049 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.802124023 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.802141905 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.802175045 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.802206039 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.802253962 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.802253962 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.817203999 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.822146893 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.839579105 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.844455957 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.884922028 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885011911 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885045052 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885077000 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885209084 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.885231972 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885267019 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885274887 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.885299921 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885332108 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885359049 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.885366917 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885379076 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.885396957 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885430098 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885462046 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885487080 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.885495901 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885513067 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.885529995 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885560989 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885591984 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:46.885615110 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:46.885634899 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.018284082 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018338919 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018368006 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018399954 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018441916 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018517971 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018554926 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.018554926 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.018584013 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018631935 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018662930 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.018666983 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018686056 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.018699884 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018733025 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018764019 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018812895 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.018835068 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.018856049 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018891096 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018923998 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018954992 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.018963099 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.018987894 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019021034 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019030094 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019057989 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019123077 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019156933 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019191027 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019222021 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019277096 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019309998 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019335032 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019372940 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019407988 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019439936 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019463062 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019474983 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019500971 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019504070 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019534111 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019553900 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019566059 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019630909 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019675016 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019748926 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019782066 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019814968 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019846916 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019848108 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019881010 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019881964 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019916058 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019934893 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.019949913 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.019982100 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020015955 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020046949 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020047903 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.020080090 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020080090 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.020112991 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020133018 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.020145893 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020178080 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020209074 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020227909 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.020241976 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020272017 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.020276070 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020308018 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020330906 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.020342112 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020374060 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020405054 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020431042 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.020438910 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.020481110 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.026537895 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026571989 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026606083 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026638985 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026654959 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.026705027 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.026736021 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026781082 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026827097 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026843071 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.026859999 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026892900 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.026894093 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026926041 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026947021 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.026958942 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.026992083 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027043104 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027050018 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027097940 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027127028 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027132034 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027164936 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027194023 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027198076 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027304888 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027338028 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027380943 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027414083 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027446032 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027473927 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027496099 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027506113 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027535915 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027538061 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027561903 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027570963 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027604103 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027625084 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027635098 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027669907 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027702093 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027721882 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027734041 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027757883 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027766943 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027800083 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027832985 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027851105 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027867079 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.027888060 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.027899027 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028050900 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028100014 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028110027 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028134108 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028151035 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028166056 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028198957 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028230906 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028247118 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028264046 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028286934 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028295040 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028327942 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028361082 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028378963 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028393984 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028417110 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028425932 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028460026 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028491974 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028523922 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028532028 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028557062 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028569937 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028589010 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028624058 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028644085 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028659105 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028673887 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028692007 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028779030 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028829098 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028831005 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028862953 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028879881 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028896093 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028927088 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028959036 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.028980970 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.028991938 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.029015064 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.029023886 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.029057980 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.029089928 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.029117107 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.029153109 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.105900049 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.105987072 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106036901 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106113911 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106148005 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106179953 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106200933 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106213093 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106272936 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106272936 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106313944 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106347084 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106376886 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106379032 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106410980 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106441975 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106482983 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106528044 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106547117 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106595039 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106628895 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106662989 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106667995 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106695890 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106741905 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106792927 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106826067 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106857061 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106890917 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106903076 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106925011 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106941938 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.106957912 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106990099 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.106995106 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107023001 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107070923 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107095957 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107146025 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107163906 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107177973 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107211113 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107244015 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107275963 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107278109 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107306957 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107321978 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107363939 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107373953 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107398033 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107431889 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107460976 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107464075 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107496977 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107528925 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107561111 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107567072 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107594013 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107608080 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107626915 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107657909 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107660055 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107693911 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107726097 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107731104 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107758999 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107780933 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107790947 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107824087 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107856035 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107892990 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.107894897 CET	4433	61740	192.238.132.117	192.168.2.4
Jan 12, 2025 08:34:47.107935905 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:47.160001040 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:59.707026005 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:34:59.707132101 CET	61740	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:04.707458019 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:04.731669903 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:04.731755972 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:05.612781048 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:05.618050098 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:05.618119001 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:05.618148088 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:05.618175983 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.197236061 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.238060951 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:06.299700022 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:06.304876089 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.304914951 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.304944038 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.304959059 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:06.309801102 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.842073917 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.842122078 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.842158079 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.842191935 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.842201948 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:06.842227936 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.842263937 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.842266083 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:06.842312098 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:06.842453957 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:06.842528105 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:06.847553015 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.847611904 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.847646952 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.847722054 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.847750902 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:06.847778082 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170371056 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170418978 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170456886 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170490026 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170512915 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.170527935 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170555115 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.170835018 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170870066 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170895100 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.170907021 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.170949936 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.171353102 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.171387911 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.171422005 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.171453953 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.171454906 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.171490908 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.171503067 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.172230959 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.172265053 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.172282934 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.172301054 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.172334909 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.172374010 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.212287903 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.404520035 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404570103 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404606104 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404639959 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404675007 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404680967 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.404714108 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.404768944 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404805899 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404839993 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404865980 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.404876947 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404907942 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.404942036 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.404959917 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.405250072 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.405283928 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.405318975 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.405333996 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.405354023 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.405386925 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.405407906 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.405900002 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.405935049 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.405968904 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.405987978 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.406002998 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.406038046 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.406066895 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.406073093 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.406109095 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.406805038 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.406841040 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.406858921 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.406877041 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.406909943 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.406929016 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.406944990 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.406979084 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.407030106 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.407691002 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.407726049 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.407779932 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.494776011 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.534939051 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.627454996 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.627505064 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.627542973 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.627578020 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.627605915 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.627648115 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.627892971 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.627927065 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.627963066 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.627978086 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.627999067 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628034115 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628067017 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628082991 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.628103018 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628134966 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628148079 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.628170013 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628181934 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.628396034 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628428936 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628444910 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.628464937 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628496885 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628514051 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.628530979 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628563881 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628597021 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628612995 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.628629923 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628664017 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.628680944 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.628704071 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.629234076 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629317999 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629353046 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629379034 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.629386902 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629421949 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629453897 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629472017 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.629491091 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629523993 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629539967 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.629559040 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.629570007 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.630260944 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630295038 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630328894 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630347967 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.630361080 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630394936 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630418062 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.630429029 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630441904 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.630465031 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630498886 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630517960 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.630534887 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.630584955 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.631097078 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.631131887 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.631165981 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.631198883 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.631217957 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.631232977 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.631266117 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.631283998 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.631300926 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.631306887 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.631388903 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.631439924 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.631805897 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.675642967 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.850660086 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.850809097 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.850843906 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.850878000 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.850905895 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.850912094 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.850939989 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.850945950 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851015091 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851073980 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851142883 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851177931 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851211071 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851234913 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851247072 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851265907 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851284027 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851341963 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851353884 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851380110 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851414919 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851449013 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851468086 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851484060 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851521969 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851542950 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851555109 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851567030 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851706028 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851741076 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851763964 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851774931 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851809025 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851843119 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851866007 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851876020 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851886034 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851911068 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851944923 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.851972103 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.851979017 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852013111 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852025032 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.852049112 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852082968 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852104902 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.852117062 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852153063 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852169037 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.852464914 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852515936 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852550983 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852571964 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.852583885 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852619886 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852636099 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.852653980 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852675915 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.852691889 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852730989 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852744102 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.852766037 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852799892 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852814913 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.852835894 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852866888 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852900982 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852935076 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.852962017 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.853185892 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853240013 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.853379011 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853413105 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853446960 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853481054 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853496075 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.853516102 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853549957 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853573084 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.853584051 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853593111 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.853619099 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853652954 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853672981 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.853689909 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853724957 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853740931 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.853760004 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853795052 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.853842974 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.854315996 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854351044 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854384899 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854403973 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.854418993 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854424953 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.854454041 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854487896 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854507923 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.854521990 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854556084 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854573965 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.854593039 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.854717970 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.941059113 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941106081 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941142082 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941226006 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.941239119 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941276073 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941310883 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941340923 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.941346884 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941361904 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.941381931 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941442966 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.941467047 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941500902 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941535950 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941565037 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941567898 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.941598892 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941633940 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941656113 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.941668987 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:07.941696882 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:07.988122940 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.073664904 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.073710918 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.073750019 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.073777914 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.073785067 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.073817015 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.073852062 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.073865891 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.073888063 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.073924065 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.073950052 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.073975086 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082004070 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082057953 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082092047 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082115889 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082124949 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082159996 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082191944 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082214117 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082225084 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082233906 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082302094 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082354069 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082386971 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082398891 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082470894 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082519054 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082537889 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082571983 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082583904 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082607031 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082639933 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082654953 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082674026 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082709074 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082751036 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082758904 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082786083 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082818985 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082839966 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082853079 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082860947 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082885981 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082921028 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082940102 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.082953930 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.082987070 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083002090 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083024979 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083058119 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083090067 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083106995 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083123922 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083157063 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083169937 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083190918 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083199024 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083225012 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083259106 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083273888 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083420992 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083455086 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083472013 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083488941 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083520889 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083554029 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083570004 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083589077 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083621025 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083636999 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083655119 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083666086 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083692074 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083726883 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083739996 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083760977 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083796978 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083811045 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083831072 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083863974 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083895922 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083909988 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083930969 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083962917 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.083975077 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.083998919 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.084002972 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.084033012 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.084068060 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.084078074 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.084098101 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.084142923 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.089344025 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.089431047 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.089464903 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.089518070 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.089572906 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.089767933 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.089849949 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.089925051 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.089958906 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.089975119 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.089993000 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090025902 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090059042 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.090122938 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090157986 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090176105 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.090192080 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090250015 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.090327024 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090359926 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090393066 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090409994 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.090590954 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090639114 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.090698004 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090730906 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.090749979 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.090800047 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090833902 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090883017 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.090943098 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.090986013 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091005087 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091028929 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091073036 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091128111 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091136932 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091170073 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091182947 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091219902 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091278076 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091341019 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091414928 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091449976 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091459036 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091499090 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091530085 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091578960 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091650009 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091682911 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091697931 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091718912 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091766119 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091814995 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091892958 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091937065 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091939926 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.091972113 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.091983080 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092015028 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092058897 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092118979 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092153072 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092186928 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092200041 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092226028 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092236996 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092277050 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092310905 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092325926 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092348099 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092380047 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092396975 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092396975 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092415094 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092420101 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092449903 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092461109 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092485905 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092518091 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092545033 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092552900 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092585087 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.092592001 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.092627048 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.097990990 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.106667995 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.111552954 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164248943 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164324045 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164396048 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164422035 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.164431095 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164464951 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164477110 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.164499044 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164556026 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.164589882 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164674044 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164710045 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164719105 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.164745092 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164778948 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164800882 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.164812088 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164845943 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164865017 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.164877892 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164911985 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164933920 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.164946079 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164978981 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.164999962 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.165041924 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165097952 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.165112972 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165148973 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165182114 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165198088 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.165216923 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165249109 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165282011 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165297031 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.165317059 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165338993 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.165349007 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165384054 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165416002 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165421009 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.165451050 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165479898 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.165496111 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.165529966 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.296852112 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297002077 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297060966 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297092915 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297168016 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297218084 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297230005 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297254086 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297308922 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297346115 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297398090 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297430992 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297489882 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297517061 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297569036 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297602892 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297626972 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297676086 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297699928 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297734976 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297766924 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297800064 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297807932 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297833920 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297868013 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297878027 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297900915 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297935009 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.297950029 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.297969103 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298002958 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298019886 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298036098 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298043013 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298070908 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298104048 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298137903 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298160076 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298183918 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298283100 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298335075 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298367023 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298398972 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298415899 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298432112 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298458099 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298468113 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298501015 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298516989 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298533916 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298568964 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298589945 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298602104 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298635006 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298651934 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298670053 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298705101 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298738003 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298752069 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298772097 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298784018 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298818111 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.298870087 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.298971891 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299022913 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299052954 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299086094 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299102068 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299122095 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299154997 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299177885 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299190044 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299223900 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299228907 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299257994 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299284935 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299293041 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299345970 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299357891 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299392939 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299426079 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299443007 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299459934 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299493074 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299509048 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299525976 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299560070 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299592972 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299595118 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299627066 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299664021 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299757957 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299810886 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299832106 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299881935 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299916983 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299933910 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.299951077 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.299983978 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300002098 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300015926 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300050974 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300064087 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300085068 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300117970 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300137997 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300152063 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300185919 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300219059 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300225973 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300251007 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300282955 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300291061 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300317049 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300331116 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300352097 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300384998 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300401926 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300417900 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300451040 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300468922 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300532103 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300565958 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300581932 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300600052 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300633907 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300662994 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300684929 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300698042 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300707102 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300733089 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300765991 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300779104 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300798893 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300831079 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300846100 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300865889 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300899029 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300931931 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.300946951 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.300968885 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301002026 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301002979 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301034927 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301048994 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301069975 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301104069 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301136971 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301147938 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301171064 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301188946 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301204920 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301237106 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301251888 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301270962 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301304102 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301325083 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301337957 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301372051 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301403999 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301414967 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301438093 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301455021 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301471949 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301505089 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301517010 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301538944 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301573038 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301590919 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301608086 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301640987 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301654100 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.301675081 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.301723957 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388236046 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388338089 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388390064 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388396025 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388425112 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388458967 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388511896 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388518095 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388552904 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388586044 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388606071 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388618946 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388632059 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388706923 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388741016 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388765097 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388776064 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388809919 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388828039 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388844967 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388879061 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388911009 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388935089 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388945103 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.388953924 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.388979912 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389014959 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389033079 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.389048100 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389081955 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389098883 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.389115095 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389149904 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389168978 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.389183044 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389215946 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389238119 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.389250040 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389282942 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:08.389302015 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:08.441195011 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:20.581964970 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:20.582056999 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:20.587198973 CET	10443	61741	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:20.587260962 CET	61741	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:25.535689116 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:25.540913105 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:25.541786909 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:26.979897976 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:26.985189915 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:26.985243082 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:26.985270977 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:26.985302925 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:27.339049101 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:27.394398928 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:27.617301941 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:27.622400999 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:27.622437000 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:27.622463942 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:27.622463942 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:27.627969027 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.156847954 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.156897068 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.156933069 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.156966925 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.156974077 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.157002926 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.157036066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.157047987 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.157160044 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.157258987 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.162081957 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.162112951 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.162164927 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.162267923 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.162319899 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.162352085 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479345083 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479489088 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479523897 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479557037 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479557037 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.479590893 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479624987 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479659081 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479660988 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.479684114 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.479696035 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.479744911 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.480288982 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.480323076 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.480357885 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.480375051 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.480391979 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.480746984 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.481173038 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.481206894 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.481240988 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.481275082 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.481290102 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.481869936 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.481920958 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.702413082 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702462912 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702498913 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702533007 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702567101 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702600956 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702625990 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.702626944 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.702747107 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.702826023 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702862024 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702896118 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702910900 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.702930927 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.702965975 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.703018904 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.703237057 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.703270912 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.703305006 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.703332901 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.703366041 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.703399897 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.703413010 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.703434944 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.703483105 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.704251051 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.704286098 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.704319954 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.704339981 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.704353094 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.704386950 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.704420090 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.704435110 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.705226898 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.705260038 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.705276012 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.705296993 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.705332041 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.705343962 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.769494057 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.925435066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925477028 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925533056 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925569057 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925601959 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925636053 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925672054 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925704956 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925774097 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.925775051 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.925795078 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925829887 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925848007 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.925868034 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925895929 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.925940037 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.926021099 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.926276922 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.926311970 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.926347017 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.926381111 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.926414013 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.926424026 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.926448107 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.926482916 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.926537991 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.927005053 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927040100 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927073956 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927100897 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.927108049 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927141905 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927175045 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927180052 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.927208900 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927241087 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927258968 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.927345037 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.927916050 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927952051 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.927987099 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928020000 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928055048 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928088903 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928122997 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928127050 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.928157091 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928172112 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.928190947 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.928265095 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.928852081 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928885937 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928920031 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928952932 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.928956985 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.928987980 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929020882 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929058075 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929065943 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.929092884 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929168940 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.929666996 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929683924 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929699898 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929717064 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929729939 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.929732084 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:28.929754019 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:28.930748940 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.148178101 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148300886 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148332119 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148365974 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148400068 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148432970 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148467064 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148499012 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148539066 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.148539066 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.148539066 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.148539066 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.148617983 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148650885 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148684025 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148749113 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.148802042 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148833990 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148866892 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148894072 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.148900032 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.148932934 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.148935080 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149187088 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149219990 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149244070 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.149251938 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149267912 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.149285078 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149317026 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149348974 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149367094 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.149382114 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149388075 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.149415016 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149450064 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149497986 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.149905920 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149940014 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149974108 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.149991989 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.150006056 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150038958 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150043011 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.150072098 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150105000 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150135994 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150155067 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.150168896 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150202036 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150223017 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.150233984 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150266886 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150300980 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150314093 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.150651932 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150707960 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.150731087 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150801897 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150835037 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150850058 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.150868893 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150903940 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150928020 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.150937080 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150969982 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.150975943 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.151002884 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151035070 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151057005 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.151068926 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151082039 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.151102066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151135921 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151153088 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.151721001 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151755095 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151777983 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.151788950 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151822090 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151842117 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.151854992 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151886940 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151902914 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.151921034 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151952982 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.151985884 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152003050 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.152019024 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152051926 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152085066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152103901 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.152118921 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152390957 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.152585030 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152617931 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152652025 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152683973 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152700901 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.152717113 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152724981 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.152750969 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152786970 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152802944 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.152821064 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152854919 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152872086 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.152888060 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.152945995 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.371548891 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371607065 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371639967 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371673107 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371711969 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.371743917 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371750116 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.371824026 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371875048 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371876955 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.371908903 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371942043 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.371962070 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.371973991 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372006893 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372030973 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372039080 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372072935 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372143030 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372145891 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372195959 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372227907 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372241974 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372263908 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372275114 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372296095 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372328997 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372350931 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372380018 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372415066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372446060 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372468948 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372478962 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372494936 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372512102 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372545958 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372561932 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372699022 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372734070 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372751951 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372773886 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372807026 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372823000 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372839928 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372874022 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372896910 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372906923 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372939110 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.372968912 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.372972012 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373007059 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373023987 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373039961 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373073101 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373105049 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373136997 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373158932 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373158932 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373219013 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373266935 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373270035 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373306036 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373430967 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373434067 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373486042 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373519897 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373534918 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373553991 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373586893 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373619080 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373636007 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373651028 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373683929 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373703957 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373716116 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373749018 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373750925 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373781919 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373816013 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373836994 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373847961 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373862028 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373881102 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373913050 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373924971 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.373945951 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.373979092 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374001026 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374013901 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374069929 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374408007 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374456882 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374490976 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374522924 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374541998 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374556065 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374562025 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374588966 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374620914 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374653101 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374670029 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374685049 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374699116 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374717951 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374752045 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374783993 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374800920 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374818087 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374825954 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374851942 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374886036 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374903917 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.374918938 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374952078 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.374984026 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375011921 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.375016928 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375052929 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.375380039 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375412941 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375447035 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375478029 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375509024 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.375509977 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375543118 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375575066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375607014 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375626087 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.375638962 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375670910 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375705004 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375724077 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.375739098 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375754118 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.375782013 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375813007 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375845909 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375861883 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.375880957 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375914097 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375946045 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.375962019 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.375978947 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376024008 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.376171112 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376204014 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376236916 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376254082 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.376269102 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376301050 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376312971 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.376332998 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376365900 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376398087 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376425982 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.376430035 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376444101 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.376463890 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376497030 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.376513958 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.389301062 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.394146919 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.410896063 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.415792942 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459134102 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459239960 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459306955 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459352016 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.459357023 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459392071 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459424973 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459450006 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.459458113 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459491968 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459523916 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459537029 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.459537029 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.459558010 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.459609032 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.594599009 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.594635010 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.594686985 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.594706059 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.594757080 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.594789982 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.594815016 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.594822884 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.594856977 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.594881058 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.594923973 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.594990969 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595022917 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595037937 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595057011 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595089912 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595115900 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595133066 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595141888 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595175982 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595228910 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595278025 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595326900 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595401049 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595457077 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595493078 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595541000 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595573902 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595591068 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595607042 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595640898 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595658064 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595673084 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595706940 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595721006 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595741034 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595774889 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595787048 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595807076 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595840931 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595863104 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595873117 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595889091 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.595905066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595937014 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.595954895 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596016884 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596051931 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596084118 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596101046 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596116066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596148014 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596151114 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596182108 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596199036 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596215010 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596246958 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596263885 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596281052 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596313000 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596327066 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596347094 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596379995 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596399069 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596411943 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596445084 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596477032 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596477032 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596508980 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596532106 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596543074 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596575022 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596609116 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596625090 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596642971 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596676111 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.596697092 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.596745968 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.601598978 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.601634026 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.601669073 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.601722956 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.601764917 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.601814032 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.601846933 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.601864100 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.601880074 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.601886988 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.601934910 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.601969957 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602004051 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602020979 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602037907 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602070093 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602091074 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602102995 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602135897 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602149010 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602169037 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602200031 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602292061 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602324963 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602344990 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602356911 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602391005 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602407932 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602423906 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602456093 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602473974 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602507114 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602560043 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602592945 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602617979 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602626085 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602634907 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602659941 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602693081 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602722883 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602742910 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602844954 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602876902 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602905989 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602909088 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602922916 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.602942944 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602974892 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.602998018 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603008032 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603040934 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603060961 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603072882 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603107929 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603132963 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603141069 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603176117 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603203058 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603209019 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603241920 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603260040 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603420973 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603471994 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603475094 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603503942 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603535891 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603557110 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603568077 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603600979 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603632927 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603651047 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603666067 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603698015 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603720903 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603732109 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603769064 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603847027 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603882074 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603914976 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603934050 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.603948116 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603980064 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.603998899 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.604012012 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604044914 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604063988 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.604077101 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604109049 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604124069 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.604141951 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604173899 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604192019 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.604207039 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604239941 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604249001 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.604274035 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604306936 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.604324102 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.604374886 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.682598114 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.682699919 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.682751894 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.682766914 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.682802916 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.682837963 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.682854891 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.682950020 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.682984114 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.682998896 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683017969 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683049917 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683063984 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683084011 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683115959 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683129072 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683149099 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683196068 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683249950 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683357954 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683401108 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683406115 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683496952 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683530092 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683557034 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683562994 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683598042 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683609962 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683631897 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683665037 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683674097 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683698893 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683732986 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683747053 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683767080 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683799028 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683811903 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683834076 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683866024 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683880091 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683900118 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683932066 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683948994 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.683965921 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.683998108 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684012890 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684031010 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684065104 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684078932 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684098959 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684132099 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684145927 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684164047 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684195995 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684214115 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684230089 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684262991 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684277058 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684297085 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684329033 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684344053 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684361935 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684393883 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684421062 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684428930 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684462070 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684475899 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684494972 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684526920 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684540033 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684561014 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684595108 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684608936 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684628010 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684659958 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684675932 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684695005 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684727907 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684739113 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684761047 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684793949 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684801102 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684828043 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684860945 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684876919 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684894085 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684926033 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684938908 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.684958935 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.684992075 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.685004950 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.685025930 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.685059071 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.685069084 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:29.685095072 CET	4433	61742	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:29.685142994 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:42.285187960 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:42.285275936 CET	61742	4433	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:47.271001101 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:47.276354074 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:47.276452065 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:48.292141914 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:48.297317982 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:48.297357082 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:48.297384977 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:48.297416925 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:48.898060083 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:48.956927061 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.016315937 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.021358013 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.021389008 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.021414995 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.021455050 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.026345015 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.557315111 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.557362080 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.557399035 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.557434082 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.557440042 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.557471037 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.557518959 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.557631016 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.557826042 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.562576056 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.562607050 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.562635899 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.562848091 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.562875986 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.562903881 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.888406038 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.888580084 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.888614893 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.888648033 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.888672113 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.888679981 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.888714075 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.888745070 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.888750076 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.888813019 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.889094114 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.889148951 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.889184952 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.889296055 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.889344931 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.889359951 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.889380932 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.889413118 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.889446020 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.889477968 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.889514923 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.890157938 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.890192032 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.890810013 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.893591881 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.893626928 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.893660069 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:49.893692970 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:49.941297054 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.112303019 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112340927 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112375021 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112407923 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112430096 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.112440109 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112473965 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112498045 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.112509966 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112555027 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.112616062 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112648964 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112679005 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.112765074 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112804890 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112859011 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.112879038 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.112916946 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.113159895 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.113193989 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.113228083 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.113256931 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.113260984 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.113296032 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.113326073 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.113328934 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.113365889 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.113428116 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.114047050 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114080906 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114111900 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114145994 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114161015 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.114180088 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114181995 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.114214897 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114248037 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114264965 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.114281893 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114311934 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.114886045 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114918947 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114953041 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114986897 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.114998102 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.115016937 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.115022898 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.115056992 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.115092039 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.115112066 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.115128994 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.115145922 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.160053968 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335134029 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335202932 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335239887 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335273027 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335306883 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335329056 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335393906 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335406065 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335432053 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335468054 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335503101 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335516930 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335537910 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335572958 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335573912 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335608959 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335618973 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335644007 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335661888 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335680962 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335716009 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335747957 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335779905 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335787058 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335817099 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.335824966 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.335877895 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.336030006 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336066008 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336100101 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336128950 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.336133003 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336169004 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336200953 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.336201906 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336239100 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336271048 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336302042 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.336306095 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336338997 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.336342096 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336395979 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.336936951 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.336971998 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337004900 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337037086 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337070942 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337069988 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.337109089 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337111950 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.337142944 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337167025 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.337177038 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337210894 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337244034 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337275028 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.337276936 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337313890 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.337821007 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337855101 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337888956 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337920904 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337920904 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.337954998 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.337960005 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.337990046 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338011026 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.338025093 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338057041 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338085890 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.338090897 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338126898 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338159084 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.338160992 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338219881 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.338702917 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338738918 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338777065 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338809967 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338843107 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338845968 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.338877916 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338879108 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.338915110 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.338936090 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.394470930 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.424381971 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.424432039 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.424468040 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.424501896 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.424529076 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.424537897 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.424552917 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.424575090 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.424609900 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.424645901 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.424665928 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.424706936 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558096886 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558197975 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558233976 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558321953 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558343887 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558404922 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558439970 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558442116 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558479071 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558506966 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558512926 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558548927 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558603048 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558613062 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558638096 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558662891 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558739901 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558779001 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558811903 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558841944 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558845043 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558881044 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558887959 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558916092 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558936119 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.558950901 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.558984995 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559012890 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559016943 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559051037 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559083939 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559111118 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559118032 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559149027 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559149981 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559170008 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559185982 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559201002 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559216022 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559216976 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559232950 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559247971 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559256077 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559267044 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559277058 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559282064 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559300900 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559348106 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559412003 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559427977 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559442997 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559457064 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559472084 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559487104 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559495926 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559524059 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559530020 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559540987 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559552908 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559559107 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559575081 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559592009 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559596062 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559607983 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559623957 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559629917 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559639931 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559653044 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559658051 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559675932 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559690952 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.559710026 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.559752941 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.560422897 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560440063 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560456038 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560470104 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560484886 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560499907 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560516119 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560517073 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.560537100 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560549021 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.560554981 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560570955 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.560571909 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560589075 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560604095 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560620070 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560630083 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.560636044 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560653925 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560668945 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560678005 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.560686111 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.560700893 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.560748100 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.561400890 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561418056 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561431885 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561445951 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561461926 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561477900 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561481953 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.561495066 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561510086 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561525106 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561526060 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.561541080 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561558008 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561573029 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561575890 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.561589003 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561604977 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561614990 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.561620951 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561635971 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.561636925 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561655045 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.561665058 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.561685085 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.562319040 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562335014 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562350988 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562365055 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562380075 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562387943 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.562396049 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562412977 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562427044 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.562428951 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562446117 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562460899 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562475920 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.562477112 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562494040 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562509060 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562517881 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.562525034 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562536955 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.562542915 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562560081 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562560081 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.562577009 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.562602997 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.562645912 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.563199997 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.563216925 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.563232899 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.563247919 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.563276052 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.563308001 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781024933 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781116009 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781198978 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781213045 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781254053 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781290054 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781322956 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781353951 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781356096 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781385899 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781394958 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781419039 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781445980 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781505108 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781558990 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781563997 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781610966 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781651974 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781707048 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781725883 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781759024 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781781912 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781794071 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781829119 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781863928 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.781891108 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781928062 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.781969070 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782103062 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782135010 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782166958 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782197952 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782207012 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782232046 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782244921 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782263994 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782280922 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782298088 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782330990 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782362938 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782362938 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782396078 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782428980 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782449961 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782460928 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782488108 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782495022 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782522917 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782556057 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782579899 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782593012 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782608986 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782629013 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782661915 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782694101 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782715082 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782727003 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782753944 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782761097 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782803059 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782834053 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782860041 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782867908 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782888889 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782901049 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782933950 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782965899 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.782985926 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.782999992 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783026934 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.783034086 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783067942 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783093929 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.783101082 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783134937 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783169031 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783188105 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.783202887 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783224106 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.783235073 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783268929 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783302069 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.783346891 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.783369064 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.788723946 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.788882017 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.788913965 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.788954020 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789011002 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789069891 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789098978 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789199114 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789247036 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789280891 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789313078 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789314985 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789355040 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789367914 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789410114 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789441109 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789475918 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789573908 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789608002 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789629936 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789639950 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789664984 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789674997 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789707899 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789741039 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789766073 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789774895 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789808035 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789809942 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789843082 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789875031 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789897919 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789906979 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789921045 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789942026 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.789942980 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789974928 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.789975882 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790004015 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790009022 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790028095 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790044069 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790057898 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790096998 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790155888 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790206909 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790220022 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790241003 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790268898 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790273905 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790309906 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790313959 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790343046 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790358067 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790379047 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790381908 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790405989 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790411949 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790426970 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790446043 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790479898 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790512085 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790513992 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790545940 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790554047 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790579081 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790596008 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790611982 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790621042 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790644884 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790646076 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790667057 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790678978 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790704012 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790712118 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790733099 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790745974 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790782928 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790801048 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790816069 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790844917 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790849924 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790884018 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790885925 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790906906 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790918112 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790947914 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790950060 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.790973902 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.790982962 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.791004896 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.791017056 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.791052103 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.791079044 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.791084051 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.791116953 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.791117907 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.791152954 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.791157007 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.791181087 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.791210890 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.796186924 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.804763079 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.809611082 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870448112 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870556116 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870608091 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870641947 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870670080 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.870675087 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870707989 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870733976 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.870752096 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870839119 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.870847940 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870883942 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870917082 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870923996 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.870951891 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.870985031 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871017933 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871018887 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871047974 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871064901 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871083021 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871109962 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871145010 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871203899 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871259928 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871289015 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871349096 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871438026 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871490955 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871531963 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871565104 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871593952 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871597052 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871629953 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871632099 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871665955 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871699095 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871720076 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871751070 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871786118 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871787071 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871819973 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871869087 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871912003 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871963978 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.871970892 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.871999979 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872033119 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872066021 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872092009 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872098923 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872134924 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872136116 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872169971 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872203112 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872205973 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872235060 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872256994 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872270107 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872303009 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872334003 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872364044 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872366905 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872400999 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872401953 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872436047 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872462988 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872469902 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872503042 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872535944 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872562885 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872569084 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872601986 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872602940 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872637033 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872661114 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872669935 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872704983 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872739077 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872766018 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872771978 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872813940 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872816086 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872845888 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872880936 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872910976 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872914076 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872944117 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.872947931 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.872982025 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873004913 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.873017073 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873049021 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873081923 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873111010 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.873115063 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873147964 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873155117 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.873182058 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873205900 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.873215914 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873249054 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873284101 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:50.873311043 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:50.873347998 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.004344940 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004396915 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004482985 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.004496098 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004532099 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004585981 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.004607916 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004659891 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004693031 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004725933 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004791975 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004818916 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.004870892 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004904985 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004939079 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004954100 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.004973888 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.004990101 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005008936 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005054951 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005089998 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005125999 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005155087 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005220890 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005285978 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005321026 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005345106 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005353928 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005388021 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005395889 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005422115 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005456924 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005490065 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005500078 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005523920 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005537987 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005558968 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005592108 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005625010 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005637884 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005660057 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005673885 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005693913 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005728006 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005759954 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005770922 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005798101 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005808115 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005831957 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005865097 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005897999 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005912066 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005930901 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005945921 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.005964041 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.005996943 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006028891 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006042004 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006062984 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006077051 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006095886 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006129026 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006160975 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006172895 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006196976 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006207943 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006230116 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006263971 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006290913 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006308079 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006325006 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006341934 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006357908 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006392002 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006424904 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006434917 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006459951 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006469965 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006494999 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006527901 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006561041 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006572008 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006594896 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006611109 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006628990 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006661892 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006695032 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006704092 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006728888 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006747007 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:35:51.006766081 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006797075 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:35:51.006841898 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:36:03.566396952 CET	61743	10443	192.168.2.4	192.238.132.117
Jan 12, 2025 08:36:03.571675062 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:36:03.886297941 CET	10443	61743	192.238.132.117	192.168.2.4
Jan 12, 2025 08:36:03.941458941 CET	61743	10443	192.168.2.4	192.238.132.117

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2025 08:32:05.596870899 CET	50348	53	192.168.2.4	1.1.1.1
Jan 12, 2025 08:32:06.097454071 CET	53	50348	1.1.1.1	192.168.2.4
Jan 12, 2025 08:32:19.900764942 CET	53	56798	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 12, 2025 08:32:05.596870899 CET	192.168.2.4	1.1.1.1	0x5167	Standard query (0)	huazai789.top	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 12, 2025 08:32:06.097454071 CET	1.1.1.1	192.168.2.4	0x5167	No error (0)	huazai789.top		192.238.132.117	A (IP address)	IN (0x0001)	false

Target ID:	0
Start time:	02:31:58
Start date:	12/01/2025
Path:	C:\Users\user\Desktop\A74lw30K2g.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\A74lw30K2g.exe"
Imagebase:	0x7ff6297d0000
File size:	389'632 bytes
MD5 hash:	80EFE3FA59592AB4D895DB396CED8D10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	8.8%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	39%
Total number of Nodes:	1184
Total number of Limit Nodes:	43

Executed Functions

Function 00007FF6297D62F0 Relevance: 193.3, APIs: 81, Strings: 29, Instructions: 845
registrystringprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

gethostname.WS2_32 ref: 00007FF6297D6394
gethostbyname.WS2_32 ref: 00007FF6297D639E
inet_ntoa.WS2_32 ref: 00007FF6297D63BB
inet_ntoa.WS2_32 ref: 00007FF6297D640B
MultiByteToWideChar.KERNEL32 ref: 00007FF6297D6469
MultiByteToWideChar.KERNEL32 ref: 00007FF6297D648D
GetLastInputInfo.USER32 ref: 00007FF6297D64A5
GetTickCount.KERNEL32 ref: 00007FF6297D64AB
wsprintfW.USER32 ref: 00007FF6297D64DE
MultiByteToWideChar.KERNEL32 ref: 00007FF6297D651F
LoadLibraryW.KERNEL32 ref: 00007FF6297D652C
GetProcAddress.KERNEL32 ref: 00007FF6297D6548
RegOpenKeyExW.KERNEL32 ref: 00007FF6297D65ED
RegQueryValueExW.KERNEL32 ref: 00007FF6297D6618
RegCloseKey.KERNEL32 ref: 00007FF6297D6645
FreeLibrary.KERNEL32 ref: 00007FF6297D6656
GetSystemInfo.KERNEL32 ref: 00007FF6297D666F
wsprintfW.USER32 ref: 00007FF6297D6687
GetDriveTypeW.KERNEL32 ref: 00007FF6297D66B6
GetDiskFreeSpaceExW.KERNEL32 ref: 00007FF6297D66D9
GlobalMemoryStatusEx.KERNEL32 ref: 00007FF6297D671D
GetForegroundWindow.USER32 ref: 00007FF6297D6799
GetWindowTextW.USER32 ref: 00007FF6297D67B4
lstrlenW.KERNEL32 ref: 00007FF6297D67C4
GetLocalTime.KERNEL32 ref: 00007FF6297D6803
wsprintfW.USER32 ref: 00007FF6297D681D
MultiByteToWideChar.KERNEL32 ref: 00007FF6297D64FB

Part of subcall function 00007FF6297F87A0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F87C6

lstrlenW.KERNEL32 ref: 00007FF6297D6845
GetModuleHandleW.KERNEL32 ref: 00007FF6297D688E
GetProcAddress.KERNEL32 ref: 00007FF6297D689E
GetNativeSystemInfo.KERNEL32 ref: 00007FF6297D68AD
GetSystemInfo.KERNEL32 ref: 00007FF6297D68B1
wsprintfW.USER32 ref: 00007FF6297D68F8
GetCurrentProcessId.KERNEL32 ref: 00007FF6297D690D
OpenProcess.KERNEL32 ref: 00007FF6297D692B
K32GetProcessImageFileNameW.KERNEL32 ref: 00007FF6297D694D
GetLogicalDriveStringsW.KERNEL32 ref: 00007FF6297D6967
lstrcmpiW.KERNEL32 ref: 00007FF6297D69A8
lstrcmpiW.KERNEL32 ref: 00007FF6297D69BC
QueryDosDeviceW.KERNEL32 ref: 00007FF6297D69F6

Part of subcall function 00007FF6297EDE98: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297EDEC8
Part of subcall function 00007FF6297EDE98: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297EDECE

Part of subcall function 00007FF6297D91A0: GetModuleHandleW.KERNEL32 ref: 00007FF6297D91BD
Part of subcall function 00007FF6297D91A0: GetProcAddress.KERNEL32 ref: 00007FF6297D91CD
Part of subcall function 00007FF6297D91A0: GetNativeSystemInfo.KERNEL32 ref: 00007FF6297D91DD

lstrlenW.KERNEL32 ref: 00007FF6297D6A07
lstrcpyW.KERNEL32 ref: 00007FF6297D6A48
CloseHandle.KERNEL32 ref: 00007FF6297D6A51
CoInitializeEx.COMBASE ref: 00007FF6297D6A62
CoCreateInstance.COMBASE ref: 00007FF6297D6A87
SysFreeString.OLEAUT32 ref: 00007FF6297D6B3C
CoUninitialize.OLE32 ref: 00007FF6297D6B7E
RegOpenKeyExW.KERNEL32 ref: 00007FF6297D6BE7
RegQueryInfoKeyW.ADVAPI32 ref: 00007FF6297D6C47
RegEnumKeyExW.ADVAPI32 ref: 00007FF6297D6CDF
lstrlenW.KERNEL32 ref: 00007FF6297D6CEC
lstrlenW.KERNEL32 ref: 00007FF6297D6CFE
RegCloseKey.ADVAPI32 ref: 00007FF6297D6D4C
lstrlenW.KERNEL32 ref: 00007FF6297D6D59

Part of subcall function 00007FF6297F9248: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F927B

Part of subcall function 00007FF6297D79E0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297D7A6B
Part of subcall function 00007FF6297D79E0: Process32FirstW.KERNEL32 ref: 00007FF6297D7A88
Part of subcall function 00007FF6297D79E0: Process32NextW.KERNEL32 ref: 00007FF6297D7AC3
Part of subcall function 00007FF6297D79E0: CloseHandle.KERNEL32 ref: 00007FF6297D7AD0
Part of subcall function 00007FF6297D79E0: CoCreateInstance.COMBASE ref: 00007FF6297D7B1F

GetTickCount.KERNEL32 ref: 00007FF6297D6DA1

Part of subcall function 00007FF6297F8B9C: GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6297F8BB0

wsprintfW.USER32 ref: 00007FF6297D6E19
GetLocaleInfoW.KERNEL32 ref: 00007FF6297D6E36
GetSystemDirectoryW.KERNEL32 ref: 00007FF6297D6E48
GetCurrentHwProfileW.ADVAPI32 ref: 00007FF6297D6E5C
lstrlenW.KERNEL32 ref: 00007FF6297D6EDB
GetLocalTime.KERNEL32 ref: 00007FF6297D6F17
wsprintfW.USER32 ref: 00007FF6297D6F31
RegOpenKeyExW.KERNEL32 ref: 00007FF6297D6F56
RegDeleteValueW.KERNEL32 ref: 00007FF6297D6F6A
RegCloseKey.ADVAPI32 ref: 00007FF6297D6F77
RegCreateKeyW.ADVAPI32 ref: 00007FF6297D6F8E
lstrlenW.KERNEL32 ref: 00007FF6297D6F9B
RegSetValueExW.KERNEL32 ref: 00007FF6297D6FC3
RegCloseKey.ADVAPI32 ref: 00007FF6297D6FD4
RegCloseKey.ADVAPI32 ref: 00007FF6297D6FE1
CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297D6FEE
Process32FirstW.KERNEL32 ref: 00007FF6297D7029
Process32NextW.KERNEL32 ref: 00007FF6297D707E
CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297D7098
Process32FirstW.KERNEL32 ref: 00007FF6297D70D3
Process32NextW.KERNEL32 ref: 00007FF6297D712E
CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297D7148
Process32FirstW.KERNEL32 ref: 00007FF6297D7183
Process32NextW.KERNEL32 ref: 00007FF6297D71DA

Strings

9b5db265-7770-4834-9125-526b4323e01f, xrefs: 00007FF6297D6352
%d min, xrefs: 00007FF6297D64D7
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF6297D65C5
B:\, xrefs: 00007FF6297D69B2
%sFree%d Gb , xrefs: 00007FF6297D676E
Software, xrefs: 00007FF6297D67D1
WeChat.exe, xrefs: 00007FF6297D70DD
RtlGetNtVersionNumbers, xrefs: 00007FF6297D653E
Software\Tencent\Plugin\VAS, xrefs: 00007FF6297D6BD9
ProductName, xrefs: 00007FF6297D65FF
VenNetwork, xrefs: 00007FF6297D67E0
HDD:%d, xrefs: 00007FF6297D6727
X64 %s, xrefs: 00007FF6297D68EA
Network, xrefs: 00007FF6297D6EF0
kernel32.dll, xrefs: 00007FF6297D687B
%d.%d.%d, xrefs: 00007FF6297D657D
x86, xrefs: 00007FF6297D68DF
VenREMARK, xrefs: 00007FF6297D684B
GetNativeSystemInfo, xrefs: 00007FF6297D6897
VenGROUP, xrefs: 00007FF6297D67EB
Telegram.exe, xrefs: 00007FF6297D718D
x64, xrefs: 00007FF6297D68D8
%d.%d, xrefs: 00007FF6297D680E, 00007FF6297D6F22
ntdll.dll, xrefs: 00007FF6297D6525
INSTALLTIME, xrefs: 00007FF6297D6EF7, 00007FF6297D6F63, 00007FF6297D6FA8
WxWork.exe, xrefs: 00007FF6297D7033
A:\, xrefs: 00007FF6297D699A
AppEvents, xrefs: 00007FF6297D6EE1
FriendlyName, xrefs: 00007FF6297D6B22

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Process32lstrlen$CloseCreateInfo$Systemwsprintf$ByteCharFirstHandleMultiNextOpenSnapshotTimeToolhelp32Wide$AddressFreeProcProcessQueryValue$Concurrency::cancel_current_taskCountCurrentDriveFileInstanceLibraryLocalModuleNativeTickWindow_invalid_parameter_noinfoinet_ntoalstrcmpi$DeleteDeviceDirectoryDiskEnumForegroundGlobalImageInitializeInputLastLoadLocaleLogicalMemoryNameProfileSpaceStatusStringStringsTextTypeUninitializegethostbynamegethostnamelstrcpy
String ID: %d min$%d.%d$%d.%d.%d$%sFree%d Gb $9b5db265-7770-4834-9125-526b4323e01f$A:\$AppEvents$B:\$FriendlyName$GetNativeSystemInfo$HDD:%d$INSTALLTIME$Network$ProductName$RtlGetNtVersionNumbers$SOFTWARE\Microsoft\Windows NT\CurrentVersion$Software$Software\Tencent\Plugin\VAS$Telegram.exe$VenGROUP$VenNetwork$VenREMARK$WeChat.exe$WxWork.exe$X64 %s$kernel32.dll$ntdll.dll$x64$x86
API String ID: 4136965836-1406015123
Opcode ID: 2ddc40a1924fd65b20fbacfc896f38d1c8af44059fc11dcb60be5f4691cfa860
Instruction ID: 2009d0bf13d7514b13368a146c02d490ba620e50fe765a152c349a6372b07a8a
Opcode Fuzzy Hash: 2ddc40a1924fd65b20fbacfc896f38d1c8af44059fc11dcb60be5f4691cfa860
Instruction Fuzzy Hash: 66927232A09A8286EF20DF25DC446E93360FBC5B98F848532DA5E877A4EF3CD645D711

Function 00007FF6297EB500 Relevance: 103.7, APIs: 41, Strings: 18, Instructions: 406
registrylibrarysleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SleepEx.KERNEL32 ref: 00007FF6297EB531
CloseHandle.KERNEL32 ref: 00007FF6297EB56D
GetCurrentProcess.KERNEL32 ref: 00007FF6297EB580
OpenProcessToken.ADVAPI32 ref: 00007FF6297EB595
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6297EB5B5
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6297EB5E1
CloseHandle.KERNEL32 ref: 00007FF6297EB5EE
GetModuleHandleA.KERNEL32 ref: 00007FF6297EB5FB
GetProcAddress.KERNEL32 ref: 00007FF6297EB60B
GetCurrentProcessId.KERNEL32 ref: 00007FF6297EB623
OpenProcess.KERNEL32 ref: 00007FF6297EB632
GetLocalTime.KERNEL32 ref: 00007FF6297EB654
wsprintfW.USER32 ref: 00007FF6297EB69A
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6297EB6A7
CloseHandle.KERNEL32 ref: 00007FF6297EB6CD
AllocateAndInitializeSid.ADVAPI32 ref: 00007FF6297EB751
CheckTokenMembership.KERNELBASE ref: 00007FF6297EB76B

Part of subcall function 00007FF6297F8940: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F896B

FreeSid.ADVAPI32 ref: 00007FF6297EB783
RegOpenKeyExW.KERNEL32 ref: 00007FF6297EB7B5
RegDeleteValueW.KERNEL32 ref: 00007FF6297EB7C9
RegSetValueExW.KERNEL32 ref: 00007FF6297EB7FA
RegCloseKey.ADVAPI32 ref: 00007FF6297EB807
SleepEx.KERNEL32 ref: 00007FF6297EB923
CreateEventA.KERNEL32 ref: 00007FF6297EB99F

Part of subcall function 00007FF6297F87A0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F87C6

Part of subcall function 00007FF6297D62F0: gethostname.WS2_32 ref: 00007FF6297D6394
Part of subcall function 00007FF6297D62F0: gethostbyname.WS2_32 ref: 00007FF6297D639E
Part of subcall function 00007FF6297D62F0: inet_ntoa.WS2_32 ref: 00007FF6297D63BB
Part of subcall function 00007FF6297D62F0: inet_ntoa.WS2_32 ref: 00007FF6297D640B
Part of subcall function 00007FF6297D62F0: MultiByteToWideChar.KERNEL32 ref: 00007FF6297D6469
Part of subcall function 00007FF6297D62F0: MultiByteToWideChar.KERNEL32 ref: 00007FF6297D648D

Sleep.KERNEL32 ref: 00007FF6297EBA41
Sleep.KERNEL32 ref: 00007FF6297EBA77
CloseHandle.KERNEL32 ref: 00007FF6297EBADE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297EBAE9
IsDebuggerPresent.KERNEL32 ref: 00007FF6297EBAFC
LoadLibraryW.KERNEL32 ref: 00007FF6297EBB28
GetProcAddress.KERNEL32 ref: 00007FF6297EBB52
FreeLibrary.KERNEL32 ref: 00007FF6297EBB63

Strings

huazai789.top, xrefs: 00007FF6297EB825, 00007FF6297EB8C2, 00007FF6297EB942, 00007FF6297EB9D1
MiniDumpWriteDump, xrefs: 00007FF6297EBB40
SeDebugPrivilege, xrefs: 00007FF6297EB5AC
%s-%04d%02d%02d-%02d%02d%02d.dmp, xrefs: 00007FF6297EBBD2
10443, xrefs: 00007FF6297EB86D
10443, xrefs: 00007FF6297EB84D, 00007FF6297EB879, 00007FF6297EB8DA, 00007FF6297EB933, 00007FF6297EB967
huazai789.top, xrefs: 00007FF6297EB8B6
!analyze -v, xrefs: 00007FF6297EBBDE
SOFTWARE, xrefs: 00007FF6297EB7A7
DbgHelp.dll, xrefs: 00007FF6297EBB19
huazai789.top, xrefs: 00007FF6297EB835
4433, xrefs: 00007FF6297EB841
VenkernalData_info, xrefs: 00007FF6297EB7BB, 00007FF6297EB7EC
loginconfig, xrefs: 00007FF6297EB7D7
NtDll.dll, xrefs: 00007FF6297EB5F4
huazai789.top, xrefs: 00007FF6297EB861
%4d.%2d.%2d-%2d:%2d:%2d, xrefs: 00007FF6297EB68C
NtSetInformationProcess, xrefs: 00007FF6297EB604

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CloseHandle$ProcessSleep$OpenTokenValue$AddressByteCharCurrentFreeLibraryMultiProcWide_invalid_parameter_noinfoinet_ntoa$AdjustAllocateCheckCreateDebuggerDeleteEventExceptionFilterInitializeLoadLocalLookupMembershipModulePresentPrivilegePrivilegesTimeUnhandled_invalid_parameter_noinfo_noreturngethostbynamegethostnamewsprintf
String ID: !analyze -v$%4d.%2d.%2d-%2d:%2d:%2d$%s-%04d%02d%02d-%02d%02d%02d.dmp$10443$10443$4433$DbgHelp.dll$MiniDumpWriteDump$NtDll.dll$NtSetInformationProcess$SOFTWARE$SeDebugPrivilege$VenkernalData_info$huazai789.top$huazai789.top$huazai789.top$huazai789.top$loginconfig
API String ID: 905065789-687188468
Opcode ID: c019dc0e360b6e64028bcd0e4b6b1f282aa0814bb9dbeae3b87a1a61d9282837
Instruction ID: 49b456b1722a512f3351d31c11cb082958380bf12acc6e5f62fc1e779b93da92
Opcode Fuzzy Hash: c019dc0e360b6e64028bcd0e4b6b1f282aa0814bb9dbeae3b87a1a61d9282837
Instruction Fuzzy Hash: 6E226072A09B8286EF20DF21EC402A977A5FFC5B94F444535DA8D87AA4DF3CE145E702

Function 00007FF6297DF410 Relevance: 81.0, APIs: 35, Strings: 11, Instructions: 532
registryprocessfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetLastInputInfo.USER32 ref: 00007FF6297DF45C
GetTickCount.KERNEL32 ref: 00007FF6297DF462
wsprintfW.USER32 ref: 00007FF6297DF490
GetForegroundWindow.USER32 ref: 00007FF6297DF496
GetWindowTextW.USER32 ref: 00007FF6297DF4AE
CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297DF4C3
Process32FirstW.KERNEL32 ref: 00007FF6297DF4F7
Process32NextW.KERNEL32 ref: 00007FF6297DF54B
CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297DF565
Process32FirstW.KERNEL32 ref: 00007FF6297DF59F
Process32NextW.KERNEL32 ref: 00007FF6297DF5EE
CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297DF608
Process32FirstW.KERNEL32 ref: 00007FF6297DF642
Process32NextW.KERNEL32 ref: 00007FF6297DF69E
RegOpenKeyExW.ADVAPI32 ref: 00007FF6297DF6EC
RegQueryValueExW.KERNEL32 ref: 00007FF6297DF71F
RegQueryValueExW.KERNEL32 ref: 00007FF6297DF783
RegCloseKey.ADVAPI32 ref: 00007FF6297DF90D
RegOpenKeyExW.ADVAPI32 ref: 00007FF6297DF943
RegQueryValueExW.KERNEL32 ref: 00007FF6297DF976
RegQueryValueExW.ADVAPI32 ref: 00007FF6297DF9D5
RegCloseKey.ADVAPI32 ref: 00007FF6297DF9EC
RegOpenKeyExW.ADVAPI32 ref: 00007FF6297DFA22
RegQueryValueExW.KERNEL32 ref: 00007FF6297DFA55
RegCloseKey.ADVAPI32 ref: 00007FF6297DFACB

Part of subcall function 00007FF6297EDE98: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297EDEC8
Part of subcall function 00007FF6297EDE98: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297EDECE

RegQueryValueExW.ADVAPI32 ref: 00007FF6297DFAB4
SHGetFolderPathW.SHELL32 ref: 00007FF6297DFAEF
lstrcatW.KERNEL32 ref: 00007FF6297DFB03
CreateFileW.KERNEL32 ref: 00007FF6297DFB34
lstrlenW.KERNEL32 ref: 00007FF6297DFB44
WriteFile.KERNEL32 ref: 00007FF6297DFB61
CloseHandle.KERNEL32 ref: 00007FF6297DFB6A
FindFirstFileW.KERNEL32 ref: 00007FF6297DFB7E
FindClose.KERNEL32 ref: 00007FF6297DFB94
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297DFCFE

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 00007FF6297DF935, 00007FF6297DFA14
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, xrefs: 00007FF6297DF6B1
Telegram.exe, xrefs: 00007FF6297DF64C
Startup, xrefs: 00007FF6297DF718, 00007FF6297DF77C
WeChat.exe, xrefs: 00007FF6297DF5A9
%d min, xrefs: 00007FF6297DF489
\kernelquick.sys, xrefs: 00007FF6297DFAF5
WXWork.exe, xrefs: 00007FF6297DF501
C:\ProgramData\Mylnk, xrefs: 00007FF6297DF896
C:\Users, xrefs: 00007FF6297DF812
OpenAi_Service, xrefs: 00007FF6297DF96F, 00007FF6297DF9CE, 00007FF6297DFA4E, 00007FF6297DFAAD

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Process32QueryValue$Close$CreateFirst$FileNextOpenSnapshotToolhelp32$Concurrency::cancel_current_taskFindWindow$CountFolderForegroundHandleInfoInputLastPathTextTickWrite_invalid_parameter_noinfo_noreturnlstrcatlstrlenwsprintf
String ID: %d min$C:\ProgramData\Mylnk$C:\Users$OpenAi_Service$SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders$SOFTWARE\Microsoft\Windows\CurrentVersion\Run$Startup$Telegram.exe$WXWork.exe$WeChat.exe$\kernelquick.sys
API String ID: 3029130142-1423135667
Opcode ID: cd40ed56a906d75ba6bdc4be580731d37d28795f89819925eba70c9b472de1ca
Instruction ID: b557bf54490ddab7372b563ac34deccc8ba07bf4527244de3cbbdf96bafcb493
Opcode Fuzzy Hash: cd40ed56a906d75ba6bdc4be580731d37d28795f89819925eba70c9b472de1ca
Instruction Fuzzy Hash: 8132B122A19A8285EF60CF25EC046BD77A0FBC9B84F848136DA5D87794EF3CE644D711

Function 00007FF6297EAD80 Relevance: 75.8, APIs: 27, Strings: 16, Instructions: 529stringregistryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32 ref: 00007FF6297EADB5
RegQueryValueExW.KERNEL32 ref: 00007FF6297EADE6
RegQueryValueExW.ADVAPI32 ref: 00007FF6297EAE45
lstrlenW.KERNEL32 ref: 00007FF6297EAE52
lstrlenW.KERNEL32 ref: 00007FF6297EAE73
lstrlenW.KERNEL32 ref: 00007FF6297EAE86
lstrlenW.KERNEL32 ref: 00007FF6297EAF1F
lstrlenW.KERNEL32 ref: 00007FF6297EAF40
lstrlenW.KERNEL32 ref: 00007FF6297EAF53
lstrlenW.KERNEL32 ref: 00007FF6297EAFEB
lstrlenW.KERNEL32 ref: 00007FF6297EAFFE
lstrlenW.KERNEL32 ref: 00007FF6297EB081
lstrlenW.KERNEL32 ref: 00007FF6297EB0A2
lstrlenW.KERNEL32 ref: 00007FF6297EB0B5
lstrlenW.KERNEL32 ref: 00007FF6297EB14F
lstrlenW.KERNEL32 ref: 00007FF6297EB170
lstrlenW.KERNEL32 ref: 00007FF6297EB183
lstrlenW.KERNEL32 ref: 00007FF6297EB21B
lstrlenW.KERNEL32 ref: 00007FF6297EB22E
lstrlenW.KERNEL32 ref: 00007FF6297EB2B1
lstrlenW.KERNEL32 ref: 00007FF6297EB2D2
lstrlenW.KERNEL32 ref: 00007FF6297EB2E5
lstrlenW.KERNEL32 ref: 00007FF6297EB37F
lstrlenW.KERNEL32 ref: 00007FF6297EB3A0
lstrlenW.KERNEL32 ref: 00007FF6297EB3B3
lstrlenW.KERNEL32 ref: 00007FF6297EB44B
lstrlenW.KERNEL32 ref: 00007FF6297EB45E

Strings

t3:, xrefs: 00007FF6297EB451
10443, xrefs: 00007FF6297EB148, 00007FF6297EB157, 00007FF6297EB209
o1:, xrefs: 00007FF6297EAF46
o3:, xrefs: 00007FF6297EB3A6
o2:, xrefs: 00007FF6297EB176
Vendata, xrefs: 00007FF6297EADDF, 00007FF6297EAE3E
huazai789.top, xrefs: 00007FF6297EB2AA, 00007FF6297EB2B9, 00007FF6297EB369
huazai789.top, xrefs: 00007FF6297EAE4B, 00007FF6297EAE5A, 00007FF6297EAF09
4433, xrefs: 00007FF6297EAF18, 00007FF6297EAF27, 00007FF6297EAFD9
p3:, xrefs: 00007FF6297EB2D8
Console, xrefs: 00007FF6297EADA7
t1:, xrefs: 00007FF6297EAFF1
p1:, xrefs: 00007FF6297EAE79
t2:, xrefs: 00007FF6297EB221
huazai789.top, xrefs: 00007FF6297EB07A, 00007FF6297EB089, 00007FF6297EB139
p2:, xrefs: 00007FF6297EB0A8

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: lstrlen$QueryValue$Open
String ID: 10443$4433$Console$Vendata$huazai789.top$huazai789.top$huazai789.top$o1:$o2:$o3:$p1:$p2:$p3:$t1:$t2:$t3:
API String ID: 1772312705-3685074344
Opcode ID: c599fbb0e57935ebe8c3f9b158b0f14cad8e83e9b9ac755a95a7fb9a9d72626c
Instruction ID: e6358204bb49a96cbf657aab49d530723a75ee55a9be2e3da47b98313b6c7ab7
Opcode Fuzzy Hash: c599fbb0e57935ebe8c3f9b158b0f14cad8e83e9b9ac755a95a7fb9a9d72626c
Instruction Fuzzy Hash: 4922F261F1966B82FF249F16EC506B967A1EFD5B84F844035C58EC2A91EF3CF145A302

Function 00007FF6297DFD10 Relevance: 56.3, APIs: 27, Strings: 5, Instructions: 326
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32 ref: 00007FF6297DFD2B
GetDesktopWindow.USER32 ref: 00007FF6297DFD8C
GetDC.USER32 ref: 00007FF6297DFD95
CreateCompatibleDC.GDI32 ref: 00007FF6297DFDA1
GetDC.USER32 ref: 00007FF6297DFDAC
GetDeviceCaps.GDI32 ref: 00007FF6297DFDBD
GetDeviceCaps.GDI32 ref: 00007FF6297DFDCD
ReleaseDC.USER32 ref: 00007FF6297DFDEA
GetSystemMetrics.USER32 ref: 00007FF6297DFE13
GetSystemMetrics.USER32 ref: 00007FF6297DFE4E
GetSystemMetrics.USER32 ref: 00007FF6297DFE82
GetSystemMetrics.USER32 ref: 00007FF6297DFE9C
GetSystemMetrics.USER32 ref: 00007FF6297DFEB6
CreateCompatibleBitmap.GDI32 ref: 00007FF6297DFED4
SelectObject.GDI32 ref: 00007FF6297DFEE8
SetStretchBltMode.GDI32 ref: 00007FF6297DFEF6
GetSystemMetrics.USER32 ref: 00007FF6297DFF01
GetSystemMetrics.USER32 ref: 00007FF6297DFF1B
StretchBlt.GDI32 ref: 00007FF6297DFF5C
GetDIBits.GDI32 ref: 00007FF6297E0022
DeleteObject.GDI32 ref: 00007FF6297E00E9
DeleteObject.GDI32 ref: 00007FF6297E00F2
ReleaseDC.USER32 ref: 00007FF6297E00FD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E0290

Strings

gfff, xrefs: 00007FF6297DFE32
, xrefs: 00007FF6297DFF21
6, xrefs: 00007FF6297DFFC2
(, xrefs: 00007FF6297DFF65
gfff, xrefs: 00007FF6297DFE58

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: MetricsSystem$Object$CapsCompatibleCreateDeleteDeviceReleaseStretch$BitmapBitsDesktopModeSelectVersionWindow_invalid_parameter_noinfo_noreturn
String ID: $($6$gfff$gfff
API String ID: 3905184151-2922166585
Opcode ID: 23c8a55448e17b2e192b0ad263d360ed319ab87aa3f017f2fb229a62f0da65d9
Instruction ID: e6f50fab4e4491ac76698744b28236f50c0f0088e649fdd5a1641726d1338e16
Opcode Fuzzy Hash: 23c8a55448e17b2e192b0ad263d360ed319ab87aa3f017f2fb229a62f0da65d9
Instruction Fuzzy Hash: 67E1A372A1878186EB259F25E80436AB3A1FFD9BC4F048235EA8E97B55DF3CD4849701

Function 00007FF6297D7250 Relevance: 54.7, APIs: 26, Strings: 5, Instructions: 457
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF6297DA300: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297DA4A0
Part of subcall function 00007FF6297DA300: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297DA4A6

MultiByteToWideChar.KERNEL32 ref: 00007FF6297D75FF
MultiByteToWideChar.KERNEL32 ref: 00007FF6297D7626

Strings

<, xrefs: 00007FF6297D795D
\DisplaySessionContainers.log, xrefs: 00007FF6297D7823
X64, xrefs: 00007FF6297D7471, 00007FF6297D748E
open, xrefs: 00007FF6297D77A6
key, xrefs: 00007FF6297D77B2

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ByteCharMultiWide$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: <$X64$\DisplaySessionContainers.log$key$open
API String ID: 143101810-941791203
Opcode ID: f52566929edf70c3aaf07bb65ffeca76ea03ad49a5c62821bfeb29e09d75be49
Instruction ID: 97389b04d3eddb92ac588bca15dc559eb76c662dac530a73a9a3ea3989548360
Opcode Fuzzy Hash: f52566929edf70c3aaf07bb65ffeca76ea03ad49a5c62821bfeb29e09d75be49
Instruction Fuzzy Hash: 75228172A19A8296EF10DF25E8042AE73A1FBC4BD4F544631EA9E83B98DF3CD144D741

Function 00007FF6297D79E0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 216
stringregistrycomCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297D7A6B
Process32FirstW.KERNEL32 ref: 00007FF6297D7A88
Process32NextW.KERNEL32 ref: 00007FF6297D7AC3
CloseHandle.KERNEL32 ref: 00007FF6297D7AD0
CoCreateInstance.COMBASE ref: 00007FF6297D7B1F
wsprintfW.USER32 ref: 00007FF6297D7C25
RegOpenKeyExW.ADVAPI32 ref: 00007FF6297D7C55
RegQueryValueExW.KERNEL32 ref: 00007FF6297D7CB6
lstrcatW.KERNEL32 ref: 00007FF6297D7CCA
lstrcatW.KERNEL32 ref: 00007FF6297D7CDA
RegCloseKey.ADVAPI32 ref: 00007FF6297D7CE7
lstrlenW.KERNEL32 ref: 00007FF6297D7D24
lstrcatW.KERNEL32 ref: 00007FF6297D7D38
CloseHandle.KERNEL32 ref: 00007FF6297D7D65
lstrcatW.KERNEL32 ref: 00007FF6297D7D7D
lstrcatW.KERNEL32 ref: 00007FF6297D7D8D

Strings

Windows Defender IOfficeAntiVirus implementation , xrefs: 00007FF6297D7A04
CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}, xrefs: 00007FF6297D7C17

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: lstrcat$Close$CreateHandleProcess32$FirstInstanceNextOpenQuerySnapshotToolhelp32Valuelstrlenwsprintf
String ID: CLSID\{%.8X-%.4X-%.4X-%.2X%.2X-%.2X%.2X%.2X%.2X%.2X%.2X}$Windows Defender IOfficeAntiVirus implementation
API String ID: 582347850-1583895642
Opcode ID: 134265c9e40a9f760aa4fceb9a534aa5a21de15c77527937ae6ae4b8d1d4e22b
Instruction ID: 0d69fcf0f06746cb43c9b0c04f40ffb277f94585dce5e0ec5b54ca566fcec142
Opcode Fuzzy Hash: 134265c9e40a9f760aa4fceb9a534aa5a21de15c77527937ae6ae4b8d1d4e22b
Instruction Fuzzy Hash: 2AA19472A08A828AEB20CF35EC406AA77A1FBC5B88F544535DE4D87B68DF3CD645D701

Function 00007FF6297DCD40 Relevance: 26.7, APIs: 7, Strings: 8, Instructions: 406
threadinjectionprocessCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32 ref: 00007FF6297DCF12
CreateProcessA.KERNEL32 ref: 00007FF6297DCF6E
VirtualAllocEx.KERNEL32 ref: 00007FF6297DCF97
WriteProcessMemory.KERNEL32 ref: 00007FF6297DCFBC
GetThreadContext.KERNEL32 ref: 00007FF6297DCFE0
SetThreadContext.KERNEL32 ref: 00007FF6297DD001
ResumeThread.KERNEL32 ref: 00007FF6297DD014

Strings

@, xrefs: 00007FF6297DCF8A
9b5db265-7770-4834-9125-526b4323e01f, xrefs: 00007FF6297DD262
%s %s, xrefs: 00007FF6297DD05B, 00007FF6297DD1EF, 00007FF6297DD2D3, 00007FF6297DD369
h, xrefs: 00007FF6297DCEE6
Windows\System32\svchost.exe, xrefs: 00007FF6297DCF18
nlyloadinmyself, xrefs: 00007FF6297DCD94
%s%s, xrefs: 00007FF6297DCF27
plugmark, xrefs: 00007FF6297DCE43

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Thread$ContextProcess$AllocCreateDirectoryMemoryResumeSystemVirtualWrite
String ID: %s %s$%s%s$9b5db265-7770-4834-9125-526b4323e01f$@$Windows\System32\svchost.exe$h$nlyloadinmyself$plugmark
API String ID: 4033188109-885983150
Opcode ID: b9226c03d3f32129d931d83eef70cf8a6a1e94e3ac3e5827d49aa26e2b45b146
Instruction ID: 5320edebddfa111e6207cca51053e9491c1c3facd945a7e5785b05eab70b65fa
Opcode Fuzzy Hash: b9226c03d3f32129d931d83eef70cf8a6a1e94e3ac3e5827d49aa26e2b45b146
Instruction Fuzzy Hash: 3912A162B18A8282EB20CF25D8442BD77A1FBD9B84F488136DB4D87B95DF3CE185D351

Function 00007FF6297EA5A0 Relevance: 25.8, APIs: 17, Instructions: 347
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA5E5
GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA66A
VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA6BF
VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA6DE
VirtualAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA741
GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA762
HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA776
VirtualFree.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA793
VirtualFree.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA7AF
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA7CC
SetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EAAB2

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Virtual$Alloc$ErrorLast$FreeHeap$InfoNativeProcessSystem
String ID:
API String ID: 1282860858-0
Opcode ID: 2db4db2f5dea0229961aa6511efc0787ebed8919f4287dccc69c8883441e57f8
Instruction ID: 74e816ab0669b5dc2206821c97dbce6777b1135ddab34da1056e49c0126a2c58
Opcode Fuzzy Hash: 2db4db2f5dea0229961aa6511efc0787ebed8919f4287dccc69c8883441e57f8
Instruction Fuzzy Hash: 0CD14031B1964286EF68CF16D8547B973A4EFC9BC4F498435CA8D87790EE3CE541A306

Function 00007FF6297EC2E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 128fileCOMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00007FF6297EC30F
CreateFileW.KERNEL32 ref: 00007FF6297EC33A
DeviceIoControl.KERNEL32 ref: 00007FF6297EC38A
DeviceIoControl.KERNEL32 ref: 00007FF6297EC3F1

Part of subcall function 00007FF6297EC520: WideCharToMultiByte.KERNEL32 ref: 00007FF6297EC555
Part of subcall function 00007FF6297EC520: WideCharToMultiByte.KERNEL32 ref: 00007FF6297EC590

DeviceIoControl.KERNEL32 ref: 00007FF6297EC451
DeviceIoControl.KERNEL32 ref: 00007FF6297EC4B0

Part of subcall function 00007FF6297EC1B0: CreateFileA.KERNEL32 ref: 00007FF6297EC259
Part of subcall function 00007FF6297EC1B0: DeviceIoControl.KERNEL32 ref: 00007FF6297EC2A1

CloseHandle.KERNEL32 ref: 00007FF6297EC4DE
CloseHandle.KERNEL32 ref: 00007FF6297EC503

Strings

\\.\HCD%d, xrefs: 00007FF6297EC303

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ControlDevice$ByteCharCloseCreateFileHandleMultiWide$wsprintf
String ID: \\.\HCD%d
API String ID: 2324936672-2696249065
Opcode ID: b16b9414ff4f5bba01ca19ea586cfc01d35dadd3bdcc9ae74a2dc0319bdc3a1e
Instruction ID: dc9df655f15d230499b4b421d1bff7fbc276b9a3dfa859198fa56b9df881dd96
Opcode Fuzzy Hash: b16b9414ff4f5bba01ca19ea586cfc01d35dadd3bdcc9ae74a2dc0319bdc3a1e
Instruction Fuzzy Hash: 74519E32608B8186EF609F11B8407AAB6A4FBC57D8F184135EA9E87B95EF3CD015DB01

Function 00007FF6297EBCD0 Relevance: 15.0, APIs: 10, Instructions: 33threadsleepsynchronizationCOMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6297EBCDB
GetConsoleWindow.KERNEL32 ref: 00007FF6297EBCE1
ShowWindow.USER32 ref: 00007FF6297EBCEC
GetCurrentThreadId.KERNEL32 ref: 00007FF6297EBCF2
PostThreadMessageA.USER32 ref: 00007FF6297EBD02
GetInputState.USER32 ref: 00007FF6297EBD08
CreateThread.KERNEL32 ref: 00007FF6297EBD27
WaitForSingleObject.KERNEL32 ref: 00007FF6297EBD3C
CloseHandle.KERNEL32 ref: 00007FF6297EBD49
Sleep.KERNEL32 ref: 00007FF6297EBD54

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Thread$Window$CloseConsoleCreateCurrentExceptionFilterHandleInputMessageObjectPostShowSingleSleepStateUnhandledWait
String ID:
API String ID: 2277684705-0
Opcode ID: 6f2be5bc360ff60992bf957455bd65437668e6ddaf6ac78ef69b290b53bfb88b
Instruction ID: 69b4dc8ac8b1c16934775780852df300b1df50e7fa6526cba2464d4be1e610ed
Opcode Fuzzy Hash: 6f2be5bc360ff60992bf957455bd65437668e6ddaf6ac78ef69b290b53bfb88b
Instruction Fuzzy Hash: 6B012C35E1AE8282EB149F71EC5457933A1FFC8751F498934C80EC3670DF3CA049A202

Function 00007FF629801DA8 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF629801DED

Part of subcall function 00007FF629801464: _invalid_parameter_noinfo.LIBCMT ref: 00007FF629801478

Part of subcall function 00007FF6297FE6BC: RtlFreeHeap.NTDLL(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6D2
Part of subcall function 00007FF6297FE6BC: GetLastError.KERNEL32(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6DC

Part of subcall function 00007FF6297F3D88: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6297F3D37,?,?,?,?,?,00007FF6297F3C22), ref: 00007FF6297F3D91
Part of subcall function 00007FF6297F3D88: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6297F3D37,?,?,?,?,?,00007FF6297F3C22), ref: 00007FF6297F3DB6

Part of subcall function 00007FF629809F14: _invalid_parameter_noinfo.LIBCMT ref: 00007FF629809E5F

_get_daylight.LIBCMT ref: 00007FF629801DDC

Part of subcall function 00007FF6298014C4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6298014D8

_get_daylight.LIBCMT ref: 00007FF629802052
_get_daylight.LIBCMT ref: 00007FF629802063
_get_daylight.LIBCMT ref: 00007FF629802074
GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6298022B4), ref: 00007FF62980209B

Strings

Eastern Summer Time, xrefs: 00007FF629802159
Eastern Standard Time, xrefs: 00007FF629802141

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: e4d215210ab8a5127c723f465f4324ebd8545cea5875ff9c0ed7522d57f15f04
Instruction ID: 164d4f138c2cfd211a800ee46dc6b5324585f2318602d37e6732fcbbd1f05567
Opcode Fuzzy Hash: e4d215210ab8a5127c723f465f4324ebd8545cea5875ff9c0ed7522d57f15f04
Instruction Fuzzy Hash: C6D1BF26E0964286EF20EF25DC902B96661FFC47A4F484835EE0DC7A96DF3CE441E742

Function 00007FF6297D8040 Relevance: 10.9, APIs: 7, Instructions: 424COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297EC2E0: wsprintfW.USER32 ref: 00007FF6297EC30F
Part of subcall function 00007FF6297EC2E0: CreateFileW.KERNEL32 ref: 00007FF6297EC33A
Part of subcall function 00007FF6297EC2E0: DeviceIoControl.KERNEL32 ref: 00007FF6297EC38A
Part of subcall function 00007FF6297EC2E0: DeviceIoControl.KERNEL32 ref: 00007FF6297EC3F1
Part of subcall function 00007FF6297EC2E0: DeviceIoControl.KERNEL32 ref: 00007FF6297EC451
Part of subcall function 00007FF6297EC2E0: DeviceIoControl.KERNEL32 ref: 00007FF6297EC4B0

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297D8670
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297D8676
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297D867C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297D8682

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ControlDevice_invalid_parameter_noinfo_noreturn$CreateFilewsprintf
String ID:
API String ID: 3155671162-0
Opcode ID: 2d5e32564994beb84768749377adeec3dde269dff25c4089fb8d85357c90455d
Instruction ID: a8e4c5ab6213ba2ebb5945397518387d98518c114359d610181f83aa5d2629a6
Opcode Fuzzy Hash: 2d5e32564994beb84768749377adeec3dde269dff25c4089fb8d85357c90455d
Instruction Fuzzy Hash: 3002AF22F08B8189EF00DF61E8102ED63A1AB85BE8F044635EE5D97BD9DF3CE445A341

Function 00007FF629802024 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF629802052

Part of subcall function 00007FF6298014C4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6298014D8

_get_daylight.LIBCMT ref: 00007FF629802063

Part of subcall function 00007FF629801464: _invalid_parameter_noinfo.LIBCMT ref: 00007FF629801478

_get_daylight.LIBCMT ref: 00007FF629802074

Part of subcall function 00007FF629801494: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6298014A8

Part of subcall function 00007FF6297FE6BC: RtlFreeHeap.NTDLL(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6D2
Part of subcall function 00007FF6297FE6BC: GetLastError.KERNEL32(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6DC

GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6298022B4), ref: 00007FF62980209B

Strings

Eastern Summer Time, xrefs: 00007FF629802159
Eastern Standard Time, xrefs: 00007FF629802141

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: d39622db5b0ee5333b178c37cbbab90ca343d8bae9bfc90199294d5daa5d9118
Instruction ID: c17caaa019dc1031a5565540c24bbc4f381a5bac2d4c07f5daa77aae19b37bdb
Opcode Fuzzy Hash: d39622db5b0ee5333b178c37cbbab90ca343d8bae9bfc90199294d5daa5d9118
Instruction Fuzzy Hash: A0517F32E1968286EF20DF21DC815B97761BFC8794F484936EA4DC3A96DF3CE441A742

Function 00007FF6297F8C10 Relevance: 9.2, APIs: 6, Instructions: 249COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F8C32
_get_daylight.LIBCMT ref: 00007FF6297F8C92
_get_daylight.LIBCMT ref: 00007FF6297F8CA3
_get_daylight.LIBCMT ref: 00007FF6297F8CB4
_isindst.LIBCMT ref: 00007FF6297F8D05
_isindst.LIBCMT ref: 00007FF6297F8D58

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _get_daylight$_isindst$_invalid_parameter_noinfo
String ID:
API String ID: 1405656091-0
Opcode ID: bc1b3b9caf7716422d15d8d8075c51535e8cc771750b1ef0c981aa63b125a24c
Instruction ID: 900934f287734a8d413da50959e998b05a10f67654ab3dd3deedaf30fdbe6acf
Opcode Fuzzy Hash: bc1b3b9caf7716422d15d8d8075c51535e8cc771750b1ef0c981aa63b125a24c
Instruction Fuzzy Hash: F491B3B2B053468BEF588F25CD412B82291EB94BC8F549039DE0E9BB89EF3CE5419741

Function 00007FF6297D3B00 Relevance: 4.7, APIs: 3, Instructions: 151timenetworkCOMMON

Download Yara Rule

APIs

select.WS2_32 ref: 00007FF6297D3BF5
recv.WS2_32 ref: 00007FF6297D3C1B

Part of subcall function 00007FF6297D1500: VirtualAlloc.KERNEL32 ref: 00007FF6297D1575
Part of subcall function 00007FF6297D1500: VirtualFree.KERNELBASE ref: 00007FF6297D15AF

timeGetTime.WINMM ref: 00007FF6297D3D04

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Virtual$AllocFreeTimerecvselecttime
String ID:
API String ID: 1996171534-0
Opcode ID: 6a2d55f36b77c358a951ba4548c2a2acb045dcba24c00c69cff2d5afcb20d37b
Instruction ID: 10e1d8315aef429a731f0d6acc3dc6068aab6c1ec23b85165cc2a50d883df11c
Opcode Fuzzy Hash: 6a2d55f36b77c358a951ba4548c2a2acb045dcba24c00c69cff2d5afcb20d37b
Instruction Fuzzy Hash: CC715D72A18A8581EB209F29D8046BD3360FBD5BC8F549235DF8D83795EF38E584D711

Function 00007FF6297D1500 Relevance: 2.6, APIs: 2, Instructions: 109memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00007FF6297D1575
VirtualFree.KERNELBASE ref: 00007FF6297D15AF

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 7adfbc43d79927e24f2f975998fe396b12a3d4926a19e200812a52629311d3ed
Instruction ID: 4cec014c12844507d2444b812732b2cf4f820860baf66e27a0e488f177673c52
Opcode Fuzzy Hash: 7adfbc43d79927e24f2f975998fe396b12a3d4926a19e200812a52629311d3ed
Instruction Fuzzy Hash: 7641C332B09A458AEB0DCE2AE850669A765FB88FC4B084539EE4EC7744EF3CD841D750

Function 00007FF6297D8900 Relevance: 45.7, APIs: 22, Strings: 4, Instructions: 225
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6297D8B10), ref: 00007FF6297D891C
OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6297D8B10), ref: 00007FF6297D892C
OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6297D8B10), ref: 00007FF6297D8954
CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6297D8B10), ref: 00007FF6297D8961
CloseHandle.KERNEL32 ref: 00007FF6297D89F0
CloseHandle.KERNEL32 ref: 00007FF6297D89F9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297D8AB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297D8ABB
GetCurrentProcessId.KERNEL32 ref: 00007FF6297D8AEB
wsprintfW.USER32 ref: 00007FF6297D8B02
GetVersionExW.KERNEL32 ref: 00007FF6297D8B31
GetCurrentProcess.KERNEL32 ref: 00007FF6297D8B5D
OpenProcessToken.ADVAPI32 ref: 00007FF6297D8B73
GetTokenInformation.KERNELBASE ref: 00007FF6297D8BA8
GetLastError.KERNEL32 ref: 00007FF6297D8BB6
LocalAlloc.KERNEL32 ref: 00007FF6297D8BD5
GetTokenInformation.KERNELBASE ref: 00007FF6297D8C08
GetSidSubAuthorityCount.ADVAPI32 ref: 00007FF6297D8C15
GetSidSubAuthority.ADVAPI32 ref: 00007FF6297D8C23
LocalFree.KERNEL32 ref: 00007FF6297D8C2E
CloseHandle.KERNEL32 ref: 00007FF6297D8C44
wsprintfW.USER32 ref: 00007FF6297D8CA3

Strings

None/%s, xrefs: 00007FF6297D8C92
NO/, xrefs: 00007FF6297D8C89
VenNetwork, xrefs: 00007FF6297D8AD0
-N/, xrefs: 00007FF6297D8C80

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Process$CloseHandleToken$CurrentOpen$AuthorityInformationLocal_invalid_parameter_noinfo_noreturnwsprintf$AllocCountErrorFreeLastVersion
String ID: -N/$NO/$None/%s$VenNetwork
API String ID: 3589523989-819860926
Opcode ID: 450628a110485d3eb8edb58debbdbfde318f95bac93751fab00fe031b43d7a27
Instruction ID: c419760e597b5630b1add909bb1aadd158b3a4232c21a1bbc8c035577959562b
Opcode Fuzzy Hash: 450628a110485d3eb8edb58debbdbfde318f95bac93751fab00fe031b43d7a27
Instruction Fuzzy Hash: CCA16C62A0DB8282EF609F25E8443BA6360FFC5B90F448635DA9D83B98DF3CD545D702

Function 00007FF6297E02A0 Relevance: 45.3, APIs: 30, Instructions: 260
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalAlloc.KERNEL32 ref: 00007FF6297E02D8
GlobalLock.KERNEL32 ref: 00007FF6297E02E4
GlobalUnlock.KERNEL32 ref: 00007FF6297E02FB
CreateStreamOnHGlobal.OLE32 ref: 00007FF6297E0311
GlobalFree.KERNEL32 ref: 00007FF6297E0674

Part of subcall function 00007FF6297D61E0: InitializeCriticalSectionEx.KERNEL32 ref: 00007FF6297D6231
Part of subcall function 00007FF6297D61E0: GetLastError.KERNEL32 ref: 00007FF6297D623B

EnterCriticalSection.KERNEL32 ref: 00007FF6297E035F
LeaveCriticalSection.KERNEL32 ref: 00007FF6297E036C
GdipCreateBitmapFromStream.GDIPLUS ref: 00007FF6297E039A
GdipDisposeImage.GDIPLUS ref: 00007FF6297E03B0
GdipDisposeImage.GDIPLUS ref: 00007FF6297E03CE
CreateStreamOnHGlobal.OLE32 ref: 00007FF6297E03EB
GetHGlobalFromStream.OLE32 ref: 00007FF6297E0412
GlobalLock.KERNEL32 ref: 00007FF6297E041C
GlobalFree.KERNEL32 ref: 00007FF6297E043B
DeleteObject.GDI32 ref: 00007FF6297E046B
EnterCriticalSection.KERNEL32 ref: 00007FF6297E047D
EnterCriticalSection.KERNEL32 ref: 00007FF6297E048D
GdiplusShutdown.GDIPLUS ref: 00007FF6297E049B
LeaveCriticalSection.KERNEL32 ref: 00007FF6297E04A8
LeaveCriticalSection.KERNEL32 ref: 00007FF6297E04B2
DeleteObject.GDI32 ref: 00007FF6297E0624
EnterCriticalSection.KERNEL32 ref: 00007FF6297E0636
EnterCriticalSection.KERNEL32 ref: 00007FF6297E0646
GdiplusShutdown.GDIPLUS ref: 00007FF6297E0654
LeaveCriticalSection.KERNEL32 ref: 00007FF6297E0661
LeaveCriticalSection.KERNEL32 ref: 00007FF6297E066B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E0698

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$Global$EnterLeave$Stream$CreateGdip$DeleteDisposeFreeFromGdiplusImageLockObjectShutdown$AllocBitmapErrorInitializeLastUnlock_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 953580087-0
Opcode ID: bd51bed798d7755ae1ba6cc52b0510cce8857c70ba01d429c7def06d381aeeb7
Instruction ID: 5bf70ff574659c38c5a803d8e17ac0154dcc7d758154149090c4944708c345d8
Opcode Fuzzy Hash: bd51bed798d7755ae1ba6cc52b0510cce8857c70ba01d429c7def06d381aeeb7
Instruction Fuzzy Hash: E3C13A36B09B428AEB00DF65E8042AD2371FB84B98F048535DE5E97A99DF3CE459E341

Function 00007FF6297DC340 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 297
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GdipGetImagePixelFormat.GDIPLUS ref: 00007FF6297DC377
GdipGetImageHeight.GDIPLUS ref: 00007FF6297DC3F4
GdipGetImageWidth.GDIPLUS ref: 00007FF6297DC41A
GdipGetImagePaletteSize.GDIPLUS ref: 00007FF6297DC470
GdipGetImagePalette.GDIPLUS ref: 00007FF6297DC4F1
CreateCompatibleDC.GDI32 ref: 00007FF6297DC588
SelectObject.GDI32 ref: 00007FF6297DC599
SetDIBColorTable.GDI32 ref: 00007FF6297DC5B7
SelectObject.GDI32 ref: 00007FF6297DC5CC
DeleteDC.GDI32 ref: 00007FF6297DC5F6
GdipBitmapLockBits.GDIPLUS ref: 00007FF6297DC646
GdipBitmapUnlockBits.GDIPLUS ref: 00007FF6297DC6D3
GdipCreateBitmapFromScan0.GDIPLUS ref: 00007FF6297DC702
GdipGetImageGraphicsContext.GDIPLUS ref: 00007FF6297DC71D
GdipDrawImageI.GDIPLUS ref: 00007FF6297DC737
GdipDeleteGraphics.GDIPLUS ref: 00007FF6297DC740
GdipDisposeImage.GDIPLUS ref: 00007FF6297DC74D
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297DC79F

Strings

&, xrefs: 00007FF6297DC3D4

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Gdip$Image$Bitmap$BitsCreateDeleteGraphicsObjectPaletteSelect$ColorCompatibleContextDisposeDrawFormatFromHeightLockPixelScan0SizeTableUnlockWidth_invalid_parameter_noinfo
String ID: &
API String ID: 4034434136-3042966939
Opcode ID: dd11024c4d0ee26c12cb960423acbe48478663fb147fae3e010d538c7f7c31a7
Instruction ID: 273ef5da407a75a6094d79f82f99ae4d166b372158dff8c4f0f06a34bc61cd6b
Opcode Fuzzy Hash: dd11024c4d0ee26c12cb960423acbe48478663fb147fae3e010d538c7f7c31a7
Instruction Fuzzy Hash: D9D1CC72A05A828AEB608F21D9446BC37A4FB84BD8F098435DF1E97B84DF3CE904D751

Function 00007FF6297D3820 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 157
networkstringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ResetEvent.KERNEL32 ref: 00007FF6297D3840
timeGetTime.WINMM ref: 00007FF6297D384F
socket.WS2_32 ref: 00007FF6297D387C
lstrlenW.KERNEL32 ref: 00007FF6297D389E
WideCharToMultiByte.KERNEL32 ref: 00007FF6297D38C2
lstrlenW.KERNEL32 ref: 00007FF6297D38DA
WideCharToMultiByte.KERNEL32 ref: 00007FF6297D38FD
gethostbyname.WS2_32 ref: 00007FF6297D390A
htons.WS2_32 ref: 00007FF6297D3938
connect.WS2_32 ref: 00007FF6297D3962
setsockopt.WS2_32 ref: 00007FF6297D399E
setsockopt.WS2_32 ref: 00007FF6297D39D1
setsockopt.WS2_32 ref: 00007FF6297D3A04
setsockopt.WS2_32 ref: 00007FF6297D3A2D
WSAIoctl.WS2_32 ref: 00007FF6297D3A80

Strings

0u, xrefs: 00007FF6297D39EB

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: setsockopt$ByteCharMultiWidelstrlen$EventIoctlResetTimeconnectgethostbynamehtonssockettime
String ID: 0u
API String ID: 3082052849-3203441087
Opcode ID: e6a13d699f6763c7654f24c20153140ddf5521bbc938d0bcbfbca2fb93ded773
Instruction ID: 9a9564c4dbad45cf3266a518d48e973739a0d9a78e44ca9c658081014ef9d66a
Opcode Fuzzy Hash: e6a13d699f6763c7654f24c20153140ddf5521bbc938d0bcbfbca2fb93ded773
Instruction Fuzzy Hash: A2713D72609B8186EB20CF21F84076AB7A5FB84B94F044239EA9E47B58DF3DD149DB05

Function 0000000180002AE0 Relevance: 26.4, APIs: 7, Strings: 8, Instructions: 110registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0000000180002AE0: RegOpenKeyExW.ADVAPI32 ref: 00000001800027CE

Part of subcall function 00000001800033C0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00000001800034F6
Part of subcall function 00000001800033C0: Concurrency::cancel_current_task.LIBCPMT ref: 00000001800034FC

RegOpenKeyExW.ADVAPI32 ref: 0000000180002B74

Strings

SOFTWARE\AiServer, xrefs: 0000000180002B2B
Failed to open source registry key. Error: , xrefs: 0000000180002A09
getinfo_mark, xrefs: 0000000180002E04
Software\Microsoft\Windows\CurrentVersion\Run, xrefs: 0000000180002CD8
Software\AiServer, xrefs: 000000018000277D
CleanTempTrash, xrefs: 0000000180002D31
OpenAi_Service, xrefs: 000000018000278F, 0000000180002B19
Startup item added successfully!, xrefs: 0000000180002D80

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Open$Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: CleanTempTrash$Failed to open source registry key. Error: $OpenAi_Service$SOFTWARE\AiServer$Software\AiServer$Software\Microsoft\Windows\CurrentVersion\Run$Startup item added successfully!$getinfo_mark
API String ID: 1623771123-487670668
Opcode ID: 31687ab3facf5392310ce355a23f745cdf45f1b013910d7f5573e4811e5d18d7
Instruction ID: 3aee7fd0f9c7fee61078e072a23cf8b7440c246dedc74f5af328adb52fafc02c
Opcode Fuzzy Hash: 31687ab3facf5392310ce355a23f745cdf45f1b013910d7f5573e4811e5d18d7
Instruction Fuzzy Hash: 9451B472614A8895FBA2DB28E4847DE7361F7897D4F509202FA9D43AE9DF78C648C700

Function 00007FF6297D8AD0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 101
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcessId.KERNEL32 ref: 00007FF6297D8AEB
wsprintfW.USER32 ref: 00007FF6297D8B02

Part of subcall function 00007FF6297D8900: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6297D8B10), ref: 00007FF6297D891C
Part of subcall function 00007FF6297D8900: OpenProcess.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6297D8B10), ref: 00007FF6297D892C
Part of subcall function 00007FF6297D8900: OpenProcessToken.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6297D8B10), ref: 00007FF6297D8954
Part of subcall function 00007FF6297D8900: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00007FF6297D8B10), ref: 00007FF6297D8961

GetVersionExW.KERNEL32 ref: 00007FF6297D8B31
GetCurrentProcess.KERNEL32 ref: 00007FF6297D8B5D
OpenProcessToken.ADVAPI32 ref: 00007FF6297D8B73
GetTokenInformation.KERNELBASE ref: 00007FF6297D8BA8
GetLastError.KERNEL32 ref: 00007FF6297D8BB6
LocalAlloc.KERNEL32 ref: 00007FF6297D8BD5
GetTokenInformation.KERNELBASE ref: 00007FF6297D8C08
GetSidSubAuthorityCount.ADVAPI32 ref: 00007FF6297D8C15
GetSidSubAuthority.ADVAPI32 ref: 00007FF6297D8C23
LocalFree.KERNEL32 ref: 00007FF6297D8C2E
CloseHandle.KERNEL32 ref: 00007FF6297D8C44
wsprintfW.USER32 ref: 00007FF6297D8CA3

Strings

VenNetwork, xrefs: 00007FF6297D8AD0

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Process$Token$CurrentOpen$AuthorityCloseHandleInformationLocalwsprintf$AllocCountErrorFreeLastVersion
String ID: VenNetwork
API String ID: 4155081256-3057682757
Opcode ID: 1692176833e3a9b7a26e51401c227b190f30f5d7bbf91e349ba2e469b46507f9
Instruction ID: bd437d130500fbeec262de9800465d4e0524ce7081f8d34249f576e85ca2138f
Opcode Fuzzy Hash: 1692176833e3a9b7a26e51401c227b190f30f5d7bbf91e349ba2e469b46507f9
Instruction Fuzzy Hash: 07411B31A0A682C1EF619F61EC447FA2360EFC5B81F488535DA8E82794DF3CD449E712

Function 00007FF6297EBDD0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 223
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeviceIoControl.KERNEL32 ref: 00007FF6297EBE74
DeviceIoControl.KERNEL32 ref: 00007FF6297EBEE3
GlobalAlloc.KERNEL32 ref: 00007FF6297EBF12
DeviceIoControl.KERNEL32 ref: 00007FF6297EBF5C
GlobalFree.KERNEL32 ref: 00007FF6297EBF7E
DeviceIoControl.KERNEL32 ref: 00007FF6297EBFCD
GlobalAlloc.KERNEL32 ref: 00007FF6297EBFF5
DeviceIoControl.KERNEL32 ref: 00007FF6297EC037
GlobalFree.KERNEL32 ref: 00007FF6297EC050
GlobalFree.KERNEL32 ref: 00007FF6297EC06F

Strings

%s-%s|, xrefs: 00007FF6297EC0DB
- External Hub, xrefs: 00007FF6297EC05B

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ControlDeviceGlobal$Free$Alloc
String ID: - External Hub$%s-%s|
API String ID: 3253977144-729331614
Opcode ID: 6ebde190928095b1eae62e95338309e58df42c3839912d6c9fa9ddc0bde6fb78
Instruction ID: 6accf1e0f1fbe5a6c731d1e2f0840196f1363627f68666d356ee603c171c9897
Opcode Fuzzy Hash: 6ebde190928095b1eae62e95338309e58df42c3839912d6c9fa9ddc0bde6fb78
Instruction Fuzzy Hash: 29B1AD72A08B8185EB20CF11E8403EAB7A0FBC5794F584139DB8997BA4DF3CD544C701

Function 00007FF6297D8690 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTokenInformation.KERNELBASE ref: 00007FF6297D870B
GetLastError.KERNEL32 ref: 00007FF6297D8715
GetProcessHeap.KERNEL32 ref: 00007FF6297D872B
HeapAlloc.KERNEL32 ref: 00007FF6297D873C
GetTokenInformation.KERNELBASE ref: 00007FF6297D876E
LookupAccountSidW.ADVAPI32 ref: 00007FF6297D87B6
GetLastError.KERNEL32 ref: 00007FF6297D87C0
GetProcessHeap.KERNEL32 ref: 00007FF6297D88C4
HeapFree.KERNEL32 ref: 00007FF6297D88D2

Strings

NONE_MAPPED, xrefs: 00007FF6297D87CD

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Heap$ErrorInformationLastProcessToken$AccountAllocFreeLookup
String ID: NONE_MAPPED
API String ID: 162735656-2950899194
Opcode ID: fc7d76223dfa6cbbf8efa4015a3b0f0cb7eb74909b040ee270e83bc7d35c4934
Instruction ID: 0d7aa6959fcc725e49a9c06b1bea6ecd4e36e89ccd4731abd4f5fbf7408ae856
Opcode Fuzzy Hash: fc7d76223dfa6cbbf8efa4015a3b0f0cb7eb74909b040ee270e83bc7d35c4934
Instruction Fuzzy Hash: 1C519B62A19B8286EF609F02E8402AE63A0FBC5FD4F884936DA5D83794EF3CD544D355

Function 00007FF6297DD9C0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 137registryCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297DDA44
GetLastInputInfo.USER32 ref: 00007FF6297DDAAB
GetTickCount.KERNEL32 ref: 00007FF6297DDAB1
wsprintfW.USER32 ref: 00007FF6297DDAE4
RegOpenKeyExW.KERNEL32 ref: 00007FF6297DDB72
RegQueryValueExW.KERNEL32 ref: 00007FF6297DDBA3

Strings

%d min, xrefs: 00007FF6297DDADD
Console, xrefs: 00007FF6297DDB64
IpDatespecial, xrefs: 00007FF6297DDB9C

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CountInfoInputLastOpenQueryTickValue_invalid_parameter_noinfo_noreturnwsprintf
String ID: %d min$Console$IpDatespecial
API String ID: 357503962-2712035571
Opcode ID: f28287e08346a151c8f9e7dd536401413db980339d8fbe5e32e9d5c07144a3e5
Instruction ID: 5ada80380fda37d1c30f336262545d14df9133c8770d5846de3c0a7e156ecb9b
Opcode Fuzzy Hash: f28287e08346a151c8f9e7dd536401413db980339d8fbe5e32e9d5c07144a3e5
Instruction Fuzzy Hash: 9A51D032605E8185EF608F28EC443B937A4FB85B99F488131DA5C8BB99EF3DC589D701

Function 00007FF6297DC7B0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 143windowCOMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS ref: 00007FF6297DC7E4
GdipGetImageEncoders.GDIPLUS ref: 00007FF6297DC871
GdipCreateBitmapFromScan0.GDIPLUS ref: 00007FF6297DC915
GdipCreateBitmapFromHBITMAP.GDIPLUS ref: 00007FF6297DC92D
GdipSaveImageToStream.GDIPLUS ref: 00007FF6297DC944
GdipDisposeImage.GDIPLUS ref: 00007FF6297DC951
GdipDisposeImage.GDIPLUS ref: 00007FF6297DC95E

Strings

&, xrefs: 00007FF6297DC8FD

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Gdip$Image$BitmapCreateDisposeEncodersFrom$SaveScan0SizeStream
String ID: &
API String ID: 370471037-3042966939
Opcode ID: 4526caf998ada3252c84406b8f766584f007c4df05e28e230d859843c7169577
Instruction ID: 9b779ff3738035a9de4adfdb62a561ee63abba392501d1e97a6b8c84db6cf203
Opcode Fuzzy Hash: 4526caf998ada3252c84406b8f766584f007c4df05e28e230d859843c7169577
Instruction Fuzzy Hash: 3B516F32A08A8286EF119F219C009B863A1FBC5BD8F4C8535DE5D87B94DF3CE946A351

Function 00007FF6297FEA70 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA7F
FlsGetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA94
FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEAB5
FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEAE2
FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEAF3
FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB04
SetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB1F

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 390d5eb095ce68ec242a92ef1551fbfc0110d75ff9e2c87602c77b0264b82abd
Instruction ID: 114d00ecf7c75050e4ae425305f2d178ed19eab8250da7b976feb1bb7b91222b
Opcode Fuzzy Hash: 390d5eb095ce68ec242a92ef1551fbfc0110d75ff9e2c87602c77b0264b82abd
Instruction Fuzzy Hash: 81214C20F0E64242FE546F259D465396242AFC47F8F184B35DC7E96AC6EE2CB801B603

Function 00007FF6297D91A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF6297D91BD
GetProcAddress.KERNEL32 ref: 00007FF6297D91CD
GetNativeSystemInfo.KERNEL32 ref: 00007FF6297D91DD
GetSystemInfo.KERNEL32 ref: 00007FF6297D91E1

Strings

kernel32.dll, xrefs: 00007FF6297D91A7
GetNativeSystemInfo, xrefs: 00007FF6297D91C6

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: InfoSystem$AddressHandleModuleNativeProc
String ID: GetNativeSystemInfo$kernel32.dll
API String ID: 3433367815-192647395
Opcode ID: 882c301155eb64aee104ed8b19a7cf0e71553aaaeea973eafe02328fb5bce8a2
Instruction ID: 382805faddc7aba3c8056985a327359d3e6595b9f7cc423e5315fab82d60cf8e
Opcode Fuzzy Hash: 882c301155eb64aee104ed8b19a7cf0e71553aaaeea973eafe02328fb5bce8a2
Instruction Fuzzy Hash: 1CF0F615E2AA8283EF61AF10EC002752350FFD8700FC49735E98E82658EF2CE2959611

Function 00007FF6297D8CD0 Relevance: 9.1, APIs: 6, Instructions: 67registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNEL32 ref: 00007FF6297D8D32
RegQueryValueExW.KERNEL32 ref: 00007FF6297D8D89
lstrcmpW.KERNEL32 ref: 00007FF6297D8D9F
RegCloseKey.KERNEL32 ref: 00007FF6297D8DCF
RegCloseKey.ADVAPI32 ref: 00007FF6297D8DDD

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Close$OpenQueryValuelstrcmp
String ID:
API String ID: 4288439342-0
Opcode ID: 898e3f92dd09ced9f59f1214a1bb77de0c366a7caab65dc6ea004482ae0e6425
Instruction ID: 70db7948d4d659aaeb6455f33d49e848d97f6799b1bfba277f003e4051012189
Opcode Fuzzy Hash: 898e3f92dd09ced9f59f1214a1bb77de0c366a7caab65dc6ea004482ae0e6425
Instruction Fuzzy Hash: FE318431618B8182EB608F25EC886AA73A4FFD9B90F548631DA5D837E8DF3DD444D741

Function 00007FF6297D8E00 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 239COMMON

Download Yara Rule

APIs

CreateDXGIFactory.DXGI ref: 00007FF6297D8E4C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297D9191
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297D9197

Strings

%s%s %d %d , xrefs: 00007FF6297D8F3F
%s%s %d*%d , xrefs: 00007FF6297D9094

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CreateFactory
String ID: %s%s %d %d $%s%s %d*%d
API String ID: 2331002265-1924168580
Opcode ID: 905f7797e8ca330743f3d0d1c8fe144fccdbbcf9989baf0f74f56d9a75f292ec
Instruction ID: 42e7c24a1eaf7fa50364fa88b0e65d66e87b1960d0f195d9a10ceec4c879e0f8
Opcode Fuzzy Hash: 905f7797e8ca330743f3d0d1c8fe144fccdbbcf9989baf0f74f56d9a75f292ec
Instruction Fuzzy Hash: C3A16C32B08B8589EB10CF65D8442EE7761FB89BD8F544622EE9D97B98DF38D481C701

Function 00007FF6297F8940 Relevance: 7.6, APIs: 5, Instructions: 60threadCOMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F896B
CreateThread.KERNEL32 ref: 00007FF6297F89AC
GetLastError.KERNEL32 ref: 00007FF6297F89BA
CloseHandle.KERNEL32 ref: 00007FF6297F89D0
FreeLibrary.KERNEL32 ref: 00007FF6297F89DF

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CloseCreateErrorFreeHandleLastLibraryThread_invalid_parameter_noinfo
String ID:
API String ID: 2067211477-0
Opcode ID: bf8243345e757f2f55ee74e3b164a4444cec9f217b6620c703edaf3e446c73ac
Instruction ID: bfcd740702408affd95fb42346d53c0b816f7524fd5243d727f1f62c076a2bc2
Opcode Fuzzy Hash: bf8243345e757f2f55ee74e3b164a4444cec9f217b6620c703edaf3e446c73ac
Instruction Fuzzy Hash: A7218035A09B8285EF14DF66AC011B9A3A0FFC8BD4F184535DE5E93755DF3CE400A602

Function 00007FF6297EC1B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32 ref: 00007FF6297EC259
DeviceIoControl.KERNEL32 ref: 00007FF6297EC2A1

Strings

\\.\, xrefs: 00007FF6297EC1FE
L, xrefs: 00007FF6297EC289

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ControlCreateDeviceFile
String ID: L$\\.\
API String ID: 107608037-1891537229
Opcode ID: 0cbf31d1c7ae4fdc9b9f59bce1c389b46034841fd4249985a256846f0105b842
Instruction ID: 494c79c9d2c2840e99091d931249b5cc63549821e463ccce0beffdbfc600b40b
Opcode Fuzzy Hash: 0cbf31d1c7ae4fdc9b9f59bce1c389b46034841fd4249985a256846f0105b842
Instruction Fuzzy Hash: 8431B672A0C68581EB018F51B8503B97B90EBD5BE4F084235EBE947BC5DF7CD5059B01

Function 00007FF6297D3E30 Relevance: 6.1, APIs: 4, Instructions: 120threadnetworkCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6297D3E51
send.WS2_32 ref: 00007FF6297D3F43
send.WS2_32 ref: 00007FF6297D3F90
GetCurrentThreadId.KERNEL32 ref: 00007FF6297D3FBA

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CurrentThreadsend
String ID:
API String ID: 302076607-0
Opcode ID: 8fc84bb4e0a68a1d65a8e1ac48c208ce2ab72bf0ff2939eb6e9be73f1c549aff
Instruction ID: 7f7789a86e4a0568312fe0c2f9aba13d51e4cc12de4dfcc3a53fbf620aec1fb1
Opcode Fuzzy Hash: 8fc84bb4e0a68a1d65a8e1ac48c208ce2ab72bf0ff2939eb6e9be73f1c549aff
Instruction Fuzzy Hash: 5C518C22A08B8687EB248F25E94436AB7B0FB84BC8F049035DB5987B55EF7CE4529351

Function 00007FF6297D37A0 Relevance: 6.0, APIs: 4, Instructions: 26COMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FF6297D37DD
CancelIo.KERNEL32 ref: 00007FF6297D37EA
closesocket.WS2_32 ref: 00007FF6297D37FA
SetEvent.KERNEL32 ref: 00007FF6297D3804

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CancelEventclosesocketsetsockopt
String ID:
API String ID: 852421847-0
Opcode ID: 2fb1975f05564cd4b635324778d61c2216334fb941b2a99bb5b0bfd9df8af0fc
Instruction ID: 7b4bae3cbe9a674dea8d5fbb81e0bc0cadb86f2c72eed4e2896a0ab4bc147ebe
Opcode Fuzzy Hash: 2fb1975f05564cd4b635324778d61c2216334fb941b2a99bb5b0bfd9df8af0fc
Instruction Fuzzy Hash: E8F06D32605A8183DB108F25E85432AB330FBC4BA4F544735CBAD476A4CF3DD0658702

Function 00007FF6297DDC4D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 130COMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00007FF6297DDCA0
CloseHandle.KERNEL32 ref: 00007FF6297DDE27

Strings

%s_bin, xrefs: 00007FF6297DDC95

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CloseHandlewsprintf
String ID: %s_bin
API String ID: 3088109604-2665034546
Opcode ID: 1cc5837084052d4333c8776d802eed0366a0c4f2efb28125bb70cfdcc1c100eb
Instruction ID: 5617388d3e261318d9268445558d80e55a5f7c94cb32370ec1cd5ba93b964b40
Opcode Fuzzy Hash: 1cc5837084052d4333c8776d802eed0366a0c4f2efb28125bb70cfdcc1c100eb
Instruction Fuzzy Hash: 9F51A962B09AA685EF60DF21C814BA92360EFC5B84F4A8036DA5D87781EF3CD801D312

Function 00007FF6297EA140 Relevance: 4.7, APIs: 3, Instructions: 181memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000000,?,00007FF6297EA9F9,?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA2C4
VirtualFree.KERNELBASE(?,?,00000000,?,00007FF6297EA9F9,?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA34E
VirtualProtect.KERNEL32(?,?,00000000,?,00007FF6297EA9F9,?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA3B5

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Virtual$Protect$Free
String ID:
API String ID: 3866829018-0
Opcode ID: 790f28dfba3ce3385ed62d36621e11434fbf0ea754f1c5bfbbc011f1c81681f5
Instruction ID: 71bae36a680b682bc5fe7be5ac3dddab7c5268726a8172563ff0b07e559e5958
Opcode Fuzzy Hash: 790f28dfba3ce3385ed62d36621e11434fbf0ea754f1c5bfbbc011f1c81681f5
Instruction Fuzzy Hash: 8261CEB2B1865186EF28CF5AA840AB967A1FB98BC4F445031DF8E97B44DF3CE850D701

Function 00007FF6297EC5C0 Relevance: 4.6, APIs: 3, Instructions: 79stringCOMMON

Download Yara Rule

APIs

GetSystemDefaultLangID.KERNEL32 ref: 00007FF6297EC603
DeviceIoControl.KERNEL32 ref: 00007FF6297EC653

Part of subcall function 00007FF6297EC520: WideCharToMultiByte.KERNEL32 ref: 00007FF6297EC555
Part of subcall function 00007FF6297EC520: WideCharToMultiByte.KERNEL32 ref: 00007FF6297EC590

lstrcpyA.KERNEL32 ref: 00007FF6297EC6D2

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ByteCharMultiWide$ControlDefaultDeviceLangSystemlstrcpy
String ID:
API String ID: 3058672631-0
Opcode ID: 261198a72c51156676862921f16f9480d45e931e86c7b1aea88ce01165389770
Instruction ID: 9be63de009065d9cb1391d7f06aa5b4a320941ffa02c60295eb9313a05e9ce48
Opcode Fuzzy Hash: 261198a72c51156676862921f16f9480d45e931e86c7b1aea88ce01165389770
Instruction Fuzzy Hash: F331C035A0CB8285EF21CF11A8443AAA3A5EBD9BD0F584135FA9DC7B89DF3DD4409B01

Function 0000000180023810 Relevance: 4.6, APIs: 3, Instructions: 78COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,0000000180017F3B), ref: 0000000180023829
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,0000000180017F3B), ref: 000000018002389B

Part of subcall function 0000000180019170: HeapAlloc.KERNEL32(?,?,?,0000000180021D89,?,?,00000000,000000018002397F,?,?,?,0000000180018293,?,?,?,0000000180018189), ref: 00000001800191AE

FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,0000000180017F3B), ref: 00000001800238FA

Part of subcall function 0000000180019134: HeapFree.KERNEL32(?,?,0000000180018293,000000018002602A,?,?,?,00000001800263A7,?,?,00000000,0000000180023D7D,?,?,?,0000000180023CAF), ref: 000000018001914A
Part of subcall function 0000000180019134: GetLastError.KERNEL32(?,?,0000000180018293,000000018002602A,?,?,?,00000001800263A7,?,?,00000000,0000000180023D7D,?,?,?,0000000180023CAF), ref: 0000000180019154

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: EnvironmentFreeStrings$Heap$AllocErrorLast
String ID:
API String ID: 3331406755-0
Opcode ID: b2f60d656982d0100eabe4758fe4a58dba44e13eded4e913d1951d74df5580bb
Instruction ID: da456c4d4685c92bdc55fa069fa15b697c477944deadc6af73ddf7f7c9b1de89
Opcode Fuzzy Hash: b2f60d656982d0100eabe4758fe4a58dba44e13eded4e913d1951d74df5580bb
Instruction Fuzzy Hash: 3A31E531604B5981EBA79F2668413DEB7A4F74CFD0F488229FA5A47BC5DF34C6498300

Function 00007FF6297DC9B0 Relevance: 4.5, APIs: 3, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297D61E0: InitializeCriticalSectionEx.KERNEL32 ref: 00007FF6297D6231
Part of subcall function 00007FF6297D61E0: GetLastError.KERNEL32 ref: 00007FF6297D623B

EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF6297DC7D4), ref: 00007FF6297DC9DA
GdiplusStartup.GDIPLUS ref: 00007FF6297DCA0F
LeaveCriticalSection.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF6297DC7D4), ref: 00007FF6297DCA27

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$EnterErrorGdiplusInitializeLastLeaveStartup
String ID:
API String ID: 2723390537-0
Opcode ID: 65629aaaa719a2e99d15e3f5434e13b9281ffa3b8c64cff51ac5a9778f412de6
Instruction ID: 6a939418fbdeca4ea937247bc3aaf68db6d8715a4a56fe38b83ea59f0f0fb458
Opcode Fuzzy Hash: 65629aaaa719a2e99d15e3f5434e13b9281ffa3b8c64cff51ac5a9778f412de6
Instruction Fuzzy Hash: 08019E32A09B81C7EB408F15E80036AB3E1F7C5B81F481025EA8E83758CF3CD095DB50

Function 00007FF6297F8878 Relevance: 4.5, APIs: 3, Instructions: 27threadCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297FEBE8: GetLastError.KERNEL32(?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000,00007FF6297FA3FB,?,?,?), ref: 00007FF6297FEBF7
Part of subcall function 00007FF6297FEBE8: SetLastError.KERNEL32(?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000,00007FF6297FA3FB,?,?,?), ref: 00007FF6297FEC97

CloseHandle.KERNEL32(?,?,?,00007FF6297F8A25,?,?,?,?,00007FF6297F8869), ref: 00007FF6297F88B3
FreeLibraryAndExitThread.KERNEL32(?,?,?,00007FF6297F8A25,?,?,?,?,00007FF6297F8869), ref: 00007FF6297F88C9
ExitThread.KERNEL32 ref: 00007FF6297F88D2

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary
String ID:
API String ID: 1991824761-0
Opcode ID: 9d899525cbf94069d0aecb2dad8b7ed7b52f5d6c34f84ba4291cfdf2ce1d2a7a
Instruction ID: 729c1399758a5911999040f313576f442f497b6851f67a044778219dca7f8451
Opcode Fuzzy Hash: 9d899525cbf94069d0aecb2dad8b7ed7b52f5d6c34f84ba4291cfdf2ce1d2a7a
Instruction Fuzzy Hash: 63F06222A19A8691FF145F208C442BD3264AFC0BB8F2C4735DA3D822E4EF3CD845D346

Function 00007FF6297EAC60 Relevance: 3.8, APIs: 3, Instructions: 78memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,00000000,00007FF6297EA8E2,?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EAD00
GetProcessHeap.KERNEL32(?,?,00000000,00007FF6297EA8E2,?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EAD45
HeapFree.KERNEL32(?,?,00000000,00007FF6297EA8E2,?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EAD53

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: FreeHeap$ProcessVirtual
String ID:
API String ID: 190046822-0
Opcode ID: c7db7b0691119067bd3ad48bc2d9db251511b48ffc2b1eb7c2b1f3e989671234
Instruction ID: db08792c01f73604e645fb162825973a15ac69c4a9d59c1c896254ceca41ee04
Opcode Fuzzy Hash: c7db7b0691119067bd3ad48bc2d9db251511b48ffc2b1eb7c2b1f3e989671234
Instruction Fuzzy Hash: 07315A36B09A4197EB58DF16E9402A96360FB89BC4F488031DF8D93B54CF3DE8A2D701

Function 00007FF6297D3DA0 Relevance: 3.0, APIs: 2, Instructions: 41timeCOMMON

Download Yara Rule

APIs

SleepEx.KERNEL32 ref: 00007FF6297D3DCD
timeGetTime.WINMM ref: 00007FF6297D3DF1

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: SleepTimetime
String ID:
API String ID: 346578373-0
Opcode ID: 2becff6657bc7d5012ec94526cf32972d5272bc21be79492e35a94961d449a59
Instruction ID: a11317faa6071ae481c4f52618fd6a1ef3ae155457889509cb5095d7c40bddab
Opcode Fuzzy Hash: 2becff6657bc7d5012ec94526cf32972d5272bc21be79492e35a94961d449a59
Instruction Fuzzy Hash: 67018C22B1864287EB648F25E98833C26A0FB89B88F445634C75E877D4CF7CD4E5CB12

Function 00007FF6297F8808 Relevance: 3.0, APIs: 2, Instructions: 31threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6297F8816
ExitThread.KERNEL32 ref: 00007FF6297F881E

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: 29301a702b889868f08e3e365d098e4f00faa70b4f08071482801bca7c2ace5b
Instruction ID: cb5396bb1ecfc759804f614cbef3658d9b306f0408946f9aab80bcc1a6fc7071
Opcode Fuzzy Hash: 29301a702b889868f08e3e365d098e4f00faa70b4f08071482801bca7c2ace5b
Instruction Fuzzy Hash: F2F09021F1A64286FF14AF708C461BD1260EFD4B98F185834DD0EE32A2DE2CA8419302

Function 00007FF6297EDE98 Relevance: 3.0, APIs: 2, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297EDEC8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297EDECE

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a47e5a6ac0625703f2fd5b566550f71a2f7208a7861a0071670bc6a0f9e7358f
Instruction ID: 558b52b9266f1843545ff783cf45a85ae933e94a8a7960efa57a14e98f361c4c
Opcode Fuzzy Hash: a47e5a6ac0625703f2fd5b566550f71a2f7208a7861a0071670bc6a0f9e7358f
Instruction Fuzzy Hash: D3E0B610E1A14745FD297DA61D1A0F800400FE9BF0E2D1B30E9BE842C2AD1CB891B152

Function 0000000180002E80 Relevance: 3.0, APIs: 2, Instructions: 20synchronizationthreadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32 ref: 0000000180002EAC
WaitForSingleObject.KERNEL32 ref: 0000000180002EC1

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: CreateObjectSingleThreadWait
String ID:
API String ID: 1891408510-0
Opcode ID: 2e196884986127d3ceab2098e342ff93db7a03bb379680bcd1a5a2c8e1daba12
Instruction ID: 601e645bba3044fe888c1c35edc14d5e84fcc3ccd5dc67ab8abe609fb7722b73
Opcode Fuzzy Hash: 2e196884986127d3ceab2098e342ff93db7a03bb379680bcd1a5a2c8e1daba12
Instruction Fuzzy Hash: 5DE01231A40E8886E7E2CB60E8803C57395B39C3A5F61C226E95D827A4DF7C86DE8704

Function 00007FF6297FE6BC Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6D2
GetLastError.KERNEL32(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6DC

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: a27750d6ae148c980c7c980f65ba2d3e2e52c6c92a9735542c6e0cceef461146
Instruction ID: 82296207a74ff78aa45467df9836eacd1ca68aef2636c076a068e5663808f95d
Opcode Fuzzy Hash: a27750d6ae148c980c7c980f65ba2d3e2e52c6c92a9735542c6e0cceef461146
Instruction Fuzzy Hash: A5E0C210F1AA4782FF186FF26C461782250EFC4788F488834DC1EE3292EE3C68406706

Function 00007FF6297EA000 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?,?,67452301), ref: 00007FF6297EA0CC
SetLastError.KERNEL32(?,?,?,?,?,67452301), ref: 00007FF6297EA112

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: AllocErrorLastVirtual
String ID:
API String ID: 497505419-0
Opcode ID: 397192a9a5480a2a43f02e5bb4f2c2ae5134a85a5bb06a3bf5a3146684001a4d
Instruction ID: b7144ed485e72726273ff16309495eda9b9c5756260ab565cc97fef0d4ea8d8f
Opcode Fuzzy Hash: 397192a9a5480a2a43f02e5bb4f2c2ae5134a85a5bb06a3bf5a3146684001a4d
Instruction Fuzzy Hash: 17315E32B05A8586DB24CF16E944AADB7A0FB84BC8F048425DF8D87758DE38D441D711

Function 00007FF6297D1730 Relevance: 2.6, APIs: 2, Instructions: 62memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00007FF6297D1796
VirtualFree.KERNELBASE ref: 00007FF6297D17CA

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 616965ea612f33b462fe03c73724eb49c1abe59c321f00a6c33259c6d796c58f
Instruction ID: 711941d1a95e7fa4c492efa502b6ed5147d23c17bbc9efabe9cb9cba9e7842c5
Opcode Fuzzy Hash: 616965ea612f33b462fe03c73724eb49c1abe59c321f00a6c33259c6d796c58f
Instruction Fuzzy Hash: 83217931B18A4186DB64CF2AF84012AB7A1FBC8BC0B148535EB9ED3B54EF3CE4819744

Function 00007FF6297D1670 Relevance: 2.6, APIs: 2, Instructions: 53memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32 ref: 00007FF6297D16C4
VirtualFree.KERNEL32 ref: 00007FF6297D16FE

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 0d2589c5e0cc1a94e4b3bf8f4f54a9d1287f00ffced7c8db5b8a82110618710c
Instruction ID: e10ff107408fa1a64cfa1121b56b2dc3138a99e23c43d9d5d8181909f13070a9
Opcode Fuzzy Hash: 0d2589c5e0cc1a94e4b3bf8f4f54a9d1287f00ffced7c8db5b8a82110618710c
Instruction Fuzzy Hash: 2E11E631B29A4182DB098F36A840129A3A5FFD8BC0B188535EA4ED3758EF3CD891DB40

Function 00007FF6297EDFC0 Relevance: 1.6, APIs: 1, Instructions: 94COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297EDC60: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF6297EDC74

__scrt_release_startup_lock.LIBCMT ref: 00007FF6297EE057

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: __scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 2217363868-0
Opcode ID: cbc0649b0607904615e0344cdc653858b0dfbbed05089a03dbfd93f3e9e99ab1
Instruction ID: c7538881e104367bf9d5664acc1349d90f81bebf403827d1a4f15f2acb56d901
Opcode Fuzzy Hash: cbc0649b0607904615e0344cdc653858b0dfbbed05089a03dbfd93f3e9e99ab1
Instruction Fuzzy Hash: 64314821E0D24781FE10AF20DC113F92291AFC57C8F984839EA8DDB6D7DE6DA845A603

Function 00007FF6297D1000 Relevance: 1.5, APIs: 1, Instructions: 16networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FF6297D1022

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 27a40b9f3cf52b959e37d45274ab80e386b8a2eb9336faf4e796e06ae50c97e7
Instruction ID: 85abfcb04a0e7ec63147c048f0c93f3c5ce77a4ca756d325ad7beb3746599bfd
Opcode Fuzzy Hash: 27a40b9f3cf52b959e37d45274ab80e386b8a2eb9336faf4e796e06ae50c97e7
Instruction Fuzzy Hash: 6FE0DF36B0A585CAEB109F20D8490B43364FB98300F448131E58D83754CE2CD105CF02

Function 00007FF6297DDE3F Relevance: 1.3, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297EDE98: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297EDEC8
Part of subcall function 00007FF6297EDE98: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297EDECE

Part of subcall function 00007FF6297F87A0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F87C6

CloseHandle.KERNEL32 ref: 00007FF6297DEF19

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Concurrency::cancel_current_task$CloseHandle_invalid_parameter_noinfo
String ID:
API String ID: 1286571413-0
Opcode ID: 795a488eb799d89edc104639d8927af7c833b25f0a8359dc5aa5e50726ea34de
Instruction ID: 0c09ecb5db1b50839a81061bfeafcfa5ab029dab661e3080cb6cfc978218e6c5
Opcode Fuzzy Hash: 795a488eb799d89edc104639d8927af7c833b25f0a8359dc5aa5e50726ea34de
Instruction Fuzzy Hash: 2831C972A09B8181EB68DF14EC542EA7765FFC8B84F45403AEA0D8B791CF38E551C312

Function 00007FF629800788 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF6297FEC4A,?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000), ref: 00007FF6298007DD

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 5abeb196846a99efc048d9272fb7f243a149b6d2c5d53d359644ea1774af9d54
Instruction ID: b7e7fe76cb2e106d53747c2ddcf1f75b2ddce51c8c6a9fdf41da2fd137a87f02
Opcode Fuzzy Hash: 5abeb196846a99efc048d9272fb7f243a149b6d2c5d53d359644ea1774af9d54
Instruction Fuzzy Hash: 1AF04914B0B64690FF585F669D212B812819FC9B80F0C4834CD0FC62C2ED2DA481E613

Function 00000001800190BC Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,000000018001AC2E,?,?,000037B719E332F5,0000000180013B69,?,?,?,?,0000000180021DA2,?,?,00000000), ref: 0000000180019111

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: b5ea840a628f107a9da8338485d59c42d040e35b06e100e8d6cbc895d25b2cc2
Instruction ID: 2d049a45cd5562e9303f9dec3307b21b18cc0b01f45dbb24d3d7cdf7b57fb27d
Opcode Fuzzy Hash: b5ea840a628f107a9da8338485d59c42d040e35b06e100e8d6cbc895d25b2cc2
Instruction Fuzzy Hash: 5CF01D74306E0E65FFD757E698563D552955B8CBC0F0CC4316E0A866D6EE1CC6C98320

Function 00007FF6297FEDD0 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF62980252D,?,?,00000000,00007FF6297FA3FB,?,?,?,00007FF6297FC5D3,?,?,?,00007FF6297FC4C9), ref: 00007FF6297FEE0E

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: c5d91307553507d7a0b65c4578cb45837d9ca66b83f15ba5a6112bdae37f71ee
Instruction ID: 502cb2c02b37c9638db69580e4441c185f4e369ebf01c77ec18f25970220f41b
Opcode Fuzzy Hash: c5d91307553507d7a0b65c4578cb45837d9ca66b83f15ba5a6112bdae37f71ee
Instruction Fuzzy Hash: 69F08C11F0924381FE685F626C4127821809FC4BF8F0C4A34DD2FE72C2DE2CA4907117

Function 0000000180019170 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,0000000180021D89,?,?,00000000,000000018002397F,?,?,?,0000000180018293,?,?,?,0000000180018189), ref: 00000001800191AE

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: b709143ca084da33be42754c1e493520f3745cf4fca273073b856f6a6cafe918
Instruction ID: 8b076323ac14c9c74f5c2ceb88a10fe258386b5e316ed7e1eda9353324329690
Opcode Fuzzy Hash: b709143ca084da33be42754c1e493520f3745cf4fca273073b856f6a6cafe918
Instruction Fuzzy Hash: BEF01C70346E0E65FFE76AE258953E512916B8CBE0F08C6207D27867C6EE28C6898310

Function 00007FF6297DEED0 Relevance: 1.3, APIs: 1, Instructions: 28COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297F8940: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F896B

CloseHandle.KERNEL32 ref: 00007FF6297DEF19

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CloseHandle_invalid_parameter_noinfo
String ID:
API String ID: 1071934762-0
Opcode ID: 8f6790a5dd6a9596c7ab298d0e7d2b94e71c72f405498175d4b516057f61ba12
Instruction ID: 081a42d906e1f98acc2f62c435d7621739ab7c9d30f26a10c55f319c9527cbe3
Opcode Fuzzy Hash: 8f6790a5dd6a9596c7ab298d0e7d2b94e71c72f405498175d4b516057f61ba12
Instruction Fuzzy Hash: 2AF08222E0D95141FF259F16AC013A95221AFC8BE4F08443AED4EA7B96DE3CE0975725

Non-executed Functions

Function 00007FF6297D9320 Relevance: 68.5, APIs: 29, Strings: 10, Instructions: 221libraryloaderinjectionCOMMON

Download Yara Rule

APIs

GetSystemDirectoryA.KERNEL32 ref: 00007FF6297D9396
CreateProcessA.KERNEL32 ref: 00007FF6297D93F9
GetCurrentProcess.KERNEL32 ref: 00007FF6297D9407
OpenProcessToken.ADVAPI32 ref: 00007FF6297D941C
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6297D943A
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6297D9482
OpenProcess.KERNEL32 ref: 00007FF6297D949B
LoadLibraryA.KERNEL32 ref: 00007FF6297D94C5
GetProcAddress.KERNEL32 ref: 00007FF6297D94D5
LoadLibraryA.KERNEL32 ref: 00007FF6297D94E6
GetProcAddress.KERNEL32 ref: 00007FF6297D94F6
LoadLibraryA.KERNEL32 ref: 00007FF6297D9507
GetProcAddress.KERNEL32 ref: 00007FF6297D9517
LoadLibraryA.KERNEL32 ref: 00007FF6297D9528
GetProcAddress.KERNEL32 ref: 00007FF6297D9538
GetCurrentProcess.KERNEL32 ref: 00007FF6297D9542
GetProcessId.KERNEL32 ref: 00007FF6297D954B
GetModuleFileNameA.KERNEL32 ref: 00007FF6297D957F
VirtualAllocEx.KERNEL32 ref: 00007FF6297D95B5
WriteProcessMemory.KERNEL32 ref: 00007FF6297D95DC
VirtualProtectEx.KERNEL32 ref: 00007FF6297D960F
VirtualAllocEx.KERNEL32 ref: 00007FF6297D962E
WriteProcessMemory.KERNEL32 ref: 00007FF6297D9658
VirtualProtectEx.KERNEL32 ref: 00007FF6297D9684
CreateRemoteThread.KERNEL32 ref: 00007FF6297D96A7
Sleep.KERNEL32 ref: 00007FF6297D96BA
VirtualProtectEx.KERNEL32 ref: 00007FF6297D96DE
VirtualProtectEx.KERNEL32 ref: 00007FF6297D9702
ResumeThread.KERNEL32 ref: 00007FF6297D970B

Strings

WinExec, xrefs: 00007FF6297D9510
SeDebugPrivilege, xrefs: 00007FF6297D9433
@, xrefs: 00007FF6297D9617
ExitProcess, xrefs: 00007FF6297D94EF
Windows\System32\svchost.exe, xrefs: 00007FF6297D939C
WaitForSingleObject, xrefs: 00007FF6297D9531
h, xrefs: 00007FF6297D937D
OpenProcess, xrefs: 00007FF6297D94CE
Kernel32.dll, xrefs: 00007FF6297D94BE, 00007FF6297D94DB, 00007FF6297D94FC, 00007FF6297D951D
%s%s, xrefs: 00007FF6297D93B1

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Process$Virtual$AddressLibraryLoadProcProtect$AllocCreateCurrentMemoryOpenThreadTokenWrite$AdjustDirectoryFileLookupModuleNamePrivilegePrivilegesRemoteResumeSleepSystemValue
String ID: %s%s$@$ExitProcess$Kernel32.dll$OpenProcess$SeDebugPrivilege$WaitForSingleObject$WinExec$Windows\System32\svchost.exe$h
API String ID: 3040193174-4212407401
Opcode ID: 0c2d203bb3590072b2790da5483ee898493f9f682a060de060c9115ce93124ea
Instruction ID: 9e277898d85528f475cd6237a1f40e6e6be3919ea1a55b2cf95946e7ea53ea1d
Opcode Fuzzy Hash: 0c2d203bb3590072b2790da5483ee898493f9f682a060de060c9115ce93124ea
Instruction Fuzzy Hash: FFA15D32B19B8285EB218F21EC147E923A4FBC9B98F484535DA4D97B68DF3CD249D701

Function 00007FF6297DADB0 Relevance: 63.3, APIs: 30, Strings: 6, Instructions: 286stringclipboardfileCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,00000000,00000000,00002514,00000000,00000000,00000000,00007FF6297D79D1), ref: 00007FF6297DAE08
GetTickCount.KERNEL32 ref: 00007FF6297DAE0E
GetTickCount.KERNEL32 ref: 00007FF6297DAE25
OpenClipboard.USER32 ref: 00007FF6297DAE33
GetClipboardData.USER32 ref: 00007FF6297DAE3E
GlobalSize.KERNEL32 ref: 00007FF6297DAE53
GlobalLock.KERNEL32 ref: 00007FF6297DAE63
wsprintfW.USER32 ref: 00007FF6297DAECE
WaitForSingleObject.KERNEL32 ref: 00007FF6297DAEE0
CreateFileW.KERNEL32 ref: 00007FF6297DAF14
SetFilePointer.KERNEL32 ref: 00007FF6297DAF3C
lstrlenW.KERNEL32 ref: 00007FF6297DAF47
WriteFile.KERNEL32 ref: 00007FF6297DAF6A
CloseHandle.KERNEL32 ref: 00007FF6297DAF73
ReleaseMutex.KERNEL32 ref: 00007FF6297DAF80
GlobalUnlock.KERNEL32 ref: 00007FF6297DAF9B
CloseClipboard.USER32 ref: 00007FF6297DAFA1
GetForegroundWindow.USER32 ref: 00007FF6297DAFBB
GetWindowTextW.USER32 ref: 00007FF6297DAFD8
lstrlenW.KERNEL32 ref: 00007FF6297DB00E
GetLocalTime.KERNEL32 ref: 00007FF6297DB021
wsprintfW.USER32 ref: 00007FF6297DB074
GetKeyState.USER32 ref: 00007FF6297DB153
lstrlenW.KERNEL32 ref: 00007FF6297DB1A0
lstrlenW.KERNEL32 ref: 00007FF6297DB1C1
wsprintfW.USER32 ref: 00007FF6297DB211
wsprintfW.USER32 ref: 00007FF6297DB22F
lstrlenW.KERNEL32 ref: 00007FF6297DB2A7

Strings

[esc], xrefs: 00007FF6297DADFC
%s%s, xrefs: 00007FF6297DB207
%s%s, xrefs: 00007FF6297DB21B
[, xrefs: 00007FF6297DAEC2
%s%s, xrefs: 00007FF6297DB24D
[, xrefs: 00007FF6297DB05C

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: lstrlen$wsprintf$ClipboardFileGlobal$CloseCountTickWindow$CreateDataForegroundHandleLocalLockMutexObjectOpenPointerReleaseSingleSizeSleepStateTextTimeUnlockWaitWrite
String ID: [$[$%s%s$%s%s$%s%s$[esc]
API String ID: 3669393114-972647286
Opcode ID: e6ab48ff98ca9ddfa9a13a1758a8a9b1ffd3d9cd46131382e05cf3f4eced504b
Instruction ID: a7adf4e7b460d01facda70827200ab54773fe540d65808ce25a6cd2d67d3c538
Opcode Fuzzy Hash: e6ab48ff98ca9ddfa9a13a1758a8a9b1ffd3d9cd46131382e05cf3f4eced504b
Instruction Fuzzy Hash: A8D16C22E0964286EF149F55EC442BA33A0FFC5780F484936D94EC2BA5DF3CE548E752

Function 00007FF6297DD410 Relevance: 33.6, APIs: 15, Strings: 4, Instructions: 385stringtimeCOMMON

Download Yara Rule

APIs

GetLocalTime.KERNEL32 ref: 00007FF6297DD437
wsprintfW.USER32 ref: 00007FF6297DD47F
lstrlenW.KERNEL32 ref: 00007FF6297DD4C5
lstrlenW.KERNEL32 ref: 00007FF6297DD4E6
lstrlenW.KERNEL32 ref: 00007FF6297DD4F9
lstrlenW.KERNEL32 ref: 00007FF6297DD58D
lstrlenW.KERNEL32 ref: 00007FF6297DD5AC
lstrlenW.KERNEL32 ref: 00007FF6297DD5BF
lstrlenW.KERNEL32 ref: 00007FF6297DD649
lstrlenW.KERNEL32 ref: 00007FF6297DD65C
CreateEventA.KERNEL32 ref: 00007FF6297DD7AD

Strings

t1:, xrefs: 00007FF6297DD652
p1:, xrefs: 00007FF6297DD4EF
o1:, xrefs: 00007FF6297DD5B5
%4d.%2d.%2d-%2d:%2d:%2d, xrefs: 00007FF6297DD471

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: lstrlen$CreateEventLocalTimewsprintf
String ID: %4d.%2d.%2d-%2d:%2d:%2d$o1:$p1:$t1:
API String ID: 2157945651-1225219777
Opcode ID: fbc654699d2bcbc3c6c2a15488f06ec7da76675f7aed3d372cc1884bb28a3bff
Instruction ID: 771016760adc85e49fd45fa9721de950f9cf2b6fb133fa328309b87547b3fc58
Opcode Fuzzy Hash: fbc654699d2bcbc3c6c2a15488f06ec7da76675f7aed3d372cc1884bb28a3bff
Instruction Fuzzy Hash: 6AF1DD62A1869286EF209F25EC403BD23A0FFC6BD4F404235DA4E97B95DF7CA581D712

Function 00007FF6297D97A0 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 118libraryloaderfileCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32 ref: 00007FF6297D97D5
GetProcAddress.KERNEL32 ref: 00007FF6297D97E8
GetProcAddress.KERNEL32 ref: 00007FF6297D9816
FreeLibrary.KERNEL32 ref: 00007FF6297D9847
CreateFileW.KERNEL32 ref: 00007FF6297D9874
GetProcAddress.KERNEL32 ref: 00007FF6297D98BC
WriteFile.KERNEL32 ref: 00007FF6297D9906
CloseHandle.KERNEL32 ref: 00007FF6297D991E
Sleep.KERNEL32 ref: 00007FF6297D9931
GetProcAddress.KERNEL32 ref: 00007FF6297D9941
FreeLibrary.KERNEL32 ref: 00007FF6297D995C

Strings

InternetReadFile, xrefs: 00007FF6297D98B2
InternetOpenW, xrefs: 00007FF6297D97DE
InternetCloseHandle, xrefs: 00007FF6297D9937
MSIE 6.0, xrefs: 00007FF6297D97F9
wininet.dll, xrefs: 00007FF6297D97C3
InternetOpenUrlW, xrefs: 00007FF6297D980C

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: AddressProc$Library$FileFree$CloseCreateHandleLoadSleepWrite
String ID: InternetCloseHandle$InternetOpenUrlW$InternetOpenW$InternetReadFile$MSIE 6.0$wininet.dll
API String ID: 2977986460-1099148085
Opcode ID: b869be42eea26ef83cf2f127258845e1be2102d2018284c86f6782853b1c64bb
Instruction ID: ae16e1fd509da3b87a2588df7fbe89a80205fc9a6a622316fe8b0d9883a2a0e2
Opcode Fuzzy Hash: b869be42eea26ef83cf2f127258845e1be2102d2018284c86f6782853b1c64bb
Instruction Fuzzy Hash: FF41902660A64286EF609F11ED107BA67A0BFC9BD0F884534DD9E47758EF3CD145DB01

Function 00007FF6297E0E20 Relevance: 27.3, APIs: 18, Instructions: 322clipboardsleepmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297ED14C: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297ED169
Part of subcall function 00007FF6297ED14C: std::locale::_Setgloballocale.LIBCPMT ref: 00007FF6297ED18C
Part of subcall function 00007FF6297ED14C: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297ED221

Part of subcall function 00007FF6297E1620: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E1639
Part of subcall function 00007FF6297E1620: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E165E
Part of subcall function 00007FF6297E1620: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297E1688
Part of subcall function 00007FF6297E1620: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297E1722
Part of subcall function 00007FF6297E1620: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E1732
Part of subcall function 00007FF6297E1620: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E1757
Part of subcall function 00007FF6297E1620: std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297E1781

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E1062
lstrlenW.KERNEL32 ref: 00007FF6297E1085
Sleep.KERNEL32 ref: 00007FF6297E10E5
OpenClipboard.USER32 ref: 00007FF6297E10FB
GetClipboardData.USER32 ref: 00007FF6297E110A
GlobalLock.KERNEL32 ref: 00007FF6297E111B
GlobalUnlock.KERNEL32 ref: 00007FF6297E1136
CloseClipboard.USER32 ref: 00007FF6297E113C
CloseClipboard.USER32 ref: 00007FF6297E1158
OpenClipboard.USER32 ref: 00007FF6297E1180
EmptyClipboard.USER32 ref: 00007FF6297E118A
GlobalAlloc.KERNEL32 ref: 00007FF6297E11A2
GlobalLock.KERNEL32 ref: 00007FF6297E11B3
GlobalUnlock.KERNEL32 ref: 00007FF6297E11DD
SetClipboardData.USER32 ref: 00007FF6297E11EB
CloseClipboard.USER32 ref: 00007FF6297E11F1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E127E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E1284

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Lockitstd::_$Clipboard$GlobalLockit::_$Lockit::~_$Close_invalid_parameter_noinfo_noreturn$DataLockOpenUnlock$AllocEmptySetgloballocaleSleeplstrlenstd::locale::_
String ID:
API String ID: 1851032462-0
Opcode ID: 17d443d31020443c81c04e4431b72ce10fdf37fb1d3b70aafa3349b7f0a0e1e5
Instruction ID: abdc9c1c87c44bd06c8b2bf906a6a592a7fe4fb813f1630011b1c9a23928b4fe
Opcode Fuzzy Hash: 17d443d31020443c81c04e4431b72ce10fdf37fb1d3b70aafa3349b7f0a0e1e5
Instruction Fuzzy Hash: 94D19E62B09B8282EF149F65E8052BD63A1FFC4BD4F148635EA9D87B99DE3CE440D701

Function 00007FF6297DE3E9 Relevance: 26.3, APIs: 14, Strings: 1, Instructions: 64shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6297DE3E9
OpenProcessToken.ADVAPI32 ref: 00007FF6297DE3FE
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6297DE426
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6297DE44A
GetLastError.KERNEL32 ref: 00007FF6297DE450
CloseHandle.KERNEL32 ref: 00007FF6297DE45D
ExitWindowsEx.USER32 ref: 00007FF6297DE56F
GetCurrentProcess.KERNEL32 ref: 00007FF6297DE575
OpenProcessToken.ADVAPI32 ref: 00007FF6297DE58A
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6297DE5B2
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6297DE5D6
GetLastError.KERNEL32 ref: 00007FF6297DE5DC
CloseHandle.KERNEL32 ref: 00007FF6297DE5F1

Strings

SeShutdownPrivilege, xrefs: 00007FF6297DE415, 00007FF6297DE5A5

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue$ExitWindows
String ID: SeShutdownPrivilege
API String ID: 1423298842-3733053543
Opcode ID: 207f020c3be7a49f4dae7fd528dd377aaad196edefdcd6a65a6542525f0315a2
Instruction ID: 43f3b206a46ea1ca97fd261366bee86f61dfe7bf0dfdeaab2f80840b6e9ee435
Opcode Fuzzy Hash: 207f020c3be7a49f4dae7fd528dd377aaad196edefdcd6a65a6542525f0315a2
Instruction Fuzzy Hash: AE314F76A09E8281EB208F25EC143AE6360FFC4B56F448435DA4ED3664CF3DD18AD711

Function 00007FF6297DE46D Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 62shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6297DE46D
OpenProcessToken.ADVAPI32 ref: 00007FF6297DE482
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6297DE4AA
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6297DE4CE
GetLastError.KERNEL32 ref: 00007FF6297DE4D4
CloseHandle.KERNEL32 ref: 00007FF6297DE4E1
ExitWindowsEx.USER32 ref: 00007FF6297DE56F
GetCurrentProcess.KERNEL32 ref: 00007FF6297DE575
OpenProcessToken.ADVAPI32 ref: 00007FF6297DE58A
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6297DE5B2
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6297DE5D6
GetLastError.KERNEL32 ref: 00007FF6297DE5DC
CloseHandle.KERNEL32 ref: 00007FF6297DE5F1

Strings

SeShutdownPrivilege, xrefs: 00007FF6297DE499, 00007FF6297DE5A5

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue$ExitWindows
String ID: SeShutdownPrivilege
API String ID: 1423298842-3733053543
Opcode ID: eb7aa2d56a82b613c27039d286a92213749df77ba304c44aa2638bc2cb38e150
Instruction ID: 5c460799dda6eefa19a52a1ca8c0349174485c22a1435c5949ab0b51eb287293
Opcode Fuzzy Hash: eb7aa2d56a82b613c27039d286a92213749df77ba304c44aa2638bc2cb38e150
Instruction Fuzzy Hash: FE313076A09E8281EB208F25EC143AE6360FFC4B56F448435DA4ED3668DF3DD19AD711

Function 00007FF6297DE4EE Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 61shutdownCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF6297DE4EE
OpenProcessToken.ADVAPI32 ref: 00007FF6297DE503
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6297DE52B
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6297DE54F
GetLastError.KERNEL32 ref: 00007FF6297DE555
CloseHandle.KERNEL32 ref: 00007FF6297DE562
ExitWindowsEx.USER32 ref: 00007FF6297DE56F
GetCurrentProcess.KERNEL32 ref: 00007FF6297DE575
OpenProcessToken.ADVAPI32 ref: 00007FF6297DE58A
LookupPrivilegeValueW.ADVAPI32 ref: 00007FF6297DE5B2
AdjustTokenPrivileges.ADVAPI32 ref: 00007FF6297DE5D6
GetLastError.KERNEL32 ref: 00007FF6297DE5DC
CloseHandle.KERNEL32 ref: 00007FF6297DE5F1

Strings

SeShutdownPrivilege, xrefs: 00007FF6297DE51A, 00007FF6297DE5A5

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ProcessToken$AdjustCloseCurrentErrorHandleLastLookupOpenPrivilegePrivilegesValue$ExitWindows
String ID: SeShutdownPrivilege
API String ID: 1423298842-3733053543
Opcode ID: 2905a319caa5e6a93b8be62912fe952188e187deaf7a97c308075b004fe8cd81
Instruction ID: af4aa99bdd03dfc0803bbf0af20588a868a8ac9ce12124c6371091959a3b3d25
Opcode Fuzzy Hash: 2905a319caa5e6a93b8be62912fe952188e187deaf7a97c308075b004fe8cd81
Instruction Fuzzy Hash: 23313076A09E8281EB208F25EC143AA6360FFC4B56F448435DA4ED3668CF3DD18AD701

Function 00007FF629808584 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF6298085D2
_invalid_parameter_noinfo.LIBCMT ref: 00007FF629808C3E
_invalid_parameter_noinfo.LIBCMT ref: 00007FF629808DB4
_invalid_parameter_noinfo.LIBCMT ref: 00007FF629809072
_invalid_parameter_noinfo.LIBCMT ref: 00007FF629809292
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6298094CF
memcpy_s.LIBCPMT ref: 00007FF6298095AA
memcpy_s.LIBCPMT ref: 00007FF629809655
memcpy_s.LIBCPMT ref: 00007FF629809724

Strings

1#QNAN, xrefs: 00007FF6298086EB
1#IND, xrefs: 00007FF6298086BF
1#SNAN, xrefs: 00007FF6298086E2
1#INF, xrefs: 00007FF6298086FB

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 622423286a591ad007cfa081ef015de5a4a39bf13039204cb660433145fa8b31
Instruction ID: 38cbe17930cf9d3979cedf0cb00dabf186a84a6694ece8b26376da6f717b343d
Opcode Fuzzy Hash: 622423286a591ad007cfa081ef015de5a4a39bf13039204cb660433145fa8b31
Instruction Fuzzy Hash: EAB2E472F1A2828BEB648E64D8407FD37A1FB94388F485935DA0D97A84DF3DE940DB41

Function 0000000180024114 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 0000000180024162
_invalid_parameter_noinfo.LIBCMT ref: 00000001800247CE
_invalid_parameter_noinfo.LIBCMT ref: 0000000180024944
_invalid_parameter_noinfo.LIBCMT ref: 0000000180024C02
_invalid_parameter_noinfo.LIBCMT ref: 0000000180024E22
_invalid_parameter_noinfo.LIBCMT ref: 000000018002505F
memcpy_s.LIBCPMT ref: 000000018002513A
memcpy_s.LIBCPMT ref: 00000001800251E5
memcpy_s.LIBCPMT ref: 00000001800252B4

Strings

1#QNAN, xrefs: 000000018002427B
1#INF, xrefs: 000000018002428B
1#IND, xrefs: 000000018002424F
1#SNAN, xrefs: 0000000180024272

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: b048f9b4f73a4be62ca3b9bf14666876d0c5ef1426e987c813675f3b55613251
Instruction ID: 57dd0fdac93f6d9dc7dbc0e89f4f3b56aeeb59b00423ec569deab424ad5bf23b
Opcode Fuzzy Hash: b048f9b4f73a4be62ca3b9bf14666876d0c5ef1426e987c813675f3b55613251
Instruction Fuzzy Hash: F2B2C173B142988BE7A7CF68D4407ED77A1F3587C8F509125EA0A5BA88DB74DB48CB40

Function 00007FF6297DB410 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 232memorytimeCOMMON

Download Yara Rule

APIs

CreateEventW.KERNEL32 ref: 00007FF6297DB444

Part of subcall function 00007FF6297D1200: GetProcessHeap.KERNEL32 ref: 00007FF6297D1236

HeapCreate.KERNEL32 ref: 00007FF6297DB50F
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF6297DB56F
CreateEventW.KERNEL32 ref: 00007FF6297DB5A2
CreateEventW.KERNEL32 ref: 00007FF6297DB5C2
CreateEventW.KERNEL32 ref: 00007FF6297DB5E2
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF6297DB6B3
InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF6297DB6C7
timeGetTime.WINMM ref: 00007FF6297DB739
CreateEventW.KERNEL32 ref: 00007FF6297DB74F
CreateEventW.KERNEL32 ref: 00007FF6297DB763

Strings

<, xrefs: 00007FF6297DB47D
<, xrefs: 00007FF6297DB484

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Create$Event$CountCriticalInitializeSectionSpin$Heap$ProcessTimetime
String ID: <$<
API String ID: 2446585644-213342407
Opcode ID: b57f68b10ee80213c52702a7f8fdc3c9127efbb73382aa70b8132b9072a1b558
Instruction ID: 54d62515fc68fb8bd20d50b8a0d5fe722b1a0a3471b78475f62405e61a64ed91
Opcode Fuzzy Hash: b57f68b10ee80213c52702a7f8fdc3c9127efbb73382aa70b8132b9072a1b558
Instruction Fuzzy Hash: F6B16C72605B818AEB44DF75E8843A933A9FB84B48F58453CCF4C4B799DF38A064D729

Function 00007FF6297E0900 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 129registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32 ref: 00007FF6297E0970
RegQueryValueExW.ADVAPI32 ref: 00007FF6297E09EF
lstrcpyW.KERNEL32 ref: 00007FF6297E0B72
RegCloseKey.ADVAPI32 ref: 00007FF6297E0B84
RegCloseKey.ADVAPI32 ref: 00007FF6297E0B92

Strings

%08X, xrefs: 00007FF6297E0B0D

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Close$OpenQueryValuelstrcpy
String ID: %08X
API String ID: 2032971926-3773563069
Opcode ID: 5daa38b5fec1510e7cc40f4dc4df9c16a8fb62c5527b438061e7080e78411b39
Instruction ID: 28229900660663be6c2384513e9d7dcbf002ad6feb5784c68212006d87c823b4
Opcode Fuzzy Hash: 5daa38b5fec1510e7cc40f4dc4df9c16a8fb62c5527b438061e7080e78411b39
Instruction Fuzzy Hash: 8D51076260CA8195EB708F25E8442AAB3A0FBC5794F844235DBDD83AA8EF3CD545DB05

Function 00007FF6298076DC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6297FEA70: GetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA7F
Part of subcall function 00007FF6297FEA70: FlsGetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA94
Part of subcall function 00007FF6297FEA70: SetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB1F

TranslateName.LIBCMT ref: 00007FF629807746
TranslateName.LIBCMT ref: 00007FF629807781
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF6297FD4D8), ref: 00007FF6298077C8
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF6297FD4D8), ref: 00007FF629807800
GetLocaleInfoW.KERNEL32 ref: 00007FF6298079BD

Strings

utf8, xrefs: 00007FF6298078E4

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 37be7df193da29510b7907e0100bbba6fd90f4b6abfc1b920c48fd0307dd32be
Instruction ID: c8c0f26fb9d17c778134018660b8ab1b7dcadd4531024a1b7dd9be52a54bcfc2
Opcode Fuzzy Hash: 37be7df193da29510b7907e0100bbba6fd90f4b6abfc1b920c48fd0307dd32be
Instruction Fuzzy Hash: 7C918B32A0A74285EF249F21DC016B922A4EFC4B80F488935DA5D97796EF3CE951E742

Function 0000000180026FA4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001AA54: GetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA63
Part of subcall function 000000018001AA54: FlsGetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA78
Part of subcall function 000000018001AA54: SetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AB03

TranslateName.LIBCMT ref: 000000018002700E
TranslateName.LIBCMT ref: 0000000180027049
GetACP.KERNEL32(?,?,?,00000000,00000092,000000018001B5D8), ref: 0000000180027090
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,000000018001B5D8), ref: 00000001800270C8
GetLocaleInfoW.KERNEL32 ref: 0000000180027285

Strings

utf8, xrefs: 00000001800271AC

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodeInfoLocalePageValidValue
String ID: utf8
API String ID: 3069159798-905460609
Opcode ID: 4ffd2c8f3ef1bc4c4732562623f523084972b696f64dccd1426ec82ada748800
Instruction ID: a387079458b9de82b9c7a8ee0bdcb34ac007714a2e822cee88a4d9564f636d0e
Opcode Fuzzy Hash: 4ffd2c8f3ef1bc4c4732562623f523084972b696f64dccd1426ec82ada748800
Instruction Fuzzy Hash: A891773230078886EBA79B61D5413E963A6EB88BC0F54C126EE5C47796EF39CB5DC341

Function 00007FF629808124 Relevance: 10.7, APIs: 7, Instructions: 172COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6297FEA70: GetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA7F
Part of subcall function 00007FF6297FEA70: FlsGetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA94
Part of subcall function 00007FF6297FEA70: SetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB1F

Part of subcall function 00007FF6297FEA70: FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEAB5

GetUserDefaultLCID.KERNEL32(00000000,00000092,?,?), ref: 00007FF629808294

Part of subcall function 00007FF6297FEA70: FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEAE2
Part of subcall function 00007FF6297FEA70: FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEAF3
Part of subcall function 00007FF6297FEA70: FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB04

EnumSystemLocalesW.KERNEL32(00000000,00000092,?,?,00000000,?,?,00007FF6297FD4D1), ref: 00007FF62980827B
ProcessCodePage.LIBCMT ref: 00007FF6298082BE
IsValidCodePage.KERNEL32 ref: 00007FF6298082D0
IsValidLocale.KERNEL32 ref: 00007FF6298082E6
GetLocaleInfoW.KERNEL32 ref: 00007FF629808342
GetLocaleInfoW.KERNEL32 ref: 00007FF62980835E

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 93b063b9324fe15be09d4fe66c93335811eaa82d2ace1cc8264bc73b4ee43e9a
Instruction ID: 65c14cdb478fae4d5d1aa65df87d5f86f00e719473fb07a957ebdd264cfce199
Opcode Fuzzy Hash: 93b063b9324fe15be09d4fe66c93335811eaa82d2ace1cc8264bc73b4ee43e9a
Instruction Fuzzy Hash: DB715922B1AB028AFF519F60DC506B923A0BF84B84F484935CA1D93695EF3DE485E352

Function 00000001800279EC Relevance: 10.7, APIs: 7, Instructions: 171COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001AA54: GetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA63
Part of subcall function 000000018001AA54: FlsGetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA78
Part of subcall function 000000018001AA54: SetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AB03

Part of subcall function 000000018001AA54: FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA99

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 0000000180027B5C

Part of subcall function 000000018001AA54: FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AAC6
Part of subcall function 000000018001AA54: FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AAD7
Part of subcall function 000000018001AA54: FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AAE8

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,000000018001B5D1), ref: 0000000180027B43
ProcessCodePage.LIBCMT ref: 0000000180027B86
IsValidCodePage.KERNEL32 ref: 0000000180027B98
IsValidLocale.KERNEL32 ref: 0000000180027BAE
GetLocaleInfoW.KERNEL32 ref: 0000000180027C0A
GetLocaleInfoW.KERNEL32 ref: 0000000180027C26

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 5c91a6227937ad05a2b05696b8f827191cd932c76757b85b9e837c6fb46ce494
Instruction ID: 8e7cf2e13182192303855a75ab31bf7ded5d87f643afd0cea190ef8e38b898c1
Opcode Fuzzy Hash: 5c91a6227937ad05a2b05696b8f827191cd932c76757b85b9e837c6fb46ce494
Instruction Fuzzy Hash: 3E7188327006088AFB979B61D8507ED23B6BB4CB84F548026AE1D577D6EF78CA4DC311

Function 00007FF6297EE54C Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF6297EE568
RtlCaptureContext.KERNEL32 ref: 00007FF6297EE595
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6297EE5AF
RtlVirtualUnwind.KERNEL32 ref: 00007FF6297EE5F0
IsDebuggerPresent.KERNEL32 ref: 00007FF6297EE644
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6297EE661
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6297EE66C

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 18c7dfee12948f11b2b1ef149d65aa3e1b9c7e2d1ea7ed06afb51cbb3a88d299
Instruction ID: 81b9118ab963c12c0df3edd79fed144bfd5b1f5ce17fd97e889fee0ed9231a4e
Opcode Fuzzy Hash: 18c7dfee12948f11b2b1ef149d65aa3e1b9c7e2d1ea7ed06afb51cbb3a88d299
Instruction Fuzzy Hash: 3F313D72609B8186EB609F60EC403EE7364FB84754F48443ADA8E87B95EF3CD648C715

Function 000000018000C160 Relevance: 10.6, APIs: 7, Instructions: 71COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 000000018000C17C
RtlCaptureContext.KERNEL32 ref: 000000018000C1A9
RtlLookupFunctionEntry.KERNEL32 ref: 000000018000C1C3
RtlVirtualUnwind.KERNEL32 ref: 000000018000C204
IsDebuggerPresent.KERNEL32 ref: 000000018000C258
SetUnhandledExceptionFilter.KERNEL32 ref: 000000018000C275
UnhandledExceptionFilter.KERNEL32 ref: 000000018000C280

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: 5f59febad1cd53dd64ccc9711ed8756e5755807797b4d191df3d8d23b24d07d8
Instruction ID: c01d8533b26f4ce1c90f8e8b7de78dcd22b8cb5801f89fecd0ee8157cebbaf04
Opcode Fuzzy Hash: 5f59febad1cd53dd64ccc9711ed8756e5755807797b4d191df3d8d23b24d07d8
Instruction Fuzzy Hash: 78313072205B8896EBA2DF60E8407ED7364F789784F44802AEB4E47B99DF78C65CC710

Function 00007FF6297DE36A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 31COMMON

Download Yara Rule

APIs

OpenEventLogW.ADVAPI32 ref: 00007FF6297DE397
ClearEventLogW.ADVAPI32 ref: 00007FF6297DE3AA
CloseEventLog.ADVAPI32 ref: 00007FF6297DE3B3

Strings

System, xrefs: 00007FF6297DE382
Application, xrefs: 00007FF6297DE36A
Security, xrefs: 00007FF6297DE376

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Event$ClearCloseOpen
String ID: Application$Security$System
API String ID: 1391105993-2169399579
Opcode ID: 2cf3709b3cb76df16a2a92579992847c2f846cbe0948eda6c13293e34c808135
Instruction ID: 56f8bb15b51094aeca1a0f988efc568024b18ac23f09254889ca42e5b5a1c345
Opcode Fuzzy Hash: 2cf3709b3cb76df16a2a92579992847c2f846cbe0948eda6c13293e34c808135
Instruction Fuzzy Hash: 45F0F436A0EF4181EE168F19FC40266A3A4FFC97A4F084435C95D83764EF3CD0A6A711

Function 00007FF6297F3A6C Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF6297F3AE5
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF6297F3AFD
RtlVirtualUnwind.KERNEL32 ref: 00007FF6297F3B38
IsDebuggerPresent.KERNEL32 ref: 00007FF6297F3B71
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF6297F3B7B
UnhandledExceptionFilter.KERNEL32 ref: 00007FF6297F3B86

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: e6fb25ffa18b66ffda036dc74a26e2becfae59b68bb230e1827b5a608bc93c87
Instruction ID: 0b460acc62d88813e644b25a67d62403293cd5da380e414e851c2194ac741efb
Opcode Fuzzy Hash: e6fb25ffa18b66ffda036dc74a26e2becfae59b68bb230e1827b5a608bc93c87
Instruction Fuzzy Hash: 28314B32618B8186DF60CF25EC502AE73A4FBC8798F544536EA9D83B99EF3CD5458B01

Function 0000000180013728 Relevance: 9.1, APIs: 6, Instructions: 83COMMON

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00000001800137A1
RtlLookupFunctionEntry.KERNEL32 ref: 00000001800137B9
RtlVirtualUnwind.KERNEL32 ref: 00000001800137F4
IsDebuggerPresent.KERNEL32 ref: 000000018001382D
SetUnhandledExceptionFilter.KERNEL32 ref: 0000000180013837
UnhandledExceptionFilter.KERNEL32 ref: 0000000180013842

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 33cd27800031f05acb55e5e13d246fb18deae1c6977fcd484fe98010cd05925a
Instruction ID: 6d24a55285349e0a32466ab3cede31ef7ad3e5f641f293ad9a4a16c4e4bf81d4
Opcode Fuzzy Hash: 33cd27800031f05acb55e5e13d246fb18deae1c6977fcd484fe98010cd05925a
Instruction Fuzzy Hash: DB316D32204F8896EBA2CF25E8413DE73A4F78C794F504126FA9D43B99DF38C6598B00

Function 00007FF629803EF0 Relevance: 7.8, APIs: 5, Instructions: 282COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF629803F3C
FindFirstFileExW.KERNEL32 ref: 00007FF629804046

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: FileFindFirst_invalid_parameter_noinfo
String ID:
API String ID: 2227656907-0
Opcode ID: 116a84698524b3bcd43aaaa4f2cca2c7c536e0f4c45a8280c933762a24cf8a5b
Instruction ID: eceb2239a555597516b58e629fea01f06fc1030e2b92dfbe7523371a570c83e5
Opcode Fuzzy Hash: 116a84698524b3bcd43aaaa4f2cca2c7c536e0f4c45a8280c933762a24cf8a5b
Instruction Fuzzy Hash: 12B1E322B5E69281EF609F35AC002B963A0EFD4BE4F484535EE5D97BC5EE3CE4419302

Function 0000000180003600 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 490COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00000001800038D6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 0000000180003BB2

Strings

+, xrefs: 0000000180003A66
%, xrefs: 0000000180003A5A

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: %$+
API String ID: 3668304517-2626897407
Opcode ID: 401c2c817e2d62c7e15ad231be4f1ea01391d3613e5bd2f1ed5587ee333836ca
Instruction ID: 0c72ac5516831097d69609888773abc90fa9e593fe57e52def4325b8c611952b
Opcode Fuzzy Hash: 401c2c817e2d62c7e15ad231be4f1ea01391d3613e5bd2f1ed5587ee333836ca
Instruction Fuzzy Hash: D412F322714AD889FB67CB66D8423ED7765A7597D8F048211FE4917BC5DF38C689C300

Function 00007FF6297EC70C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6297EC76D
IsDebuggerPresent.KERNEL32 ref: 00007FF6297EC785
OutputDebugStringW.KERNEL32 ref: 00007FF6297EC796

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF6297EC78F

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: efbf15865cd5c1087f73e292c5c5f3e8b2dd5a504a7ddbe30f15df4fd023cf7f
Instruction ID: d60f073e8dbae69b5dd5e71bdd89ed48bb0ad8d4e68a47e722ba877c23af7970
Opcode Fuzzy Hash: efbf15865cd5c1087f73e292c5c5f3e8b2dd5a504a7ddbe30f15df4fd023cf7f
Instruction Fuzzy Hash: 65114C32A14B82A7FB059F22EE447B932A4FF84745F488535CA4DC2A91EF7CE064D711

Function 000000018000C064 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 000000018000C090
GetCurrentThreadId.KERNEL32 ref: 000000018000C09E
GetCurrentProcessId.KERNEL32 ref: 000000018000C0AA
QueryPerformanceCounter.KERNEL32 ref: 000000018000C0BA

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 927d23f7388810727b65f4af3e9c2e8883e14348d687a394dfa295301dddcc79
Instruction ID: 7967a0d1a800e18c5bfa54f6fda78da02fc195afd4f09031c61e2bb1e7150352
Opcode Fuzzy Hash: 927d23f7388810727b65f4af3e9c2e8883e14348d687a394dfa295301dddcc79
Instruction Fuzzy Hash: B3113032710F088AEB41CF60E8543E933A4F35D798F444E26EA6D467A4DF78C6998740

Function 00007FF6297FB350 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF6297FB3B6
memcpy_s.LIBCPMT ref: 00007FF6297FB3E1

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: a3a34dc7f104a5757306e0e4006adbba08ef9a00a3e13a0073f806107d450ba3
Instruction ID: bb59f6119dc66d405845deec4cda829af1dca9987cde8d92b0ad11c284a4d332
Opcode Fuzzy Hash: a3a34dc7f104a5757306e0e4006adbba08ef9a00a3e13a0073f806107d450ba3
Instruction Fuzzy Hash: 71C1C272B1868687EB248F15A54466AB791FBC8BC8F448139DF4E97B44DE3DE801DB40

Function 0000000180016AF0 Relevance: 4.8, APIs: 3, Instructions: 340COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 0000000180016B56
memcpy_s.LIBCPMT ref: 0000000180016B81

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: 8101bab96facb9530bfb020494a0e1e968264cdbe7156957248635d7c5768935
Instruction ID: bf614ab6d02e44b5a5fe724c9a5807cb5da0b99d48dbd710ea59ddea60537a81
Opcode Fuzzy Hash: 8101bab96facb9530bfb020494a0e1e968264cdbe7156957248635d7c5768935
Instruction Fuzzy Hash: 7EC11972B14A8887D766CF15F4447AAB7A1F388BC4F45C129EB4A43794DF39DA09CB40

Function 00007FF629807BA0 Relevance: 4.7, APIs: 3, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297FEA70: GetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA7F
Part of subcall function 00007FF6297FEA70: FlsGetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA94
Part of subcall function 00007FF6297FEA70: SetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB1F

Part of subcall function 00007FF6297FEA70: FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEAB5

GetLocaleInfoW.KERNEL32 ref: 00007FF629807C0C

Part of subcall function 00007FF629803D2C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF629803D49

GetLocaleInfoW.KERNEL32 ref: 00007FF629807C55

Part of subcall function 00007FF629803D2C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF629803DA2

GetLocaleInfoW.KERNEL32 ref: 00007FF629807D1D

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: 4cc450313fabdbeb162ddf05968ccc59476cdba522b4e591624cd7ebb73d4fc8
Instruction ID: c0479ce25a813ff94aa45e9dfa76d8afa4bb2ac0f29d3a2eb6581448fdcdadcc
Opcode Fuzzy Hash: 4cc450313fabdbeb162ddf05968ccc59476cdba522b4e591624cd7ebb73d4fc8
Instruction Fuzzy Hash: 88617E72A0A6428AEF748F21ED802B973A1FBC4744F088536CB9ED7695DE3CE551D702

Function 0000000180027468 Relevance: 4.7, APIs: 3, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001AA54: GetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA63
Part of subcall function 000000018001AA54: FlsGetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA78
Part of subcall function 000000018001AA54: SetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AB03

Part of subcall function 000000018001AA54: FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA99

GetLocaleInfoW.KERNEL32 ref: 00000001800274D4

Part of subcall function 0000000180022018: _invalid_parameter_noinfo.LIBCMT ref: 0000000180022035

GetLocaleInfoW.KERNEL32 ref: 000000018002751D

Part of subcall function 0000000180022018: _invalid_parameter_noinfo.LIBCMT ref: 000000018002208E

GetLocaleInfoW.KERNEL32 ref: 00000001800275E5

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: InfoLocale$ErrorLastValue_invalid_parameter_noinfo
String ID:
API String ID: 1791019856-0
Opcode ID: e7c8a4d6f19e2a9cb120b9e5f6357821d79c56e7fe48c26ec1b2605e34c34f74
Instruction ID: ea540673a1e875a988def7a9043cec9d425756d79e228d6f43f6c29a4f6e8ebd
Opcode Fuzzy Hash: e7c8a4d6f19e2a9cb120b9e5f6357821d79c56e7fe48c26ec1b2605e34c34f74
Instruction Fuzzy Hash: 2961AF32300A498AEBB78F15E5853E9B3A2F3987C4F44C125EB9D83696DF78C659C740

Function 00007FF629800D10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF6297FD6AA), ref: 00007FF629800D84

Strings

GetLocaleInfoEx, xrefs: 00007FF629800D2C, 00007FF629800D3D

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 053289818baea42516c59c341b95a57cf593464f2c81e046735848086310e6c4
Instruction ID: 1bede23ffda47f87c8193841b2363ab940b6fb08d208abca6ebc2050d25b8da0
Opcode Fuzzy Hash: 053289818baea42516c59c341b95a57cf593464f2c81e046735848086310e6c4
Instruction Fuzzy Hash: 9801A220B09B8286EF008F56BC405AAA760FFC5BD0F5D8836EE5D83B66CE3CD5419381

Function 000000018001D748 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,000000018001B7AA), ref: 000000018001D7BC

Strings

GetLocaleInfoEx, xrefs: 000000018001D764, 000000018001D775

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 18b4ca0eb88ef80670aff3477e6701f020a0a5759cb10721226424d859e7884e
Instruction ID: 156160e26a38140b60a2807731a9a6f05caee1a425b4a41eaf59a8b4e33b94ce
Opcode Fuzzy Hash: 18b4ca0eb88ef80670aff3477e6701f020a0a5759cb10721226424d859e7884e
Instruction Fuzzy Hash: D401D630304B8886E7869B56B4403CAB360FB8CFD0F98C026FE4913B55CE38CA498340

Function 00007FF629803760 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF6298039AF
RaiseException.KERNEL32 ref: 00007FF6298039C0

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: d1d57c0b9bdf7be1867346d5e9c7cf9c26021b93baf768b42c1e913034eff148
Instruction ID: 389f0b87e379a781abc7bd4354c5e0d719b98df2d96e4e3d8b0bb77097eca73d
Opcode Fuzzy Hash: d1d57c0b9bdf7be1867346d5e9c7cf9c26021b93baf768b42c1e913034eff148
Instruction Fuzzy Hash: 65B14A77A19B898BEB15CF29C84636C7BA0F784B48F188922DA5D837A4CF3DD451D701

Function 000000018001CCFC Relevance: 3.2, APIs: 2, Instructions: 227COMMON

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 000000018001CF4B
RaiseException.KERNEL32 ref: 000000018001CF5C

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 64edc78ecfd727663a2eec849e4f94a3e23609f055b790b63dac00a5eec0822b
Instruction ID: 157f6c65db41ecfeecb567327d8779fe537be203eb86134e2953601b35ace97b
Opcode Fuzzy Hash: 64edc78ecfd727663a2eec849e4f94a3e23609f055b790b63dac00a5eec0822b
Instruction Fuzzy Hash: FDB15C77200B888BEB56CF29C84679C3BE1F388B88F15C915EB5983BA4CB39C556C705

Function 00007FF6297F7340 Relevance: 2.8, Strings: 2, Instructions: 350COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6297F76F0
, xrefs: 00007FF6297F74AE

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-227171996
Opcode ID: f4d1caadcdf6a988165dfb6027386ea397a00727bebf28c93510380ffb834353
Instruction ID: c2b59749609b74643b3a643b46a51e8c62e5180fd6ec7c19111231d983d95688
Opcode Fuzzy Hash: f4d1caadcdf6a988165dfb6027386ea397a00727bebf28c93510380ffb834353
Instruction Fuzzy Hash: 37E1D232A1864682EF688E29885013D37A0FFC5BCCF245235DE5EA7794DF39E851E742

Function 00007FF6297FF6B0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

gfff, xrefs: 00007FF6297FF83A
e+000, xrefs: 00007FF6297FF7BD

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: 7a480f9cb63785b231e93cdb4053ba6ead140b4a31814c2e6dd1f53a1ff5a9d1
Instruction ID: 0886cf8349eb524f940676018b78d0907b04f7aebd05000deaa52e793cd83053
Opcode Fuzzy Hash: 7a480f9cb63785b231e93cdb4053ba6ead140b4a31814c2e6dd1f53a1ff5a9d1
Instruction Fuzzy Hash: B8515667B182C586EB248E359D01769BB91E7C4BD8F488231CFAC9BAD5CE3DE0459702

Function 000000018001973C Relevance: 2.6, Strings: 2, Instructions: 144COMMON

Download Yara Rule

Strings

gfff, xrefs: 00000001800198C6
e+000, xrefs: 0000000180019849

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID: e+000$gfff
API String ID: 0-3030954782
Opcode ID: 7839747eeb9cec4fd4c8cce22d1961d615cc2eef855c1dfbf2e657f5c8e8a5df
Instruction ID: 4b170b0a227cc471e01380ac096fa8c2442fefdb737c4e13e3d6401bd183a735
Opcode Fuzzy Hash: 7839747eeb9cec4fd4c8cce22d1961d615cc2eef855c1dfbf2e657f5c8e8a5df
Instruction Fuzzy Hash: 5F516B32718AC846E7A68E75D8017D9BB91F349BD4F48C225EBA447BC5CF39C648C700

Function 00007FF6297FA4F8 Relevance: 1.9, APIs: 1, Instructions: 373COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF6297FA640

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: ef971687b4d926983742e7774fd885bf35e4f0216a13785a2dd56e9bb41dc7e4
Instruction ID: e29789b478fb275f1e8c6ad0c81750455828c8fc06a725fca25db7cedaf83b5d
Opcode Fuzzy Hash: ef971687b4d926983742e7774fd885bf35e4f0216a13785a2dd56e9bb41dc7e4
Instruction Fuzzy Hash: CD12B422908BC586EB55CF3899052FD73A4FB98788F059235EF9D83652EF38E185D701

Function 000000018001630C Relevance: 1.9, APIs: 1, Instructions: 373COMMON

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 0000000180016454

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Info
String ID:
API String ID: 1807457897-0
Opcode ID: 0b8bb1b34a0c2f1e30a2356161536a014fb88af5f51ffa66bb3df95501b28b5c
Instruction ID: 3c4fc3300faa48db14865e6a4ff872402a45db70766de693992efec69ed5bd17
Opcode Fuzzy Hash: 0b8bb1b34a0c2f1e30a2356161536a014fb88af5f51ffa66bb3df95501b28b5c
Instruction Fuzzy Hash: AE128D32A09BC886E792CF3898553ED77A4F75D788F45D215EB9883692EF34D289C700

Function 00007FF629805D34 Relevance: 1.8, APIs: 1, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8414e77b36878549f5b0e3bccc639848814f899fad4efa7dd0a1f809894a600d
Instruction ID: 2eead6120dde2243a313d5d22804b89ef76d264b873d3b572b93ef2b9c021bce
Opcode Fuzzy Hash: 8414e77b36878549f5b0e3bccc639848814f899fad4efa7dd0a1f809894a600d
Instruction Fuzzy Hash: 6CE16032A05B8186EB20DF61E8502EE67A4FB94788F444A35DF8E93B56DF7CD245D301

Function 000000018002579C Relevance: 1.8, APIs: 1, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afb9a5e56fd1efeb5a79563753703eec6417f171a818c239c85cc8112bc2bbb
Instruction ID: e53b30f7492d9f50eeaa436770ac225c724aeacfd510853a63653c83ee606128
Opcode Fuzzy Hash: 6afb9a5e56fd1efeb5a79563753703eec6417f171a818c239c85cc8112bc2bbb
Instruction Fuzzy Hash: 60E16136601B8886E762DB61E4403EE77A4F3587C8F418626AF8D53B96EF78C359C340

Function 00007FF6297D2E50 Relevance: 1.8, Strings: 1, Instructions: 571COMMON

Download Yara Rule

Strings

[RO] %ld bytes, xrefs: 00007FF6297D3450, 00007FF6297D35BB

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID: [RO] %ld bytes
API String ID: 0-772938740
Opcode ID: 2a2e8e66bac2129e6156a5cab3092c46a0c869edfc0550a0c0319ad8eb13d815
Instruction ID: 0859a1fcee40f2c7ea1b0b7c8ce338931986d9a52f73fc0dc0415a6b16c38c0e
Opcode Fuzzy Hash: 2a2e8e66bac2129e6156a5cab3092c46a0c869edfc0550a0c0319ad8eb13d815
Instruction Fuzzy Hash: 1D42A0336093C5CFC728CF28D84026E7BA1F755B88F448129DB8A87B46DB38E955CB61

Function 000000018002262C Relevance: 1.6, APIs: 1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54882ea8b6c9d5ba74674056cf66cbb49d54c44a5f7a74155c37b7cda10e4cc9
Instruction ID: 0a66dcab7d219d87d19b15b5397b2ad04345f92aff25d62f10166f4fe4474c82
Opcode Fuzzy Hash: 54882ea8b6c9d5ba74674056cf66cbb49d54c44a5f7a74155c37b7cda10e4cc9
Instruction Fuzzy Hash: EC510532700B9495FB629BB2A8443DE7BA1F748BD4F148215FE6827B99CF38C645C700

Function 00007FF629807DE8 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297FEA70: GetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA7F
Part of subcall function 00007FF6297FEA70: FlsGetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA94
Part of subcall function 00007FF6297FEA70: SetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB1F

Part of subcall function 00007FF6297FEA70: FlsSetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEAB5

GetLocaleInfoW.KERNEL32 ref: 00007FF629807E50

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: 78331e8626ceae13e165f45be8e9c39df8b73f22d2433a778c66892baaa36d47
Instruction ID: da2409e1cb12db418634f6c3c5885c71e84eac094b39c59793aee29fd3de5ec3
Opcode Fuzzy Hash: 78331e8626ceae13e165f45be8e9c39df8b73f22d2433a778c66892baaa36d47
Instruction Fuzzy Hash: E8318432A0A68686EF64DF21DC413BA77A1FBC4B84F488835DA4DC3696DF3CE8519701

Function 00000001800276B0 Relevance: 1.6, APIs: 1, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001AA54: GetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA63
Part of subcall function 000000018001AA54: FlsGetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA78
Part of subcall function 000000018001AA54: SetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AB03

Part of subcall function 000000018001AA54: FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA99

GetLocaleInfoW.KERNEL32 ref: 0000000180027718

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLastValue$InfoLocale
String ID:
API String ID: 673564084-0
Opcode ID: b00c17ae192729a6fdeef141fbd06e0b2bf478bea8696f8ea33d978de4225696
Instruction ID: 37a65b734f0adcaeba591b2ef7b6103d3c612fc7c8cf2b624e5b95ac28a75953
Opcode Fuzzy Hash: b00c17ae192729a6fdeef141fbd06e0b2bf478bea8696f8ea33d978de4225696
Instruction Fuzzy Hash: 9631A53270868986FBA6DB22E5453DA73A2F74C7C4F44D125AA5D83386DF38D658CB40

Function 00007FF629807A38 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6297FEA70: GetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA7F
Part of subcall function 00007FF6297FEA70: FlsGetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA94
Part of subcall function 00007FF6297FEA70: SetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB1F

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF629808227,00000000,00000092,?,?,00000000,?,?,00007FF6297FD4D1), ref: 00007FF629807AD6

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 38d1bb4dd5fc36fce91c109945422f99630cdbbec874ccb9ac4aa4c93a8a8835
Instruction ID: 8c52fda7e706dc25de27ff547d1257b97b178eba7d35c65e8512de8930cd7744
Opcode Fuzzy Hash: 38d1bb4dd5fc36fce91c109945422f99630cdbbec874ccb9ac4aa4c93a8a8835
Instruction Fuzzy Hash: 6A11DF67A196458AEF148F25D880AA87BA1FB80BE0F488535C62A833C0DE2CD6D1D741

Function 0000000180027300 Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001AA54: GetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA63
Part of subcall function 000000018001AA54: FlsGetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA78
Part of subcall function 000000018001AA54: SetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AB03

EnumSystemLocalesW.KERNEL32(?,?,?,0000000180027AEF,?,00000000,00000092,?,?,00000000,?,000000018001B5D1), ref: 000000018002739E

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 5bd2186e112f69379f156c343fff4cde9b4be6d361bec19bdc5c3ffbc2975843
Instruction ID: 03a58cb6f3d0a554b078fb62157272aa9ff3625539107b1877c6160ae808668a
Opcode Fuzzy Hash: 5bd2186e112f69379f156c343fff4cde9b4be6d361bec19bdc5c3ffbc2975843
Instruction Fuzzy Hash: 33119073B046488AEB96CF15D0407ED7BA2F354BE0F449115EA59433D2CA74C7D9D740

Function 00007FF629807FF0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297FEA70: GetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA7F
Part of subcall function 00007FF6297FEA70: FlsGetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA94
Part of subcall function 00007FF6297FEA70: SetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB1F

GetLocaleInfoW.KERNEL32(?,?,?,00007FF629807D9A), ref: 00007FF629808027

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 1404621e90844f28406baa3f7135073bb99a8dc7fcfb637c4814ec71fcd74dfb
Instruction ID: 9da76272cc8ffc679b4cbb267c908a6509fe86be8fae1a2b7a68d7168c0bf59d
Opcode Fuzzy Hash: 1404621e90844f28406baa3f7135073bb99a8dc7fcfb637c4814ec71fcd74dfb
Instruction Fuzzy Hash: 44112B32F1955282EB648E25A84067A6291EB907A4F184A31D66EC36C4DE3FD8E19701

Function 00000001800278B8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001AA54: GetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA63
Part of subcall function 000000018001AA54: FlsGetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA78
Part of subcall function 000000018001AA54: SetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AB03

GetLocaleInfoW.KERNEL32(?,?,?,0000000180027662), ref: 00000001800278EF

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$InfoLocaleValue
String ID:
API String ID: 3796814847-0
Opcode ID: 14311e75246232a58eca73cc5d50466e2c6423b61549b768a9208db0531edaf9
Instruction ID: 1a085d7b33792e676e52833a6860771bdbee7f9c3905fd9649a454f294247adc
Opcode Fuzzy Hash: 14311e75246232a58eca73cc5d50466e2c6423b61549b768a9208db0531edaf9
Instruction Fuzzy Hash: BA112C3271075A83E7B78725A0507DE6352E7487E4F94C621FA6E476C6DE25CAC98700

Function 00007FF629807B08 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF6297FEA70: GetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA7F
Part of subcall function 00007FF6297FEA70: FlsGetValue.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEA94
Part of subcall function 00007FF6297FEA70: SetLastError.KERNEL32(?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F,?,?,?,00007FF6297F6443), ref: 00007FF6297FEB1F

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF6298081E3,00000000,00000092,?,?,00000000,?,?,00007FF6297FD4D1), ref: 00007FF629807B86

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 8774f767528f023f0cd98180308321dc77e83cd5d8c54262d56985676ea63ca7
Instruction ID: ba59d4d68a64ea09ecf6a975ade89bd3885d8a4d23748de308610b51fc147259
Opcode Fuzzy Hash: 8774f767528f023f0cd98180308321dc77e83cd5d8c54262d56985676ea63ca7
Instruction Fuzzy Hash: 0B01F172F0928186EF104F25EC507B972E2EB80BA4F499632C629832C4DF6C9481E702

Function 00000001800273D0 Relevance: 1.5, APIs: 1, Instructions: 41COMMON

Download Yara Rule

APIs

Part of subcall function 000000018001AA54: GetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA63
Part of subcall function 000000018001AA54: FlsGetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA78
Part of subcall function 000000018001AA54: SetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AB03

EnumSystemLocalesW.KERNEL32(?,?,?,0000000180027AAB,?,00000000,00000092,?,?,00000000,?,000000018001B5D1), ref: 000000018002744E

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: ee3d3c82fdada7cbaed223f853a88881109f67b09674cd2b6671f7bd82dbdc24
Instruction ID: 46bef5634a71dda6086a3ddf3ac60f52935d4e8bdf7e60bd74096ca2df7c83b5
Opcode Fuzzy Hash: ee3d3c82fdada7cbaed223f853a88881109f67b09674cd2b6671f7bd82dbdc24
Instruction Fuzzy Hash: DC012872B0428886E7935F15E4407DD7B92E7547E4F84C321E62D472C6CF748A89C700

Function 00007FF629800838 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF629800CDF,?,?,?,?,?,?,?,?,00000000,00007FF629807088), ref: 00007FF629800887

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 0da49028f00012ccddbac4aa6a8129618cfbebd136c027dc8325545b3ece71c8
Instruction ID: c69c4ee82d00ba2bd0da2d16992ba393000ef038cba90cd3f232968a84606781
Opcode Fuzzy Hash: 0da49028f00012ccddbac4aa6a8129618cfbebd136c027dc8325545b3ece71c8
Instruction Fuzzy Hash: 5CF01972A08A8182EB04DF59ECA06A923A2EBD9BC0F588035DA5DD7765DE3CD4909741

Function 000000018001D3B4 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,000000018001D717,?,?,?,?,?,?,?,?,00000000,0000000180026950), ref: 000000018001D403

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: fe72f1a3ad6c5a3b9e81fcab1cd3359c69f51c0bc6bac52839abf76237238e4d
Instruction ID: 0633ae1dc9c06405525ae1c04c282fdac54c281b7edad598843910c61773c16b
Opcode Fuzzy Hash: fe72f1a3ad6c5a3b9e81fcab1cd3359c69f51c0bc6bac52839abf76237238e4d
Instruction Fuzzy Hash: 24F08C72304B4882E785CB25F9803D93361F39CBC0F18C126FA09833A5DE3CC6988700

Function 00007FF6297FF21C Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF6297FF55E

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 172941b2f1d4039ba21c6dc8853c143536a16ca8654b5df5f12dde2487208479
Instruction ID: b682ec45779f4a389715d5f5a4e88d7e33e30aa30513086e5e03be8623ca75fd
Opcode Fuzzy Hash: 172941b2f1d4039ba21c6dc8853c143536a16ca8654b5df5f12dde2487208479
Instruction Fuzzy Hash: F5A13663B0878686EF21CF2AA8007BD7795AB94BC8F048132DE8D97791DE3DD505D702

Function 00000001800192A8 Relevance: 1.5, Strings: 1, Instructions: 254COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00000001800195EA

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 60c2470d55af355183fd3387e29489bb56ac59a459d69000e798784da7b510f3
Instruction ID: d2763f70ebed7c490bb57bf5841f2ff8c3d64a5cec0011bf8ef22a43d63104e5
Opcode Fuzzy Hash: 60c2470d55af355183fd3387e29489bb56ac59a459d69000e798784da7b510f3
Instruction Fuzzy Hash: 00A13772605BC887EB62CF69A050BDE7B91E759BC4F05C122EE8947785DE3DC60AC701

Function 00000001800124F8 Relevance: 1.5, Strings: 1, Instructions: 247COMMON

Download Yara Rule

Strings

, xrefs: 00000001800126D4

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: c34624d6eead3179ac2cf2b8b6742605d4d7dbd300549322e291b817085e6e61
Instruction ID: d33f30400335aafbfd837b7605d7d396eef3993a962c5e860651cf40f96d80ce
Opcode Fuzzy Hash: c34624d6eead3179ac2cf2b8b6742605d4d7dbd300549322e291b817085e6e61
Instruction Fuzzy Hash: 3FB18072104F8886EBA68F39C0903AD3BA1F34DF88F258115EB4A47399EF35C669C755

Function 00007FF6297F65AC Relevance: 1.5, Strings: 1, Instructions: 241COMMON

Download Yara Rule

Strings

, xrefs: 00007FF6297F678E

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 6871d27396c91e0bed272bc22aae0ea20e11987830d478801ef476eeb5b70fb8
Instruction ID: c0dcb2d7d3fa426d66ce146109f2ff97501ca087ad8bd09f0b8d148b1a942a5c
Opcode Fuzzy Hash: 6871d27396c91e0bed272bc22aae0ea20e11987830d478801ef476eeb5b70fb8
Instruction Fuzzy Hash: EEB15D72908A9986EB648F39C85423C3BA0F785F8CF284139CE4EA7395CF39D451E756

Function 00007FF629802744 Relevance: 1.4, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF6298027E9

Part of subcall function 00007FF629800788: HeapAlloc.KERNEL32(?,?,00000000,00007FF6297FEC4A,?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000), ref: 00007FF6298007DD

Part of subcall function 00007FF6297FE6BC: RtlFreeHeap.NTDLL(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6D2
Part of subcall function 00007FF6297FE6BC: GetLastError.KERNEL32(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6DC

Part of subcall function 00007FF629809FAC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF629809FDF

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
String ID:
API String ID: 916656526-0
Opcode ID: 2731b98c1a1bd789ef0b97b34515e52132692a4da0e75e7f906c4430b486a5a9
Instruction ID: 20c278d954eefd4c05942e3f8e706827181d06c5ece51876feeb79ef25f0d040
Opcode Fuzzy Hash: 2731b98c1a1bd789ef0b97b34515e52132692a4da0e75e7f906c4430b486a5a9
Instruction Fuzzy Hash: 5641B121F0A64341FF605E266C527BAA6807FD5B80F584935EE8DC7B86EE7CE441A703

Function 00000001800212CC Relevance: 1.4, APIs: 1, Instructions: 137COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 0000000180021371

Part of subcall function 00000001800190BC: HeapAlloc.KERNEL32(?,?,00000000,000000018001AC2E,?,?,000037B719E332F5,0000000180013B69,?,?,?,?,0000000180021DA2,?,?,00000000), ref: 0000000180019111

Part of subcall function 0000000180019134: HeapFree.KERNEL32(?,?,0000000180018293,000000018002602A,?,?,?,00000001800263A7,?,?,00000000,0000000180023D7D,?,?,?,0000000180023CAF), ref: 000000018001914A
Part of subcall function 0000000180019134: GetLastError.KERNEL32(?,?,0000000180018293,000000018002602A,?,?,?,00000001800263A7,?,?,00000000,0000000180023D7D,?,?,?,0000000180023CAF), ref: 0000000180019154

Part of subcall function 000000018002830C: _invalid_parameter_noinfo.LIBCMT ref: 000000018002833F

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorHeapLast$AllocFree_invalid_parameter_noinfo
String ID:
API String ID: 916656526-0
Opcode ID: a7be9f51bd1662d991b1ebb676dc04fbbddf3e532b420ae9f300a947dfa9964a
Instruction ID: 7a3a9990485bbaee88e3e506b751e2240306ee86e9a5f67496d39c90b381273c
Opcode Fuzzy Hash: a7be9f51bd1662d991b1ebb676dc04fbbddf3e532b420ae9f300a947dfa9964a
Instruction Fuzzy Hash: 8041053130164946FBB3AA6668517EAA381BBADBC1F54C126FE5D47BC5EE3CC7098700

Function 00000001800239B8 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00000001800239BC

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: a4c0618735cd60c429b975491587cf71a59f3df0e4ebbbb37a7c6a7071235292
Instruction ID: 8e7eb5117c70c52c494ca66bc4d86bff7b5410cce119e7e0ff3f78556e90e3d8
Opcode Fuzzy Hash: a4c0618735cd60c429b975491587cf71a59f3df0e4ebbbb37a7c6a7071235292
Instruction Fuzzy Hash: FFB09230E03E08C6FA8B2B216CC238423A47B8C781F898019900D80320EF6C17AE5704

Function 00007FF6297E9250 Relevance: .7, Instructions: 678COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9d3e26cd520c0d7484bca21c75386a0081201fe8f2cf936fcf25e5b7a4aa551
Instruction ID: c6ebdc2a5b29c1efe7e59bb26e4e089097155df29f5760917b3677dc45327c2a
Opcode Fuzzy Hash: f9d3e26cd520c0d7484bca21c75386a0081201fe8f2cf936fcf25e5b7a4aa551
Instruction Fuzzy Hash: 2A22CEB7F3805047D36DCB1DEC52FA97692B7A4308748A02CBA07C3F45EA3DEA458A44

Function 00007FF6297E78F0 Relevance: .4, Instructions: 369COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2dbab6f601d912f7832fe87e6cb8010b159b99cec89eaaed4f22644e13967388
Instruction ID: 58811309cce860158141c56d4597e401ed2b5bb32e76bcc25f94fb0a2fa7da0e
Opcode Fuzzy Hash: 2dbab6f601d912f7832fe87e6cb8010b159b99cec89eaaed4f22644e13967388
Instruction Fuzzy Hash: C1C1DD73B1869187DB19CE26E9505B9B792FBD4BE0B55C134DB8A47B88DE3CD841CB00

Function 00007FF6297F6F3C Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fe8ec01f60584a1ee149ae2a08fff37cdae008ac808ef4f9df4273de0df04db
Instruction ID: 4ca544c8c45fb67e3e572b5ee39f801ec61e10b6ca7f28c36964770d7c6d352f
Opcode Fuzzy Hash: 4fe8ec01f60584a1ee149ae2a08fff37cdae008ac808ef4f9df4273de0df04db
Instruction Fuzzy Hash: 59D1D122A0864686EF688E298D5027D27A0FFC5BCCF144235CE0DA7795DF3DE845E342

Function 0000000180012A04 Relevance: .3, Instructions: 327COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1eba3d994d9e09831c82d6d523c03ad57a90d2b8b640b188b3895bc5c2f80ffc
Instruction ID: 79d360a61512abb7244fc38979bc17bd08117c1ee5a36e15abcdbef4234416e5
Opcode Fuzzy Hash: 1eba3d994d9e09831c82d6d523c03ad57a90d2b8b640b188b3895bc5c2f80ffc
Instruction Fuzzy Hash: B9D1C032204E4886EBAA8E29D5903ED37A0F74DBC8F248215EE09476D5EF35CA69C740

Function 00007FF6297FD320 Relevance: .3, Instructions: 310COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: 11d17aaadda87904e3cd56c6064876ecdc8233e1ef198966c662d1c74fc6bdf3
Instruction ID: da80c38c35addc4f834f47a6226508bef59b08810ad961806ce3aef3a1ad865c
Opcode Fuzzy Hash: 11d17aaadda87904e3cd56c6064876ecdc8233e1ef198966c662d1c74fc6bdf3
Instruction Fuzzy Hash: 5EC1AD26A0868285EF609F669C107BA26A0FFD47CCF504035DE8DE7699EF3CE545E702

Function 000000018001B420 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: ec77053dc5e10bf16219e11bd631ab886521ce53185d8ffa127bbb562c4fc86c
Instruction ID: 0097a73c13b49f266f77b90ad2e19d639f14367bcaa197988bf85d167749bc53
Opcode Fuzzy Hash: ec77053dc5e10bf16219e11bd631ab886521ce53185d8ffa127bbb562c4fc86c
Instruction Fuzzy Hash: AAC1D636604A8885EBA29B6695503EA77A9F79CBC8F40C015FE49C7BD5DF38C649C700

Function 00007FF62980714C Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$Value_invalid_parameter_noinfo
String ID:
API String ID: 1500699246-0
Opcode ID: ab284c3fdd63390c126f0ea02b30aaf12d109f2597680bdac67f1314cfd3d57d
Instruction ID: 00a9fa9ba24cb43c004d2b750ac4ac6d81236614d1f6d9a9fa2e0cf69b89a862
Opcode Fuzzy Hash: ab284c3fdd63390c126f0ea02b30aaf12d109f2597680bdac67f1314cfd3d57d
Instruction Fuzzy Hash: C2B1C222A1A64682FF649F21DC116B933A1FBD0B88F484935DE5DC36C9DF3CE5519342

Function 0000000180026A14 Relevance: .3, Instructions: 271COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$Value_invalid_parameter_noinfo
String ID:
API String ID: 1500699246-0
Opcode ID: 12a5222bb7eeb9c58d0b9ce8abc9dce7b067e47c6561fe4f7cf386d57eef5764
Instruction ID: 759a94b789877c7e8f7aae48417cca113c6d9db3d1b22d9bb577228dbafc9267
Opcode Fuzzy Hash: 12a5222bb7eeb9c58d0b9ce8abc9dce7b067e47c6561fe4f7cf386d57eef5764
Instruction Fuzzy Hash: A7B1D272A0468C82EBA7EF21D5117EA33A0F798BC9F50C221EE55836D9DF38C659C740

Function 00007FF6297F6228 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fe3a20954eaf19cca18b720aca6cea66dcaf64d55a17c7986fbc43ae61592d0
Instruction ID: 2fa6ef24c8f33aec69b3a591c84fb80e9c2c89b217812fab5b6203a02a3678fe
Opcode Fuzzy Hash: 4fe3a20954eaf19cca18b720aca6cea66dcaf64d55a17c7986fbc43ae61592d0
Instruction Fuzzy Hash: E2B18E7290868985EF648F29C85427C3BA0FB89F8CF244139CF4EA7399CF29D545E706

Function 00007FF6297FAC80 Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: c484f4bf9c85890dca3b74b1c0e4021a385e0861b6d640475f03e576205a2167
Instruction ID: 9878fe606e0532eddcdbf31503cdcd8726b23259f096eb6f9ec38fe60172dda8
Opcode Fuzzy Hash: c484f4bf9c85890dca3b74b1c0e4021a385e0861b6d640475f03e576205a2167
Instruction Fuzzy Hash: B4818F72A04A1186EF68CF65D88137D27A0FB84BD8F148636EE5EE7B99DF38D4419301

Function 0000000180015660 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e43fecee6737fd796d23e2183491c0887104ca4f8c5e70360fa4e36a5dc14c65
Instruction ID: 8a2268ee84debd9f81d75c99fb4fe9e34b5ce3adf0bc9385ce003d10b90dbb3f
Opcode Fuzzy Hash: e43fecee6737fd796d23e2183491c0887104ca4f8c5e70360fa4e36a5dc14c65
Instruction Fuzzy Hash: 81818E32201F5886EBA6CE69D4953AD2360F788BE8F548616FE5E9B7D5CF34C249C340

Function 00007FF6297FFD30 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa2f4ae56baf169408e60df2444458542a3c73068db43e6345bf2ec4a63d4b14
Instruction ID: dbb4bd7699e544734205ce4bd953353c27c87cc79d46f20fc055fb59ecf8839f
Opcode Fuzzy Hash: aa2f4ae56baf169408e60df2444458542a3c73068db43e6345bf2ec4a63d4b14
Instruction Fuzzy Hash: C581B372A0C78146EB748F19988036A6691FBCABD8F144239EE9D93B99DF3CD4009B01

Function 0000000180019DBC Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f89918cc19af052acc9bb33a695f17cf2f3b3f9976a30a93db7f0615986ff604
Instruction ID: 584f4d44caf3597909211bd92b16433803661f15e7630ee66e3340f50ec0aa33
Opcode Fuzzy Hash: f89918cc19af052acc9bb33a695f17cf2f3b3f9976a30a93db7f0615986ff604
Instruction Fuzzy Hash: C781D572208B8846E7B6CB59D4803DA7A91F34E7D4F548229FB9E47B95DF3DC6488B00

Function 00007FF6297E2EC0 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6f6a1a1a1cf9baf0de81f1e4df80e775a01d7d2970379cd065fadcfc056c7f6
Instruction ID: 910c297ef46c992858f3c05a583a2b77276b13014d44464f31284237e4e2e936
Opcode Fuzzy Hash: f6f6a1a1a1cf9baf0de81f1e4df80e775a01d7d2970379cd065fadcfc056c7f6
Instruction Fuzzy Hash: 3661F862B14B8982DF208F19E8416E9A360F7A97D0F545235EBDC87B54EF7DE190D340

Function 00007FF6297F536C Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction ID: 9198c874b4c7ee685122d571b4fef67c157513534a1db9a1f511572e4f6a415e
Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
Instruction Fuzzy Hash: DF517172A18A5186EB348F29C85423837A1EB84BACF245131DE4DA7795CF3AE847E741

Function 00007FF6297F4F5C Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction ID: 8382e96a8a9ab2a7ac325d6e2b8518ab53cc13d3df6c7bb38c2883323a69e56f
Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
Instruction Fuzzy Hash: D8517536A1865686EF348F29C45433833A0EB85BACF284131DE4DA7795DF3AE853D781

Function 00007FF6297F577C Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction ID: 5d98a4bb20c577d921db90875bd2eca354ea87ba14b90c810a4c029e80823784
Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
Instruction Fuzzy Hash: 57515136A18651C6EB348F29D45423837A1EBC4BACF244131CE4DA7795CF3AE853D781

Function 00007FF6297F5168 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6a3dccb135ddd09f63c505db29ff29986bf9dd63497299e7c799fac6b959aa4
Instruction ID: e8865af0cd51ad08a9fd39d9a8d8796932e692f89b6a556a1c89fbd8370ed8b0
Opcode Fuzzy Hash: f6a3dccb135ddd09f63c505db29ff29986bf9dd63497299e7c799fac6b959aa4
Instruction Fuzzy Hash: 06518176A1865186EF748F29D84423837A0EB88B9CF244131CE4DA7795CF3AF842E781

Function 00007FF6297F4D58 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db363646d287334b7a31293e9082935613ba5dde14aee32d187fc7345eaa1eeb
Instruction ID: dc9f2b602b353181a9c2fa5185740934e264ad205c5cb0129b59025fa37a0d30
Opcode Fuzzy Hash: db363646d287334b7a31293e9082935613ba5dde14aee32d187fc7345eaa1eeb
Instruction Fuzzy Hash: 70516136A1865187EF248F29C44823837A1FB95F9CF284131CE4DA7B94DF3AE852D781

Function 00007FF6297F5578 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e46230d8c0bb23a9b26f12389beaf27d8e9063d4bba2e4d98de2a57eaa924be5
Instruction ID: ba53b74b282f1f1580b301fb78d670bccbfa8500e6dfdcce67154104ca6f6f88
Opcode Fuzzy Hash: e46230d8c0bb23a9b26f12389beaf27d8e9063d4bba2e4d98de2a57eaa924be5
Instruction Fuzzy Hash: B0517436A18A51C6EB348F29C94423937A1EBC4F9CF244131CE5DA77A5DF3AE842D741

Function 0000000180011A3C Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction ID: 69ce7fafe062b7bf0daf2475fbe0303e80f6d711cee97aefa02f5902bffd20ae
Opcode Fuzzy Hash: ac8362b94cbf271fd23ce0d6965fdbbec26e6817efc2dd1af2fcdc0b4ee58872
Instruction Fuzzy Hash: 8C51C336215E988AE7AA8B29C0903EC37A1E74CF99F64C111EE4907794DF36CE57C780

Function 0000000180011C40 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction ID: 81cc48cdb92e235dedfe908b42cc4b49bbdeea6af0f3315fd620730d2acf89f4
Opcode Fuzzy Hash: 45278502b4de115ed76afef2690a2838d0b28876f14c66dd069eb4612fa83dd3
Instruction Fuzzy Hash: 9A519136614E688AE7AA8B29D0403EC37A1E74DFD9F248111EE4957794CF36CA57CB80

Function 0000000180011E44 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
Instruction ID: 3c68459a076e07c58586976f10bbae96bc5b5fe1d404af2b9a9b0f7ed6a470b1
Opcode Fuzzy Hash: c9c3f90e6787dc6e65e60abd648d80575bcfa0207306300bab00d1ff848a11e7
Instruction Fuzzy Hash: B451C136610E58CAE7AA8B29C0443E837E0E34DF99F28C115EE8907794DF32CA57C780

Function 00007FF6297FC51C Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 4d1d88932efd7b63ecfdde29945dfc17fd218d95b7e0763bafd054a92f058063
Instruction ID: ed64e8427f961244881bdbd6bed557fd769d7e56d2afcb20d1cecee979cda566
Opcode Fuzzy Hash: 4d1d88932efd7b63ecfdde29945dfc17fd218d95b7e0763bafd054a92f058063
Instruction Fuzzy Hash: 0E41D372B18A5582EF08CF2ADD2456973A1BB88FD4B49A036EE4DE7B58DE3CD0419341

Function 00000001800181DC Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: b40ccf0ec351453c4194ab82b5d213d9bf751758f4c888434c0963d491f70c48
Instruction ID: 6ab07859a9aabb5348fb03d35ae4175fdc00118970864eebd12fc2f9ed96f1fe
Opcode Fuzzy Hash: b40ccf0ec351453c4194ab82b5d213d9bf751758f4c888434c0963d491f70c48
Instruction Fuzzy Hash: 2A41B072310E5881EB89CF6ADA1439A73A1B74CFD0F49D126EE0997B98DE7CC6458700

Function 000000018002A660 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adedd7d71663361c9609fa7dd9b6ae735d4b4198c7f2d5af982c0ea1da244318
Instruction ID: bc898212f53204ace61f7196a3a739c9ee7df0496818d6e7f6404db59ca6918f
Opcode Fuzzy Hash: adedd7d71663361c9609fa7dd9b6ae735d4b4198c7f2d5af982c0ea1da244318
Instruction Fuzzy Hash: D4F0FF71615A988FEBE58F28A8427D977A1F3583C9F908119E689C3A14DA3C85A58F08

Function 00007FF6297EE6F4 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 174bfe62ffdb35f0a8b82215b8c446e4258c47945d5cfe3425f7157a53489505
Instruction ID: ba32f0782d6d674e76e796d06706af8cf46536b6b334c70610f694e50cf883b2
Opcode Fuzzy Hash: 174bfe62ffdb35f0a8b82215b8c446e4258c47945d5cfe3425f7157a53489505
Instruction Fuzzy Hash: ACA0016190980690EB088F00AD590606220FBD0354B468835D15D82060AE2CA940A206

Function 00007FF6297D4C50 Relevance: 33.2, APIs: 22, Instructions: 199windowthreadnetworkCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6297D4C65
SwitchToThread.KERNEL32 ref: 00007FF6297D4C9D
SetLastError.KERNEL32 ref: 00007FF6297D4CDC
SetEvent.KERNEL32 ref: 00007FF6297D4D17
MsgWaitForMultipleObjects.USER32 ref: 00007FF6297D4D4B
PeekMessageW.USER32 ref: 00007FF6297D4D66
TranslateMessage.USER32 ref: 00007FF6297D4D75
DispatchMessageW.USER32 ref: 00007FF6297D4D80
PeekMessageW.USER32 ref: 00007FF6297D4D97
CloseHandle.KERNEL32 ref: 00007FF6297D4DC4
send.WS2_32 ref: 00007FF6297D4E01
SetEvent.KERNEL32 ref: 00007FF6297D4E18
WSACloseEvent.WS2_32 ref: 00007FF6297D4E2D
shutdown.WS2_32 ref: 00007FF6297D4E49
closesocket.WS2_32 ref: 00007FF6297D4E53
EnterCriticalSection.KERNEL32 ref: 00007FF6297D4E70
ResetEvent.KERNEL32 ref: 00007FF6297D4E7D
ResetEvent.KERNEL32 ref: 00007FF6297D4E8A
ResetEvent.KERNEL32 ref: 00007FF6297D4E97
SetEvent.KERNEL32 ref: 00007FF6297D4F2C
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D4F39
SetLastError.KERNEL32 ref: 00007FF6297D4F79

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Event$Message$Reset$CloseCriticalErrorLastPeekSectionThread$CurrentDispatchEnterHandleLeaveMultipleObjectsSwitchTranslateWaitclosesocketsendshutdown
String ID:
API String ID: 4058177064-0
Opcode ID: 1d5cc57fb7fbf7527f04433d1c2939eb4b1b6e6938b0e21f75a258dbfa576023
Instruction ID: d6d5a5953ddc9e70982487f84cc85ed7bf7fbdf8c6c4eb75c1d6e16c010ce4f8
Opcode Fuzzy Hash: 1d5cc57fb7fbf7527f04433d1c2939eb4b1b6e6938b0e21f75a258dbfa576023
Instruction Fuzzy Hash: 5A915036709A8297EB589F25DD446A973A0FB84B80F048535CB6EC3790CF3CE464E712

Function 00007FF6297E06A0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 140stringprocessCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 00007FF6297E0718
lstrlenW.KERNEL32 ref: 00007FF6297E073A
wsprintfW.USER32 ref: 00007FF6297E07A2
ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6297E0806
lstrcatW.KERNEL32 ref: 00007FF6297E0841
lstrcatW.KERNEL32 ref: 00007FF6297E084E
lstrcpyW.KERNEL32 ref: 00007FF6297E085C
CreateProcessW.KERNEL32 ref: 00007FF6297E08DB

Strings

%s\shell\open\command, xrefs: 00007FF6297E0794
WinSta0\Default, xrefs: 00007FF6297E0893
h, xrefs: 00007FF6297E0865
"%1, xrefs: 00007FF6297E080C

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: lstrcatlstrlen$CreateEnvironmentExpandProcessStringslstrcpywsprintf
String ID: "%1$%s\shell\open\command$WinSta0\Default$h
API String ID: 1783372451-551013563
Opcode ID: 2aa4d3ebf5c45bd74505c1267e1058c2c24ed9b570e41b1434e0a24903c1c98a
Instruction ID: afbe3fee0686451adb9d81f81d17d148af53c277f9faba85130f728cd3c8a80b
Opcode Fuzzy Hash: 2aa4d3ebf5c45bd74505c1267e1058c2c24ed9b570e41b1434e0a24903c1c98a
Instruction Fuzzy Hash: 85615D22A19B8285FF20DF60DC402EA2361FBC9788F444536DE8D83A99EF3CD245D741

Function 00007FF6297D4270 Relevance: 21.1, APIs: 14, Instructions: 119networkstringCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FF6297D429F
WSAIoctl.WS2_32 ref: 00007FF6297D42F8
setsockopt.WS2_32 ref: 00007FF6297D431D
setsockopt.WS2_32 ref: 00007FF6297D4342
WSACreateEvent.WS2_32 ref: 00007FF6297D4348
lstrlenW.KERNEL32 ref: 00007FF6297D4355
WideCharToMultiByte.KERNEL32 ref: 00007FF6297D4378
lstrlenW.KERNEL32 ref: 00007FF6297D4390
WideCharToMultiByte.KERNEL32 ref: 00007FF6297D43B3
gethostbyname.WS2_32 ref: 00007FF6297D43C0
htons.WS2_32 ref: 00007FF6297D43ED
WSAEventSelect.WS2_32 ref: 00007FF6297D4413
connect.WS2_32 ref: 00007FF6297D442D
WSAGetLastError.WS2_32 ref: 00007FF6297D443C

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ByteCharEventMultiWidelstrlensetsockopt$CreateErrorIoctlLastSelectconnectgethostbynamehtonssocket
String ID:
API String ID: 1455939504-0
Opcode ID: 4f9acce4ae6ad80aec03b8b5c09d7b116e02fc5318df3eeeff928d226ee1ccda
Instruction ID: 35f201a8cfc89c168e7cf210db9f1e8bc3667b118c69c7b8b8cbf3aebc7dd6c2
Opcode Fuzzy Hash: 4f9acce4ae6ad80aec03b8b5c09d7b116e02fc5318df3eeeff928d226ee1ccda
Instruction Fuzzy Hash: FE515032608B9186EB24CF21E84426A77A5FBC4BE4F144635EE9E83B98CF3CD545D702

Function 00007FF6297E1620 Relevance: 18.2, APIs: 12, Instructions: 153COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E1639
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E165E
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297E1688
std::_Facet_Register.LIBCPMT ref: 00007FF6297E1708
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297E1722
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E1732
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E1757
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297E1781
std::_Facet_Register.LIBCPMT ref: 00007FF6297E17F7
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297E1811
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297E182A
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297E1830

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 86a4ff4925cbc545ad5961b211c5cb2ede80d6a6447645a52bcc9b3ede11fd42
Instruction ID: 574857fad1be8cc8346f4dc9acfc1b584ed0742ff69dc4f6daa1cd5696006c1b
Opcode Fuzzy Hash: 86a4ff4925cbc545ad5961b211c5cb2ede80d6a6447645a52bcc9b3ede11fd42
Instruction Fuzzy Hash: ED517C26E08A4285EE19DF15EC451B963A1FFC4BE4F580532DA9D83BA5DF3CE442E702

Function 00007FF6297D46A0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 171networktimeCOMMON

Download Yara Rule

APIs

WSAEnumNetworkEvents.WS2_32 ref: 00007FF6297D46C7
WSAGetLastError.WS2_32 ref: 00007FF6297D46D8
WSAResetEvent.WS2_32 ref: 00007FF6297D4717
WSAEventSelect.WS2_32 ref: 00007FF6297D479C
WSAGetLastError.WS2_32 ref: 00007FF6297D47A7
timeGetTime.WINMM ref: 00007FF6297D47D2
timeGetTime.WINMM ref: 00007FF6297D481D
send.WS2_32 ref: 00007FF6297D4852
WSAGetLastError.WS2_32 ref: 00007FF6297D485D

Strings

, xrefs: 00007FF6297D48F8

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$EventTimetime$EnumEventsNetworkResetSelectsend
String ID:
API String ID: 957247320-3916222277
Opcode ID: 70faab5df619376ecbd789658116d1a95d03484d4b81b7d6c2cb32eb3eab3399
Instruction ID: 9a7902c3911c7359738b438df7a9170f41cc4e1ca986237245f0c8f1fad75738
Opcode Fuzzy Hash: 70faab5df619376ecbd789658116d1a95d03484d4b81b7d6c2cb32eb3eab3399
Instruction Fuzzy Hash: E3715C72A086828BEB688F29D98436977E0FB84B98F148034CB4DC37D5CF7DE5459B52

Function 00007FF6297D5A80 Relevance: 16.7, APIs: 11, Instructions: 154networkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6297D5AC4
WSASetLastError.WS2_32 ref: 00007FF6297D5C69
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D5C73

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeave
String ID:
API String ID: 4082018349-0
Opcode ID: ce0fa88aebe3efe6d4cfa5056a018ff2338e1d011f624170396f62e2d62db8ee
Instruction ID: dccbd790811450dcec3cc4a7ebbffe1a7ec3aae5d74d12f8eb64488ebe7a24c9
Opcode Fuzzy Hash: ce0fa88aebe3efe6d4cfa5056a018ff2338e1d011f624170396f62e2d62db8ee
Instruction Fuzzy Hash: 21616932B09A4283EB689F26D94467A6365FBC4B81F848031CA1EC7798DF3CE455E712

Function 00007FF6297D5090 Relevance: 16.6, APIs: 11, Instructions: 87COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6297D50F5
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D5107
SetLastError.KERNEL32 ref: 00007FF6297D51DB

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeave
String ID:
API String ID: 4082018349-0
Opcode ID: b12bcef403b9db2977f705d0ecef41abbd2038a6eeb512479f31e0cb207d576e
Instruction ID: fdaab8271d9cecc66c7a75ebf6db4b9c8ee1192eb2ee7a49a7b2deab2b2a2d24
Opcode Fuzzy Hash: b12bcef403b9db2977f705d0ecef41abbd2038a6eeb512479f31e0cb207d576e
Instruction Fuzzy Hash: 0C319C21B0DA8283EF589F269C882796261FFC5BC5F180035DE1EC6795CF2DE446E722

Function 00000001800067F0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 151COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180006858
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00000001800068A0
std::_Lockit::~_Lockit.LIBCPMT ref: 00000001800069E3
Concurrency::cancel_current_task.LIBCPMT ref: 00000001800069FC
Concurrency::cancel_current_task.LIBCPMT ref: 0000000180006A0F
Concurrency::cancel_current_task.LIBCPMT ref: 0000000180006A15

Strings

bad locale name, xrefs: 0000000180006A02
true, xrefs: 000000018000694B
false, xrefs: 0000000180006919

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstd::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name$false$true
API String ID: 4121308752-1062449267
Opcode ID: 4d9a4bae47b79d40b7256d161a918d9ce49b1ce80b4b4b053ce15fe2b77d6c61
Instruction ID: 25289e7db44cb1a63330db8de0233808b059fb69907730fe826677cda66cee09
Opcode Fuzzy Hash: 4d9a4bae47b79d40b7256d161a918d9ce49b1ce80b4b4b053ce15fe2b77d6c61
Instruction Fuzzy Hash: FC517732706B448AFB97DFB0D4513EC33B6AB48788F048118AE4927B96DF34C61AD345

Function 00007FF6297E0BC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 52registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32 ref: 00007FF6297E0C11
RegDeleteValueW.ADVAPI32 ref: 00007FF6297E0C1F
RegCloseKey.ADVAPI32 ref: 00007FF6297E0C2A
RegCreateKeyW.ADVAPI32 ref: 00007FF6297E0C4A
lstrlenW.KERNEL32 ref: 00007FF6297E0C57
RegSetValueExW.ADVAPI32 ref: 00007FF6297E0C79
RegCloseKey.ADVAPI32 ref: 00007FF6297E0C84

Strings

Software, xrefs: 00007FF6297E0BF3
VenNetwork, xrefs: 00007FF6297E0BE9

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CloseValue$CreateDeleteOpenlstrlen
String ID: Software$VenNetwork
API String ID: 3197061591-1820303132
Opcode ID: 977d34d6a8543d540e474d7a41a606a027e4303f67bb5f64f5b8d5885a1a35b1
Instruction ID: 02e4f9903be5de988c12bbdd41cd8228a3d84a7be6ccad6fc246637a4df5aad2
Opcode Fuzzy Hash: 977d34d6a8543d540e474d7a41a606a027e4303f67bb5f64f5b8d5885a1a35b1
Instruction Fuzzy Hash: 2A214F36608A8086EB109F22EC4425AB761FBC9FE1F488531DE5D83B68DF7CD15ADB05

Function 00007FF6297D5FC0 Relevance: 15.1, APIs: 10, Instructions: 140COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF6297D5FE4
EnterCriticalSection.KERNEL32 ref: 00007FF6297D6004
SetLastError.KERNEL32 ref: 00007FF6297D6016
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D606F

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalErrorLastSection$EnterLeave
String ID:
API String ID: 2124651672-0
Opcode ID: ceb90cee31cb5c63e12923c504f4f75aed37da3cde6871e563f60f2bd9e0bfed
Instruction ID: 43738d2bc146257c4906fc4b73d6a71b689b9e3825ded2970953cca841a74be2
Opcode Fuzzy Hash: ceb90cee31cb5c63e12923c504f4f75aed37da3cde6871e563f60f2bd9e0bfed
Instruction Fuzzy Hash: 4D51ED32A096428BEB649F15E84067C77A5FB88B84F068139DE4EC7395DF3CE805D742

Function 00007FF6297F45E0 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F4620
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F49E8
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F4C87

Strings

p, xrefs: 00007FF6297F472A
f, xrefs: 00007FF6297F486D
p, xrefs: 00007FF6297F46C5
f, xrefs: 00007FF6297F4722
f, xrefs: 00007FF6297F46B8

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$f$p$p$f
API String ID: 3215553584-1325933183
Opcode ID: 338c2a64cdc3021812c5b6ddca5db7159329e9a17ba8d876efc02d9e71b2fbd5
Instruction ID: f0b38dc0eb32edfae566383fea31a6a0b2d4ec7961a2eae2e34d6dc764c077c2
Opcode Fuzzy Hash: 338c2a64cdc3021812c5b6ddca5db7159329e9a17ba8d876efc02d9e71b2fbd5
Instruction Fuzzy Hash: 3B128322A1C18387FF249F15D8587B97661FBC07D8F944135EA8DA66C8DF3CE480AB16

Function 00007FF6297D4080 Relevance: 13.6, APIs: 9, Instructions: 111timenetworkCOMMON

Download Yara Rule

APIs

CreateWaitableTimerW.KERNEL32 ref: 00007FF6297D40C6
setsockopt.WS2_32 ref: 00007FF6297D4165
setsockopt.WS2_32 ref: 00007FF6297D418F
ResetEvent.KERNEL32 ref: 00007FF6297D41DE
SetLastError.KERNEL32 ref: 00007FF6297D420A
WSAGetLastError.WS2_32 ref: 00007FF6297D4216
SetLastError.KERNEL32 ref: 00007FF6297D4228
GetLastError.KERNEL32 ref: 00007FF6297D4241
SetLastError.KERNEL32 ref: 00007FF6297D4253

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$setsockopt$CreateEventResetTimerWaitable
String ID:
API String ID: 2911610646-0
Opcode ID: 29f4db180f811eed727e115f3e9634c508b58a893b040440cf1ba2de9885e7b9
Instruction ID: 9271b68582ce5a6c9917f29d46abf0229e5768c1e569558bab32fd18bb387c76
Opcode Fuzzy Hash: 29f4db180f811eed727e115f3e9634c508b58a893b040440cf1ba2de9885e7b9
Instruction Fuzzy Hash: BC519C32A09B8287EB188F25E90436D73A0FB88784F044135DB8D87B90DF7DE066DB12

Function 00007FF6297D5D10 Relevance: 13.6, APIs: 9, Instructions: 93timenetworkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,-00000004,00007FF6297D49B9), ref: 00007FF6297D5D5E
timeGetTime.WINMM(?,?,-00000004,00007FF6297D49B9), ref: 00007FF6297D5D95
LeaveCriticalSection.KERNEL32(?,?,-00000004,00007FF6297D49B9), ref: 00007FF6297D5DB5
timeGetTime.WINMM(?,?,-00000004,00007FF6297D49B9), ref: 00007FF6297D5DFA
SetEvent.KERNEL32 ref: 00007FF6297D5E27
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D5E3B
WSASetLastError.WS2_32(?,?,-00000004,00007FF6297D49B9), ref: 00007FF6297D5E52
LeaveCriticalSection.KERNEL32(?,?,-00000004,00007FF6297D49B9), ref: 00007FF6297D5E61
WSASetLastError.WS2_32(?,?,-00000004,00007FF6297D49B9), ref: 00007FF6297D5E73

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$Leave$ErrorLastTimetime$EnterEvent
String ID:
API String ID: 3019579578-0
Opcode ID: 0f5c7540d6a6d13954bf3b0610fbdb20e4227d3d9c7ae04a05d2493569245aae
Instruction ID: 462641a1bae066b4542203373c4f41a4c7623d1c3bc3cc85fb8e8dc7d83cdf3a
Opcode Fuzzy Hash: 0f5c7540d6a6d13954bf3b0610fbdb20e4227d3d9c7ae04a05d2493569245aae
Instruction Fuzzy Hash: 97414E3291864287EB709F15D84423E7361FBC4B84F184535DA4E87B98DF3CF881A752

Function 00007FF6297D5E90 Relevance: 13.6, APIs: 9, Instructions: 77COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32 ref: 00007FF6297D5EAA
TryEnterCriticalSection.KERNEL32 ref: 00007FF6297D5ECB
TryEnterCriticalSection.KERNEL32 ref: 00007FF6297D5EDD
SetLastError.KERNEL32 ref: 00007FF6297D5EF6
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D5F00
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D5F0A

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeave
String ID:
API String ID: 4082018349-0
Opcode ID: 67fb679d431cd07a0a75245ad9faae6b58536de87acf8e54a525854fe2ab2b98
Instruction ID: 28d9f8c0500b1d4a2fd44954f698dd8573ce83fa2074447bad4e5c8a86c5396f
Opcode Fuzzy Hash: 67fb679d431cd07a0a75245ad9faae6b58536de87acf8e54a525854fe2ab2b98
Instruction Fuzzy Hash: 89314F32A19A8287EB909F25DC4427D33A4FF84B89F484431DA4ECA798DF3CD455E712

Function 00007FF6297F0C08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 00007FF6297F0C65

Part of subcall function 00007FF6297F2FC8: __GetUnwindTryBlock.LIBCMT ref: 00007FF6297F300B
Part of subcall function 00007FF6297F2FC8: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00007FF6297F3030

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6297F0D3D
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 00007FF6297F0F8B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6297F1098

Strings

csm, xrefs: 00007FF6297F0CE6
csm, xrefs: 00007FF6297F0D60
csm, xrefs: 00007FF6297F0C7F

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 2b2ef099c7c498c1f83d83cf8365c45f4a2add1e44776cae4b3bb5ec5925f551
Instruction ID: da388d4115c2ac4ba019b861e8d737f6d571f78e453cd237c340db872f9aaab1
Opcode Fuzzy Hash: 2b2ef099c7c498c1f83d83cf8365c45f4a2add1e44776cae4b3bb5ec5925f551
Instruction Fuzzy Hash: F7D16C22A087818AEF209F65D8403AD77A0FB957DCF100135EE8DA7B99DF38E195D742

Function 000000018000E388 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON

Download Yara Rule

APIs

__FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 000000018000E3E5

Part of subcall function 0000000180010748: __GetUnwindTryBlock.LIBCMT ref: 000000018001078B
Part of subcall function 0000000180010748: __SetUnwindTryBlock.LIBVCRUNTIME ref: 00000001800107B0

Is_bad_exception_allowed.LIBVCRUNTIME ref: 000000018000E4BD
__FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 000000018000E70B
std::bad_alloc::bad_alloc.LIBCMT ref: 000000018000E818

Strings

csm, xrefs: 000000018000E3FF
csm, xrefs: 000000018000E466
csm, xrefs: 000000018000E4E0

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 849930591-393685449
Opcode ID: 3a718ee7f8b6373924fa1ef36f33fea09a8afd655926d26086879ab94a1df2a9
Instruction ID: 11f02f1a1b6f2119d6ab1984a83f1249e0a72176be5e98c1a38744feb3c8c25a
Opcode Fuzzy Hash: 3a718ee7f8b6373924fa1ef36f33fea09a8afd655926d26086879ab94a1df2a9
Instruction Fuzzy Hash: D3D18C32604B888AEBA2DB65D4403DD77A0F75A7D8F108116FE8967B96DF34C299C701

Function 00007FF6298008B4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32 ref: 00007FF629800A30
GetProcAddress.KERNEL32 ref: 00007FF629800A3C

Strings

api-ms-, xrefs: 00007FF62980097A
ext-ms-, xrefs: 00007FF62980098D

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 7440c042807cac739352953deb803b73dd017de38a4217708bea05fa604c5186
Instruction ID: 95b7bec04ea13a58abb880cd373e1b921f289c6b06711ab661d193e60a98ef65
Opcode Fuzzy Hash: 7440c042807cac739352953deb803b73dd017de38a4217708bea05fa604c5186
Instruction Fuzzy Hash: 44419F21B1AA0285FF25CF16ED106BA2291BF85BA0F4D5A36DD0DD7794EE3CE445E302

Function 000000018001D430 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,?,?,000000018001DB38,?,?,?,?,0000000180013C41,?,?,?,?,0000000180007340), ref: 000000018001D5AC
GetProcAddress.KERNEL32(?,?,?,000000018001DB38,?,?,?,?,0000000180013C41,?,?,?,?,0000000180007340), ref: 000000018001D5B8

Strings

api-ms-, xrefs: 000000018001D4F6
ext-ms-, xrefs: 000000018001D509

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: 9ca9f382646b4c989892281ad302a63fa07b97429ac017ba95ecba264538f1cf
Instruction ID: d8fc979b45583009b6d8f450d37dd7f080959f75dab4b2bcac9e25a23a010083
Opcode Fuzzy Hash: 9ca9f382646b4c989892281ad302a63fa07b97429ac017ba95ecba264538f1cf
Instruction Fuzzy Hash: 8D41E031311E0C92FB97CB16A9007DA2392B74DBE8F59C526AD1A87784EF78CA498704

Function 00007FF6297DE01F Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 94filestringCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF6297DE0E9
WriteFile.KERNEL32 ref: 00007FF6297DE119
CloseHandle.KERNEL32 ref: 00007FF6297DE12A
lstrlenW.KERNEL32 ref: 00007FF6297DE135
wsprintfW.USER32 ref: 00007FF6297DE159
lstrcpyW.KERNEL32 ref: 00007FF6297DE168

Part of subcall function 00007FF6297E06A0: lstrlenW.KERNEL32 ref: 00007FF6297E0718
Part of subcall function 00007FF6297E06A0: wsprintfW.USER32 ref: 00007FF6297E07A2
Part of subcall function 00007FF6297E06A0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6297E0806
Part of subcall function 00007FF6297E06A0: lstrcatW.KERNEL32 ref: 00007FF6297E0841
Part of subcall function 00007FF6297E06A0: lstrcatW.KERNEL32 ref: 00007FF6297E084E

Strings

%s %s, xrefs: 00007FF6297DE152

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Filelstrcatlstrlenwsprintf$CloseCreateEnvironmentExpandHandleStringsWritelstrcpy
String ID: %s %s
API String ID: 958574092-2939940506
Opcode ID: eceb82c3cd3af4ca55499d5fe9bd5fadc0488819e054981a88d383308b1fa06d
Instruction ID: 0d3cc53db14dda891c1ca2adf7b9b9b5a5c7eb3effd3ff223f81829c5442ed41
Opcode Fuzzy Hash: eceb82c3cd3af4ca55499d5fe9bd5fadc0488819e054981a88d383308b1fa06d
Instruction Fuzzy Hash: ED413122A18FC681EB118F28D9043FD2320FBD5B88F55A325DB4D56656EF39E2D9D700

Function 000000018000B544 Relevance: 12.2, APIs: 8, Instructions: 227COMMON

Download Yara Rule

APIs

__scrt_dllmain_crt_thread_attach.LIBCMT ref: 000000018000B56C
__scrt_acquire_startup_lock.LIBCMT ref: 000000018000B5BE
_RTC_Initialize.LIBCMT ref: 000000018000B5EC
__scrt_dllmain_after_initialize_c.LIBCMT ref: 000000018000B612
__scrt_release_startup_lock.LIBCMT ref: 000000018000B63D

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
String ID:
API String ID: 190073905-0
Opcode ID: aab2033705f31d13bb710668e14191793ff1325bb45cecf30cfdf4bf87d378c1
Instruction ID: b1da23782529deac30f099c77194b92e1a7a79ade0d699db9422c502c86d5b2b
Opcode Fuzzy Hash: aab2033705f31d13bb710668e14191793ff1325bb45cecf30cfdf4bf87d378c1
Instruction Fuzzy Hash: F081AF30A0064D86FAD3EB6599813D93390AB8DBC4F54C015FA48977A2DE78CB4DCF00

Function 00007FF6297D4A90 Relevance: 12.1, APIs: 8, Instructions: 104networkCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6297D4AD0
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D4B20
send.WS2_32 ref: 00007FF6297D4B49
EnterCriticalSection.KERNEL32 ref: 00007FF6297D4B58
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D4B6F
WSAGetLastError.WS2_32 ref: 00007FF6297D4BA9
EnterCriticalSection.KERNEL32 ref: 00007FF6297D4BB9
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D4BFB

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ErrorLastsend
String ID:
API String ID: 3480985631-0
Opcode ID: dcbfb0b2159904ea6d1c624c1834ef820b2325ccb56d393d0a5f1f6bb36a758c
Instruction ID: c642d65c2065bb28f655640600f98d946f7a31c24fe2071c8c2ba0574be85075
Opcode Fuzzy Hash: dcbfb0b2159904ea6d1c624c1834ef820b2325ccb56d393d0a5f1f6bb36a758c
Instruction Fuzzy Hash: 23414F36608B8182EB588F26E9442AC73B4FB88FC8F184535CE1D87B98DF38E555D761

Function 00007FF6297F9480 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F94C3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F98B0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F9B4C

Strings

f, xrefs: 00007FF6297F95E5
p, xrefs: 00007FF6297F95ED
p, xrefs: 00007FF6297F9575

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: 42fb3e65d0f17d18353857ebdda260012259b146ac6ef5ada1715a4ca3ec7708
Instruction ID: 849ba80fc81c24bf1d6388740d27c5fe0727f3bc770b011e83112f7bc71e0ffd
Opcode Fuzzy Hash: 42fb3e65d0f17d18353857ebdda260012259b146ac6ef5ada1715a4ca3ec7708
Instruction Fuzzy Hash: E712AF22E0C14386FF249E15D8546BA7291FBC07D8F844036EE9AA76C4DF3DE584EB06

Function 00000001800187A8 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 494COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001800187EB
_invalid_parameter_noinfo.LIBCMT ref: 0000000180018BD8
_invalid_parameter_noinfo.LIBCMT ref: 0000000180018E74

Strings

f, xrefs: 000000018001890D
p, xrefs: 0000000180018915
p, xrefs: 000000018001889D

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: f$p$p
API String ID: 3215553584-1995029353
Opcode ID: 730ec7c73464c0e22b00d9c6858c7d82ef3e1cdb4796676c72299090f6d48783
Instruction ID: 3e8c0ddebcf4747a76db19149277b4397ccf20279b0311ded7689cd40d5d188f
Opcode Fuzzy Hash: 730ec7c73464c0e22b00d9c6858c7d82ef3e1cdb4796676c72299090f6d48783
Instruction Fuzzy Hash: 7A12E872608A4986FBA65B15E0543F977A2FB887D0FD8C015F681476C8DF38C788EB15

Function 000000018001FFA8 Relevance: 10.8, APIs: 7, Instructions: 290COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00000001800203D5

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 4088889be9819d41049a200a371a193d1a84681165ce87351eeee8399076b0a0
Instruction ID: 802ba34d1dba4c25a49d8928ede781a8ac287e4d5c7289e3b922aad4f9f43e26
Opcode Fuzzy Hash: 4088889be9819d41049a200a371a193d1a84681165ce87351eeee8399076b0a0
Instruction Fuzzy Hash: BFC1F532208B8D92E7E39B1594453EE7BA5F799BC0F658112FA4903393DFB9CA5D8700

Function 00007FF6297D4470 Relevance: 10.6, APIs: 7, Instructions: 143threadnetworktimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 00007FF6297D448E
SetWaitableTimer.KERNEL32 ref: 00007FF6297D44C3
WSAWaitForMultipleEvents.WS2_32 ref: 00007FF6297D456D
GetCurrentThreadId.KERNEL32 ref: 00007FF6297D4676

Part of subcall function 00007FF6297D4A90: EnterCriticalSection.KERNEL32 ref: 00007FF6297D4AD0
Part of subcall function 00007FF6297D4A90: LeaveCriticalSection.KERNEL32 ref: 00007FF6297D4B20
Part of subcall function 00007FF6297D4A90: send.WS2_32 ref: 00007FF6297D4B49
Part of subcall function 00007FF6297D4A90: EnterCriticalSection.KERNEL32 ref: 00007FF6297D4B58
Part of subcall function 00007FF6297D4A90: LeaveCriticalSection.KERNEL32 ref: 00007FF6297D4B6F
Part of subcall function 00007FF6297D4A90: WSAGetLastError.WS2_32 ref: 00007FF6297D4BA9
Part of subcall function 00007FF6297D4A90: EnterCriticalSection.KERNEL32 ref: 00007FF6297D4BB9
Part of subcall function 00007FF6297D4A90: LeaveCriticalSection.KERNEL32 ref: 00007FF6297D4BFB

SetLastError.KERNEL32 ref: 00007FF6297D4616

Part of subcall function 00007FF6297D5FC0: SetLastError.KERNEL32 ref: 00007FF6297D5FE4

GetLastError.KERNEL32 ref: 00007FF6297D461C
WSAGetLastError.WS2_32 ref: 00007FF6297D4641

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$ErrorLast$EnterLeave$CurrentThread$EventsMultipleTimerWaitWaitablesend
String ID:
API String ID: 2807917265-0
Opcode ID: 495490e7d3477735b75ad2edb0a11b0efccf73ea01b4538bcbeaf1220e2ab4c3
Instruction ID: f9a2916d2585a29fccabbe5094da2b2956a4db549eca48bf4f40c57e2d88760e
Opcode Fuzzy Hash: 495490e7d3477735b75ad2edb0a11b0efccf73ea01b4538bcbeaf1220e2ab4c3
Instruction Fuzzy Hash: D0514F71A0974286EF688F25DC4427923A4FB84B98F584635DE6EC77D8DF3CE440A722

Function 00007FF6297DB9E0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297DBA4B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF6297DBA93
_Getctype.LIBCPMT ref: 00007FF6297DBAAB
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297DBB63
_Getwctype.LIBCPMT ref: 00007FF6297DBBB1

Strings

bad locale name, xrefs: 00007FF6297DBB86

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 1386471777-1405518554
Opcode ID: 1e5e98c9536fad76aa215f10c33411828afcd6fe37bfa1046ea3f08e32c02a87
Instruction ID: 6f12afbecdbc6c8c4723a80e89689fdb05e51c173adb192a56656790785e7b5a
Opcode Fuzzy Hash: 1e5e98c9536fad76aa215f10c33411828afcd6fe37bfa1046ea3f08e32c02a87
Instruction Fuzzy Hash: 97514A22B09B818AFF15DFB0D8502BC2374EF94788F444139DE8DA6A5ADF38E556A311

Function 0000000180002060 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00000001800020CB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000000180002113
_Getctype.LIBCPMT ref: 000000018000212B
std::_Lockit::~_Lockit.LIBCPMT ref: 00000001800021E3
_Getwctype.LIBCPMT ref: 0000000180002231

Strings

bad locale name, xrefs: 0000000180002206

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$GetctypeGetwctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 1386471777-1405518554
Opcode ID: 6b7ba6e8446f5de1a585bb9ac0d148b9ac44657668e99689077215057fe3328f
Instruction ID: 205fddb4c06c6aec178ab2adc66388c5105195ae8e8825034b4c358a251d3f20
Opcode Fuzzy Hash: 6b7ba6e8446f5de1a585bb9ac0d148b9ac44657668e99689077215057fe3328f
Instruction Fuzzy Hash: 53515A32B05B888AFB56DFB4D4513EC3375EB58B88F448115EF4926A96DF34C65AD300

Function 00007FF6297E1D30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF6297E1DA0
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF6297E1DE8
_Getcoll.LIBCPMT ref: 00007FF6297E1E00
std::_Lockit::~_Lockit.LIBCPMT ref: 00007FF6297E1E8F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E1EE9

Strings

bad locale name, xrefs: 00007FF6297E1EEF

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$GetcollLocinfo::_Locinfo_ctorLockit::_Lockit::~__invalid_parameter_noinfo_noreturn
String ID: bad locale name
API String ID: 3908275632-1405518554
Opcode ID: 9950391e219e3f38a391214971ba9392170c4fde7a5665b9737b79cfa968d01f
Instruction ID: 626a839d935aebb9807f0151c52938d44564025511633b86417f1046ba59aadc
Opcode Fuzzy Hash: 9950391e219e3f38a391214971ba9392170c4fde7a5665b9737b79cfa968d01f
Instruction Fuzzy Hash: 86515D22B09B8189FF14DFB0D8513EC33A5AF84B88F444135EE8DA7A99DF389546E301

Function 00007FF6297F352C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,00007FF6297F37DE,?,?,?,00007FF6297F34D0,?,?,?,00007FF6297F0109), ref: 00007FF6297F35B1
GetLastError.KERNEL32(?,?,?,00007FF6297F37DE,?,?,?,00007FF6297F34D0,?,?,?,00007FF6297F0109), ref: 00007FF6297F35BF
LoadLibraryExW.KERNEL32(?,?,?,00007FF6297F37DE,?,?,?,00007FF6297F34D0,?,?,?,00007FF6297F0109), ref: 00007FF6297F35E9
FreeLibrary.KERNEL32(?,?,?,00007FF6297F37DE,?,?,?,00007FF6297F34D0,?,?,?,00007FF6297F0109), ref: 00007FF6297F3657
GetProcAddress.KERNEL32(?,?,?,00007FF6297F37DE,?,?,?,00007FF6297F34D0,?,?,?,00007FF6297F0109), ref: 00007FF6297F3663

Strings

api-ms-, xrefs: 00007FF6297F35D1

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: 79f1708f0d73a3895a2fe6d32fc30880b345232a89ca131bb8ab1f3b75cbd6b1
Instruction ID: a5d5fd9e9cf71cbeb4d52d23cb9dc688ee14259160678f4a8746fa217a374e7b
Opcode Fuzzy Hash: 79f1708f0d73a3895a2fe6d32fc30880b345232a89ca131bb8ab1f3b75cbd6b1
Instruction Fuzzy Hash: 1531CF21B1AA42D1EE25AF16AC005792394FFC8BE8F594536DD2DDB390EF3CE441A312

Function 0000000180010CAC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,?,0000000180010E6B,?,?,?,000000018000DA44,?,?,?,?,000000018000D7E1), ref: 0000000180010D31
GetLastError.KERNEL32(?,?,?,0000000180010E6B,?,?,?,000000018000DA44,?,?,?,?,000000018000D7E1), ref: 0000000180010D3F
LoadLibraryExW.KERNEL32(?,?,?,0000000180010E6B,?,?,?,000000018000DA44,?,?,?,?,000000018000D7E1), ref: 0000000180010D69
FreeLibrary.KERNEL32(?,?,?,0000000180010E6B,?,?,?,000000018000DA44,?,?,?,?,000000018000D7E1), ref: 0000000180010DD7
GetProcAddress.KERNEL32(?,?,?,0000000180010E6B,?,?,?,000000018000DA44,?,?,?,?,000000018000D7E1), ref: 0000000180010DE3

Strings

api-ms-, xrefs: 0000000180010D51

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: b09260a3b01b944e8a2ed352862a161e4ae98297871aeffd10098e1da1c3218e
Instruction ID: 6059c775b58af9673e93cb4f47e6f265eade308a4566bf057f510aae578ddb5e
Opcode Fuzzy Hash: b09260a3b01b944e8a2ed352862a161e4ae98297871aeffd10098e1da1c3218e
Instruction Fuzzy Hash: AE317E31212A4891FF93DB52A8007D533A4BB4CBE4F698525FE5947791EF78EA488300

Function 00007FF6297E0CA0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 82processstringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32 ref: 00007FF6297E0CB0
GetFileAttributesW.KERNEL32 ref: 00007FF6297E0D3D
GetLastError.KERNEL32 ref: 00007FF6297E0D4C
CreateProcessW.KERNEL32 ref: 00007FF6297E0DD9

Strings

h, xrefs: 00007FF6297E0DB9
WinSta0\Default, xrefs: 00007FF6297E0D6B

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: AttributesCreateErrorFileLastProcesslstrlen
String ID: WinSta0\Default$h
API String ID: 591566999-1620045033
Opcode ID: d2bab96cac4579f2c125ad1b394deb36b09c5d0372b7e3e75e386909ded7df42
Instruction ID: 1450cc19e274a78287a0c8757674557db9ff97d3f0b1a979ab46315b75bd617c
Opcode Fuzzy Hash: d2bab96cac4579f2c125ad1b394deb36b09c5d0372b7e3e75e386909ded7df42
Instruction Fuzzy Hash: 89316022E0D7C286EA608F25B9043BA6391FBD5790F045334EA9DC3B99EF2CE0949701

Function 000000018001AA54 Relevance: 10.6, APIs: 7, Instructions: 62COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA63
FlsGetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA78
FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AA99
FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AAC6
FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AAD7
FlsSetValue.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AAE8
SetLastError.KERNEL32(?,?,?,0000000180016A8B,?,?,?,?,?,?,?,?,0000000180012466,?,?,?), ref: 000000018001AB03

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: dbe77e66a7de49c6c9d3389502a61dbaa8101452699f92e69e049ceb59fb1c45
Instruction ID: 852cd9b20ebb93d6b7160b2014394db60870bae99b69435688c1eb5ffecd53cd
Opcode Fuzzy Hash: dbe77e66a7de49c6c9d3389502a61dbaa8101452699f92e69e049ceb59fb1c45
Instruction Fuzzy Hash: 29218134309A8C42FBDB637156463EA63966F8E7F0F44C715B93647AD6EF2886498301

Function 00007FF62980CC80 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF62980CCB1
GetLastError.KERNEL32 ref: 00007FF62980CCBD
CloseHandle.KERNEL32 ref: 00007FF62980CCD5
CreateFileW.KERNEL32 ref: 00007FF62980CD00
WriteConsoleW.KERNEL32 ref: 00007FF62980CD1F

Strings

CONOUT$, xrefs: 00007FF62980CCE1

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: c477bea2d07ef44c7e07df60decfd2619db83e7f0bc9226f08f6201d8069434b
Instruction ID: b9465909f93fbd94f0743acf662104d2fc5dc1aab1ed4cb7c9908387826e6dea
Opcode Fuzzy Hash: c477bea2d07ef44c7e07df60decfd2619db83e7f0bc9226f08f6201d8069434b
Instruction Fuzzy Hash: 63115E21A18B8186EB508F52EC54329A6A0FBC8FE4F594634EE5DC7BA4DF3CE8448741

Function 0000000180029EFC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 0000000180029F2D
GetLastError.KERNEL32 ref: 0000000180029F39
CloseHandle.KERNEL32 ref: 0000000180029F51
CreateFileW.KERNEL32 ref: 0000000180029F7C
WriteConsoleW.KERNEL32 ref: 0000000180029F9B

Strings

CONOUT$, xrefs: 0000000180029F5D

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 9a53dcf6b77aac4c641e8ca98971444a7ff2d0fa0d3f05d6ca1a50c7c06adfb9
Instruction ID: 554ccba47afcc93753359f4ddd31f1bcf11d1e9c05f01a0ab4e96358f6f9a8b8
Opcode Fuzzy Hash: 9a53dcf6b77aac4c641e8ca98971444a7ff2d0fa0d3f05d6ca1a50c7c06adfb9
Instruction Fuzzy Hash: BE118231724A8886E7D38B52E854359A3A0F78DFE4F148225FE5D877A4CF78CA498744

Function 00007FF6297DACF0 Relevance: 10.5, APIs: 7, Instructions: 40filesynchronizationstringCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF6297DAD09
CreateFileW.KERNEL32 ref: 00007FF6297DAD3D
SetFilePointer.KERNEL32 ref: 00007FF6297DAD62
lstrlenW.KERNEL32 ref: 00007FF6297DAD6B
WriteFile.KERNEL32 ref: 00007FF6297DAD89
CloseHandle.KERNEL32 ref: 00007FF6297DAD92
ReleaseMutex.KERNEL32 ref: 00007FF6297DAD9F

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: File$CloseCreateHandleMutexObjectPointerReleaseSingleWaitWritelstrlen
String ID:
API String ID: 4202892810-0
Opcode ID: 6d311e261bfe59e5949d3104aa2c883e73ffb96b44e413d4cc9c1204dacd56c9
Instruction ID: f2e3c8f8a04287ec608874a681af627e122746002cc76e70fd3169a28c7a491e
Opcode Fuzzy Hash: 6d311e261bfe59e5949d3104aa2c883e73ffb96b44e413d4cc9c1204dacd56c9
Instruction Fuzzy Hash: 47112175A08A4282FB109F11FD187657760FBC8BA4F588631DA5E43BA4CF7CD4499B05

Function 00007FF6297DEF25 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 34registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32 ref: 00007FF6297DEF4F
RegDeleteValueW.ADVAPI32 ref: 00007FF6297DEF63
RegSetValueExW.ADVAPI32 ref: 00007FF6297DEF8D
RegCloseKey.ADVAPI32 ref: 00007FF6297DEF9A

Strings

Console, xrefs: 00007FF6297DEF41
IpDatespecial, xrefs: 00007FF6297DEF5C, 00007FF6297DEF70

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Value$CloseDeleteOpen
String ID: Console$IpDatespecial
API String ID: 3183427449-1840232981
Opcode ID: f23957102dd5c337703c86b23f0909451c31f6d4053b1f337106711f9d04a52f
Instruction ID: a8b64fa2a20a05ffce74330380e974be99a1a4ee8e336144df254517704719e8
Opcode Fuzzy Hash: f23957102dd5c337703c86b23f0909451c31f6d4053b1f337106711f9d04a52f
Instruction Fuzzy Hash: F7015E36609AC186EB218F14EC107693760FBC5B59F488136CA5D83B58DF3CD199DB05

Function 00007FF6297D9220 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 26processCOMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF6297D9239
GetCommandLineW.KERNEL32 ref: 00007FF6297D923F
GetStartupInfoW.KERNEL32 ref: 00007FF6297D924D
CreateProcessW.KERNEL32 ref: 00007FF6297D9290
ExitProcess.KERNEL32 ref: 00007FF6297D929B

Strings

, xrefs: 00007FF6297D9284

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Process$CommandCreateExitFileInfoLineModuleNameStartup
String ID:
API String ID: 3421218197-3916222277
Opcode ID: 190dd20226834de6593c2658ef490eeec5e65b5d977b517c4b94419b13326a92
Instruction ID: 4968b1871ba277bdfe5806ea7afa40a663fe0fea13ad6e356bb72be91edf55cb
Opcode Fuzzy Hash: 190dd20226834de6593c2658ef490eeec5e65b5d977b517c4b94419b13326a92
Instruction Fuzzy Hash: 79F03132619A8286DB608F24F84875EB3A0FBC8754F544635E68E87A64DF3CD145CB00

Function 000000018000B1D8 Relevance: 9.2, APIs: 6, Instructions: 206COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 000000018000B248
MultiByteToWideChar.KERNEL32 ref: 000000018000B2E6
LCMapStringEx.KERNEL32 ref: 000000018000B34F
LCMapStringEx.KERNEL32 ref: 000000018000B3A1
LCMapStringEx.KERNEL32 ref: 000000018000B446
WideCharToMultiByte.KERNEL32 ref: 000000018000B4A0

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 7971f062b65952515ec8212ac2e9a2c677d9c1fc3ecd3cd2358e8a062519809b
Instruction ID: 1f9fede53b954f8e5b43acc8c264839122ab766aaf11d3bb555b3b9be0801e50
Opcode Fuzzy Hash: 7971f062b65952515ec8212ac2e9a2c677d9c1fc3ecd3cd2358e8a062519809b
Instruction Fuzzy Hash: A481D77220074886EBA2CF15E44079D73D5FB4CBE4F548615FA5987BD5DF78C6498B00

Function 0000000180005630 Relevance: 9.1, APIs: 6, Instructions: 118COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180005669
std::_Lockit::_Lockit.LIBCPMT ref: 000000018000568E
std::_Lockit::~_Lockit.LIBCPMT ref: 00000001800056B8
std::_Facet_Register.LIBCPMT ref: 000000018000572E
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180005748
Concurrency::cancel_current_task.LIBCPMT ref: 000000018000579E

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 120c1b7971d057f7d32ed189108cba4dc3bdaf4a53a91de180e5530db79fdb05
Instruction ID: 9bfdac23812655959e59ee9134ab68fe0fce2feb2ecedce451b1980171af903a
Opcode Fuzzy Hash: 120c1b7971d057f7d32ed189108cba4dc3bdaf4a53a91de180e5530db79fdb05
Instruction Fuzzy Hash: 1B416A36244B4881EA96DF26E4403EA77A0F788BD5F499522EE8D037A6DF38C649C700

Function 0000000180006D50 Relevance: 9.1, APIs: 6, Instructions: 103COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180006D82
std::_Lockit::_Lockit.LIBCPMT ref: 0000000180006DA7
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180006DD1
std::_Facet_Register.LIBCPMT ref: 0000000180006E47
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180006E61
Concurrency::cancel_current_task.LIBCPMT ref: 0000000180006EA6

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 7a4aba34b9ee0e7feb97e831a1f23563437c19ccbf85e67e868202ffd3c1e259
Instruction ID: 6e9778c85ceeebd191738d212a2141fb86d17769249ac1cf2784b10380d351a3
Opcode Fuzzy Hash: 7a4aba34b9ee0e7feb97e831a1f23563437c19ccbf85e67e868202ffd3c1e259
Instruction Fuzzy Hash: AC416B36640B8885EAA6DF26E5403E973A1F788BD4F489522EE4E077B5DF38C649C300

Function 00000001800093CC Relevance: 9.1, APIs: 6, Instructions: 81COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00000001800093E1
std::_Lockit::_Lockit.LIBCPMT ref: 0000000180009406
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180009430
std::_Facet_Register.LIBCPMT ref: 00000001800094A7
std::_Lockit::~_Lockit.LIBCPMT ref: 00000001800094C8
Concurrency::cancel_current_task.LIBCPMT ref: 00000001800094DB

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 0a459d356615af1532279fea11b62472358ce995c90851a97120222909910ee1
Instruction ID: 921b1d8f41fd75cbe69ba934d7afaa04baeb3bfee234873a740bcb75f00e34e4
Opcode Fuzzy Hash: 0a459d356615af1532279fea11b62472358ce995c90851a97120222909910ee1
Instruction Fuzzy Hash: 9F31AE32242A4C81EA97DF95E5407E97361E788BE0F188122FE5D077A6DF78C60AC300

Function 00007FF6297D4940 Relevance: 9.1, APIs: 6, Instructions: 80networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FF6297D4964
SetLastError.KERNEL32 ref: 00007FF6297D4977
WSAGetLastError.WS2_32 ref: 00007FF6297D49C8
SetLastError.KERNEL32 ref: 00007FF6297D4A32
WSASetLastError.WS2_32 ref: 00007FF6297D4A3D
GetLastError.KERNEL32 ref: 00007FF6297D4A43

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLast$recv
String ID:
API String ID: 316788870-0
Opcode ID: 4d768c99772465553fa61935876ff201d4a32ce5a3f2b2de379ff66690b2a509
Instruction ID: 4a24e90cb70efb57f86e83306491009c33ae994541f1bee5ff0d0648edb4c7ec
Opcode Fuzzy Hash: 4d768c99772465553fa61935876ff201d4a32ce5a3f2b2de379ff66690b2a509
Instruction Fuzzy Hash: ED314132A1864282FF648F2AE88537D27A1FBC5B88F544535CA4DC63D8DF3DD844A712

Function 0000000180006080 Relevance: 9.1, APIs: 6, Instructions: 79COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180006095
std::_Lockit::_Lockit.LIBCPMT ref: 00000001800060BA
std::_Lockit::~_Lockit.LIBCPMT ref: 00000001800060E4
std::_Facet_Register.LIBCPMT ref: 000000018000615B
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180006175
Concurrency::cancel_current_task.LIBCPMT ref: 0000000180006188

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 01c04fa9871c3a39ffcf0a934f0e415b4afe528a6c6d455696e5ee859d00c823
Instruction ID: 17143bbf385a982bdb54c7383b9f9f07d2b43b60ea543350829077e0f004077e
Opcode Fuzzy Hash: 01c04fa9871c3a39ffcf0a934f0e415b4afe528a6c6d455696e5ee859d00c823
Instruction Fuzzy Hash: 28317032604A4895EA97DF15E8403E97362F79C7E4F4C8221FE4A473A6EF38C64AC300

Function 00000001800057B0 Relevance: 9.1, APIs: 6, Instructions: 79COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00000001800057C5
std::_Lockit::_Lockit.LIBCPMT ref: 00000001800057EA
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180005814
std::_Facet_Register.LIBCPMT ref: 000000018000588B
std::_Lockit::~_Lockit.LIBCPMT ref: 00000001800058A5
Concurrency::cancel_current_task.LIBCPMT ref: 00000001800058B8

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 2081738530-0
Opcode ID: 4c84763795ff46bb11d74f9b0c05f5ef24f69a033a1c856c3f921719e211355b
Instruction ID: 188fe48b5b8d51294082f477e532e1cd5573214a1d4b025d7eb095671354e5f8
Opcode Fuzzy Hash: 4c84763795ff46bb11d74f9b0c05f5ef24f69a033a1c856c3f921719e211355b
Instruction Fuzzy Hash: EB317232601A4885FA97DB55D4403EA7361F798BD5F48D121FE59572A6EF38C64AC300

Function 00007FF6297F10D8 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF6297F1276
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF6297F159F

Strings

csm, xrefs: 00007FF6297F11BD
csm, xrefs: 00007FF6297F129D
csm, xrefs: 00007FF6297F121F

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 89a7cbb458af1ec799ed0823309e47d85c371afd6e512bd69dcc86c67ccd7e4c
Instruction ID: 593eff48ad15b6b49ab0b45c4fa8ba456fcbf2c42617504bc49abe841df2c596
Opcode Fuzzy Hash: 89a7cbb458af1ec799ed0823309e47d85c371afd6e512bd69dcc86c67ccd7e4c
Instruction Fuzzy Hash: 43E1B172A086828AEF60DF64D8402BD77A0FB9578CF100135DE8DA7B96DF38E585D742

Function 000000018000E858 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 320COMMON

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 000000018000E9F6
std::bad_alloc::bad_alloc.LIBCMT ref: 000000018000ED1F

Strings

csm, xrefs: 000000018000E93D
csm, xrefs: 000000018000E99F
csm, xrefs: 000000018000EA1D

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 3523768491-393685449
Opcode ID: 52fd8afce82c30d52040a3feb8681f15f7a184bd3fac23872912cd14114af7cf
Instruction ID: 8cd4f6dfc1cbc8e28258d450a9c7c49759c218ec614c58e15a5991c5420c4a6a
Opcode Fuzzy Hash: 52fd8afce82c30d52040a3feb8681f15f7a184bd3fac23872912cd14114af7cf
Instruction Fuzzy Hash: 40E19D33604AC88AE7A2DF74D4803ED7BA0F74A798F148126FA9957796DF34C689C700

Function 00007FF6297D5300 Relevance: 9.1, APIs: 6, Instructions: 63synchronizationtimeCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32 ref: 00007FF6297D531C
ResetEvent.KERNEL32 ref: 00007FF6297D5329
timeGetTime.WINMM ref: 00007FF6297D532F
WaitForSingleObject.KERNEL32 ref: 00007FF6297D5379
ResetEvent.KERNEL32 ref: 00007FF6297D5396

Part of subcall function 00007FF6297D4C50: GetCurrentThreadId.KERNEL32 ref: 00007FF6297D4C65
Part of subcall function 00007FF6297D4C50: SwitchToThread.KERNEL32 ref: 00007FF6297D4C9D
Part of subcall function 00007FF6297D4C50: SetLastError.KERNEL32 ref: 00007FF6297D4CDC

ResetEvent.KERNEL32 ref: 00007FF6297D53BD

Part of subcall function 00007FF6297F8940: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F896B

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: EventReset$Thread$CurrentErrorLastObjectSingleSwitchTimeWait_invalid_parameter_noinfotime
String ID:
API String ID: 2235205178-0
Opcode ID: 6797ce520ad4e8d809bfec53c9e8342f43c56bbc6854028e75bb9cf567634471
Instruction ID: 9c602ce3abf147759e50565a600919ddff9992367fa40080a3f45b1d80796e19
Opcode Fuzzy Hash: 6797ce520ad4e8d809bfec53c9e8342f43c56bbc6854028e75bb9cf567634471
Instruction Fuzzy Hash: 48212A32A08A8186EB50CF26EC442A973A4FF88F98F188531DE5DD7768CF3CD5859761

Function 00007FF6297FEBE8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000,00007FF6297FA3FB,?,?,?), ref: 00007FF6297FEBF7
FlsSetValue.KERNEL32(?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000,00007FF6297FA3FB,?,?,?), ref: 00007FF6297FEC2D
FlsSetValue.KERNEL32(?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000,00007FF6297FA3FB,?,?,?), ref: 00007FF6297FEC5A
FlsSetValue.KERNEL32(?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000,00007FF6297FA3FB,?,?,?), ref: 00007FF6297FEC6B
FlsSetValue.KERNEL32(?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000,00007FF6297FA3FB,?,?,?), ref: 00007FF6297FEC7C
SetLastError.KERNEL32(?,?,000026134426113E,00007FF6297F8B05,?,?,?,?,00007FF629802546,?,?,00000000,00007FF6297FA3FB,?,?,?), ref: 00007FF6297FEC97

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: ae6f202f78a3fef56879520fe118d2f33bae8a9cde3df911dcd1aef05bcedbfe
Instruction ID: a98ebd735a8f5e52b87e9c906a5877ef38575e7d57bc267a0180db2e4ef8892a
Opcode Fuzzy Hash: ae6f202f78a3fef56879520fe118d2f33bae8a9cde3df911dcd1aef05bcedbfe
Instruction Fuzzy Hash: 73112C20E0E68282FF546F259E5513962425FC47F8F584B35EC6ED66D6DE2CB801B202

Function 000000018001ABCC Relevance: 9.1, APIs: 6, Instructions: 57COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,000037B719E332F5,0000000180013B69,?,?,?,?,0000000180021DA2,?,?,00000000,000000018002397F,?,?,?), ref: 000000018001ABDB
FlsSetValue.KERNEL32(?,?,000037B719E332F5,0000000180013B69,?,?,?,?,0000000180021DA2,?,?,00000000,000000018002397F,?,?,?), ref: 000000018001AC11
FlsSetValue.KERNEL32(?,?,000037B719E332F5,0000000180013B69,?,?,?,?,0000000180021DA2,?,?,00000000,000000018002397F,?,?,?), ref: 000000018001AC3E
FlsSetValue.KERNEL32(?,?,000037B719E332F5,0000000180013B69,?,?,?,?,0000000180021DA2,?,?,00000000,000000018002397F,?,?,?), ref: 000000018001AC4F
FlsSetValue.KERNEL32(?,?,000037B719E332F5,0000000180013B69,?,?,?,?,0000000180021DA2,?,?,00000000,000000018002397F,?,?,?), ref: 000000018001AC60
SetLastError.KERNEL32(?,?,000037B719E332F5,0000000180013B69,?,?,?,?,0000000180021DA2,?,?,00000000,000000018002397F,?,?,?), ref: 000000018001AC7B

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 29a142ae4fc881daeb50b9aa613c13a0e560aed2600cb0c3b1d23bed98e67ab8
Instruction ID: 6336c9d8f692e95d9c5df55ebe11836466add78df9332ca103cf2cef11a9400d
Opcode Fuzzy Hash: 29a142ae4fc881daeb50b9aa613c13a0e560aed2600cb0c3b1d23bed98e67ab8
Instruction Fuzzy Hash: DD11BE34309A4C82FBDBA37596553EA22929B8E7F0F00C725B93A477D6EF2886494740

Function 0000000180001D50 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180001DBB
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000000180001E03
_Getctype.LIBCPMT ref: 0000000180001E1B
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180001EAB

Strings

bad locale name, xrefs: 0000000180001ECE

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$GetctypeLocinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2967684691-1405518554
Opcode ID: 64695b106198e755eff40ccbe4da75bf0a5c8355beaa60347c6da880a5ccc215
Instruction ID: 457f4921bcab4821e7849c5fbe6ac6fb891d93ee2024ee1270cc27e04b4c7c73
Opcode Fuzzy Hash: 64695b106198e755eff40ccbe4da75bf0a5c8355beaa60347c6da880a5ccc215
Instruction Fuzzy Hash: 6D416D32706B84C9FB96DFB0D4913EC3365EB58B88F448415EE4926A9ADF34C61AD344

Function 00007FF6297FBC90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF6297FBCB5
GetProcAddress.KERNEL32 ref: 00007FF6297FBCCB
FreeLibrary.KERNEL32 ref: 00007FF6297FBCF2

Strings

CorExitProcess, xrefs: 00007FF6297FBCC4
mscoree.dll, xrefs: 00007FF6297FBCAC

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 4e200ac4912f663bf200d97a0492af6b570e41165da9f834e6f0b0fe5145a0ad
Instruction ID: c9539bdbe1e0af41db58c38bc29884689a4c60464496cbe7552e4c5931c0243a
Opcode Fuzzy Hash: 4e200ac4912f663bf200d97a0492af6b570e41165da9f834e6f0b0fe5145a0ad
Instruction Fuzzy Hash: 9EF09C61B1AA0281EF108F24EC547796320FFC97A5F584739C96D865F4CF2DD045E301

Function 0000000180017ACC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 0000000180017AF1
GetProcAddress.KERNEL32 ref: 0000000180017B07
FreeLibrary.KERNEL32 ref: 0000000180017B2E

Strings

mscoree.dll, xrefs: 0000000180017AE8
CorExitProcess, xrefs: 0000000180017B00

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 48794384edd42f76f01b31abd9b3a34649d66c0a4991f16342a82150d828e30c
Instruction ID: c7981282e32efebeccc1285cf22a27b487855ed529e36011a4ef044e0089154f
Opcode Fuzzy Hash: 48794384edd42f76f01b31abd9b3a34649d66c0a4991f16342a82150d828e30c
Instruction Fuzzy Hash: 49F09671315B4C91FB938B24E4843E95370FB4D7E1F548216E669455E4CF6CC64CC340

Function 00007FF6297DEFA3 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.ADVAPI32 ref: 00007FF6297DEFC9
RegDeleteValueW.ADVAPI32 ref: 00007FF6297DEFDD
RegCloseKey.ADVAPI32 ref: 00007FF6297DEFEA

Strings

Console, xrefs: 00007FF6297DEFBB
IpDatespecial, xrefs: 00007FF6297DEFD6

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: Console$IpDatespecial
API String ID: 849931509-1840232981
Opcode ID: 6e7d2c7a670a32b5de56c4a84771261a6cdbf4bc2880aa7204407435697e958c
Instruction ID: d0f135d333ed34cdb3a80c26b7af543e8f834325804b47843e23b7057cda21c2
Opcode Fuzzy Hash: 6e7d2c7a670a32b5de56c4a84771261a6cdbf4bc2880aa7204407435697e958c
Instruction Fuzzy Hash: 0DF06D36608DC185EB208F18EC107A93320EBC476AF044131CD1D93B68DF3CD1DA9B00

Function 00007FF6297F04D8 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 00007FF6297F05FB
__AdjustPointer.LIBCMT ref: 00007FF6297F0646

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: f957c6767cf5b81622e8ff6fae34e0b794288dc4cc0809d74a0a7b197e878a35
Instruction ID: 29e735cccd4f84951349abf238d6aff62fe317cb202f1ac11ebacade39afa949
Opcode Fuzzy Hash: f957c6767cf5b81622e8ff6fae34e0b794288dc4cc0809d74a0a7b197e878a35
Instruction Fuzzy Hash: C8B1F222E0AB42C1FE65DF159D406796390EFE4BC8F088435DE8DA7B95DE3CE441A742

Function 000000018000DC58 Relevance: 7.8, APIs: 5, Instructions: 290COMMON

Download Yara Rule

APIs

__AdjustPointer.LIBCMT ref: 000000018000DD7B
__AdjustPointer.LIBCMT ref: 000000018000DDC6

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: ebc393b52b48cc04e5c9b1c97f52e56d944419017ee65fad25771533bcdc82d9
Instruction ID: eb3b7977ae8f9180934a4530bb566c5a25c1755e12ee0d79c43d3515dd016e81
Opcode Fuzzy Hash: ebc393b52b48cc04e5c9b1c97f52e56d944419017ee65fad25771533bcdc82d9
Instruction Fuzzy Hash: D9B1B232202A8C82FAE7DB15D5407E97794AB5CBC4F19C427BE490B789DF74C68AC360

Function 00000001800016B0 Relevance: 7.7, APIs: 5, Instructions: 198COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00000001800018BB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 0000000180001932
Concurrency::cancel_current_task.LIBCPMT ref: 0000000180001938
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 0000000180001944
__std_exception_destroy.LIBVCRUNTIME ref: 000000018000196D

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task__std_exception_copy__std_exception_destroy
String ID:
API String ID: 1087005451-0
Opcode ID: 983f63db59c9861a35ee25389b91e130b78b440a4239188d788a671ee2a4fa99
Instruction ID: 7d43b0d82526ce2b3402540fb6dd75848486498bac8023869180411ce6b44045
Opcode Fuzzy Hash: 983f63db59c9861a35ee25389b91e130b78b440a4239188d788a671ee2a4fa99
Instruction Fuzzy Hash: EF81AF32B15B98C9FB52CBA4D8403DC7371A7597E8F109316EE6C26B96EF749689C300

Function 000000018001C9E0 Relevance: 7.7, APIs: 5, Instructions: 196COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 000000018001CA1F
_set_statfp.LIBCMT ref: 000000018001CA3D
_set_statfp.LIBCMT ref: 000000018001CA66
_set_statfp.LIBCMT ref: 000000018001CCA2

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: f4dd79240b51b0c21704e83aaa589ed4fa802d8d7f161a743a50b312269a4b72
Instruction ID: 6f0f603976d273e0bc5ee1cbab8870c9e96500b15387b1fad05b17080fc10dd3
Opcode Fuzzy Hash: f4dd79240b51b0c21704e83aaa589ed4fa802d8d7f161a743a50b312269a4b72
Instruction Fuzzy Hash: 8381B232114E8C49F3B38B35A451BEB6760AF9D7D8F04C305FD5A265A4DF34CA89874A

Function 00007FF62980C6BC Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF62980C6E4
_set_statfp.LIBCMT ref: 00007FF62980C6FF
_set_statfp.LIBCMT ref: 00007FF62980C71B
_set_statfp.LIBCMT ref: 00007FF62980C757

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 3a9c703ea5aaac55ee3dcba71a43574e980d604707a0521e319b1fc91c9c8b59
Instruction ID: 4d9009d8388b1806cf22da908af1d726b1d6aea3e21d47e98268cbd2eee6fa2b
Opcode Fuzzy Hash: 3a9c703ea5aaac55ee3dcba71a43574e980d604707a0521e319b1fc91c9c8b59
Instruction Fuzzy Hash: 42119A22E0EA0202FFA41D6CEC5237900416FD4364E1D0E35EB7FC62DAAF1CAC456206

Function 000000018002A460 Relevance: 7.6, APIs: 5, Instructions: 56COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 000000018002A488
_set_statfp.LIBCMT ref: 000000018002A4A3
_set_statfp.LIBCMT ref: 000000018002A4BF
_set_statfp.LIBCMT ref: 000000018002A4FB

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
Instruction ID: 30e523d46bf6013ddc2793ce494e8919f7ebf68a2be9d27671f3a3569b69be40
Opcode Fuzzy Hash: e65ba792651367d839098e214d5891407b2dde01c0b567b7a4e043ebbfca8b6f
Instruction Fuzzy Hash: 6411A332A18F0D03F7E72165E55A3E652416BDE3F0F08C625B976062D78F9CCB488301

Function 00007FF6297FECB0 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF6297F39FB,?,?,00000000,00007FF6297F3C96,?,?,?,?,?,00007FF6297F3C22), ref: 00007FF6297FECCF
FlsSetValue.KERNEL32(?,?,?,00007FF6297F39FB,?,?,00000000,00007FF6297F3C96,?,?,?,?,?,00007FF6297F3C22), ref: 00007FF6297FECEE
FlsSetValue.KERNEL32(?,?,?,00007FF6297F39FB,?,?,00000000,00007FF6297F3C96,?,?,?,?,?,00007FF6297F3C22), ref: 00007FF6297FED16
FlsSetValue.KERNEL32(?,?,?,00007FF6297F39FB,?,?,00000000,00007FF6297F3C96,?,?,?,?,?,00007FF6297F3C22), ref: 00007FF6297FED27
FlsSetValue.KERNEL32(?,?,?,00007FF6297F39FB,?,?,00000000,00007FF6297F3C96,?,?,?,?,?,00007FF6297F3C22), ref: 00007FF6297FED38

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 86bd21252e8a794773a6d9a19f3f969acd0493724c29e180940389d540fd6514
Instruction ID: 16bc470df03d3bb1439f8fe2008d4615524f3ef6ceef2e63c98157b4908e8243
Opcode Fuzzy Hash: 86bd21252e8a794773a6d9a19f3f969acd0493724c29e180940389d540fd6514
Instruction Fuzzy Hash: A3111F10E0E64241FF585F25AD5117962416FC47F4F584B35EC7D96AD5DE2CF801B603

Function 000000018001AC94 Relevance: 7.6, APIs: 5, Instructions: 54COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00000001800136B7,?,?,00000000,0000000180013952,?,?,?,?,?,00000001800138DE), ref: 000000018001ACB3
FlsSetValue.KERNEL32(?,?,?,00000001800136B7,?,?,00000000,0000000180013952,?,?,?,?,?,00000001800138DE), ref: 000000018001ACD2
FlsSetValue.KERNEL32(?,?,?,00000001800136B7,?,?,00000000,0000000180013952,?,?,?,?,?,00000001800138DE), ref: 000000018001ACFA
FlsSetValue.KERNEL32(?,?,?,00000001800136B7,?,?,00000000,0000000180013952,?,?,?,?,?,00000001800138DE), ref: 000000018001AD0B
FlsSetValue.KERNEL32(?,?,?,00000001800136B7,?,?,00000000,0000000180013952,?,?,?,?,?,00000001800138DE), ref: 000000018001AD1C

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 8cce4c5f0e70d6ca29b97c32849cd69abf9369bf703c258e938afac22d0a3fb6
Instruction ID: 914c458ab6939188e9ccdfceb6abdbeee0fcfecafaff658cabf852f1a111cb68
Opcode Fuzzy Hash: 8cce4c5f0e70d6ca29b97c32849cd69abf9369bf703c258e938afac22d0a3fb6
Instruction Fuzzy Hash: 5A118630309E4C41FBDB633566413EA22566F8E7F0F44D725B93A46BD6EE28C7494301

Function 00007FF6297FEB44 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,?,?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F), ref: 00007FF6297FEB55
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F), ref: 00007FF6297FEB74
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F), ref: 00007FF6297FEB9C
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F), ref: 00007FF6297FEBAD
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,00007FF629806E73,?,?,?,00007FF6297FF1A4,?,?,?,00007FF6297F819F), ref: 00007FF6297FEBBE

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 40b480678b9e6ae03057fc20160df1cacf0cc2b8c5d9a605f457dfc538dbbb21
Instruction ID: 0aaa24ac0983e4ceec15ef9662407e0f71e486cf1a0fab1fbf67c9fe5e47bc59
Opcode Fuzzy Hash: 40b480678b9e6ae03057fc20160df1cacf0cc2b8c5d9a605f457dfc538dbbb21
Instruction Fuzzy Hash: 03110C50E0E64742FE986F255C11A7922425FC53B8F580F39ED3EEA6C2ED2CB841B213

Function 000000018001AB28 Relevance: 7.6, APIs: 5, Instructions: 50COMMON

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,?,?,?,?,0000000180016A8B), ref: 000000018001AB39
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000000180016A8B), ref: 000000018001AB58
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000000180016A8B), ref: 000000018001AB80
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000000180016A8B), ref: 000000018001AB91
FlsSetValue.KERNEL32(?,?,?,?,?,?,?,0000000180016A8B), ref: 000000018001ABA2

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 0b6fabc1bf916e6fe8f7c00df96862480aef0449f5eee41e3fa08a1f5a2bb8cc
Instruction ID: a5c9708106037e6e2b64533c798d2982eec532633ece3afbdf1fdeffa0088a54
Opcode Fuzzy Hash: 0b6fabc1bf916e6fe8f7c00df96862480aef0449f5eee41e3fa08a1f5a2bb8cc
Instruction Fuzzy Hash: 5A115B3020DA8D42FBEBA37548967EA12475B8E7F0F18CB2579364A2D3EF2C97494300

Function 00007FF6297D56C0 Relevance: 7.5, APIs: 6, Instructions: 46COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6297D56E5
EnterCriticalSection.KERNEL32 ref: 00007FF6297D56EF
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D56FF
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D5709

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: ec8515e0b6118a22be018e0c36bf8043355ac570717b599eb6440d7a0495df03
Instruction ID: d061d15f5dfd88e3428c8af66797456c5c2e8aa6351da48576f0db0b3be6bdf0
Opcode Fuzzy Hash: ec8515e0b6118a22be018e0c36bf8043355ac570717b599eb6440d7a0495df03
Instruction Fuzzy Hash: 3B11F132625941C3EF909F26F8943AA6360FB84759F485431DB8F82A55CF3CE486D701

Function 00007FF6297DC0C0 Relevance: 7.5, APIs: 5, Instructions: 39COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 00007FF6297DC103
EnterCriticalSection.KERNEL32(?,?,?,00007FF6297DC094), ref: 00007FF6297DC115
EnterCriticalSection.KERNEL32 ref: 00007FF6297DC125
GdiplusShutdown.GDIPLUS ref: 00007FF6297DC133
LeaveCriticalSection.KERNEL32 ref: 00007FF6297DC140

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$Enter$DeleteGdiplusLeaveObjectShutdown
String ID:
API String ID: 1513102227-0
Opcode ID: cdd56314798a8dc9bb9b375cd871b4762f9b413abb23fcd634828e7dcd198d12
Instruction ID: a22751f7a37490299cafe8ada58241cad68ff005f0ba35d981cac4d83149e871
Opcode Fuzzy Hash: cdd56314798a8dc9bb9b375cd871b4762f9b413abb23fcd634828e7dcd198d12
Instruction Fuzzy Hash: 14112832506B52C1EF108F29E84006973B4FB88FA8B288636DA5D867A4DF3DD953D381

Function 00007FF6297D5640 Relevance: 7.5, APIs: 5, Instructions: 26synchronizationsleepCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF6297D5652
WaitForSingleObject.KERNEL32 ref: 00007FF6297D5664
Sleep.KERNEL32 ref: 00007FF6297D566F
CloseHandle.KERNEL32 ref: 00007FF6297D568C
CloseHandle.KERNEL32 ref: 00007FF6297D5699

Part of subcall function 00007FF6297D4C50: GetCurrentThreadId.KERNEL32 ref: 00007FF6297D4C65
Part of subcall function 00007FF6297D4C50: SwitchToThread.KERNEL32 ref: 00007FF6297D4C9D
Part of subcall function 00007FF6297D4C50: SetLastError.KERNEL32 ref: 00007FF6297D4CDC

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CloseHandleObjectSingleThreadWait$CurrentErrorLastSleepSwitch
String ID:
API String ID: 1535946027-0
Opcode ID: 6bee8a0a4dea1eafbbaf25a2cc800b23e58b43f259c7b6e2f946ecae76c8c5a2
Instruction ID: ec2d20cc81a53a0507fb93430a4b8e6144af2bf0cf324dd87459a879f30dd0a1
Opcode Fuzzy Hash: 6bee8a0a4dea1eafbbaf25a2cc800b23e58b43f259c7b6e2f946ecae76c8c5a2
Instruction Fuzzy Hash: C1F09736A09E4586EB049F26EC541783321EBC9F65F588630DE2E873A4CF3CD886D361

Function 00007FF6297F184C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6297F18BC
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6297F1907

Strings

MOC, xrefs: 00007FF6297F18D0
RCC, xrefs: 00007FF6297F18D8

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: a53d2363c14758023286afc4a6ab41b9c25c1dd74b553e4400a7d45858c9584b
Instruction ID: 2b3de1982482fee92ab8f24a271b879fab510b9f7843fdb508eebe4c85833017
Opcode Fuzzy Hash: a53d2363c14758023286afc4a6ab41b9c25c1dd74b553e4400a7d45858c9584b
Instruction Fuzzy Hash: 7B919E73A08B818AEB10DF64D8402AD7BA0FB857C8F14413AEE8DA7B55DF38D195DB01

Function 000000018000EFCC Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 000000018000F03C
_CallSETranslator.LIBVCRUNTIME ref: 000000018000F087

Strings

RCC, xrefs: 000000018000F058
MOC, xrefs: 000000018000F050

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 4bd709b9b59f72ec3c139efe9d7ce1a27f3884a3c59f33a9b2d37d482ef38b49
Instruction ID: 0108a547061a6338346a1fd8d7bfab91135ecffd3b7bd265e3fcb74934dd1a34
Opcode Fuzzy Hash: 4bd709b9b59f72ec3c139efe9d7ce1a27f3884a3c59f33a9b2d37d482ef38b49
Instruction Fuzzy Hash: A9917173604B888AE7A2DB65D4503ED7BA0F3487C8F14812AFB8957B55DF38C299CB00

Function 00007FF6297EFA80 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6297EFAAB
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF6297EFB42
RtlUnwindEx.KERNEL32 ref: 00007FF6297EFB9C

Strings

csm, xrefs: 00007FF6297EFB29

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 97e6136df740a7f50eb7a5892aa497e90dc07242db7e08e9cb4e882c62b2f360
Instruction ID: a70401c98a6fa97f25aa09595eeaeae0d0d85a566f00d3635b5625c699437a8d
Opcode Fuzzy Hash: 97e6136df740a7f50eb7a5892aa497e90dc07242db7e08e9cb4e882c62b2f360
Instruction Fuzzy Hash: 1B51C532B196028AEF14CF25E8546B87791EB84BC8F558131DE8D87B98EF7CE841E701

Function 000000018000D570 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 000000018000D59B
_IsNonwritableInCurrentImage.LIBCMT ref: 000000018000D632
RtlUnwindEx.KERNEL32 ref: 000000018000D68C

Strings

csm, xrefs: 000000018000D619

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm
API String ID: 2395640692-1018135373
Opcode ID: 13c358311fadf4f3df844621465b603840deb53ac7d28d89eec5d6156f6e5895
Instruction ID: 86b998f5bf12b8c96b234125250119a7e6b940c65465f7b73c8d9d992c02ae69
Opcode Fuzzy Hash: 13c358311fadf4f3df844621465b603840deb53ac7d28d89eec5d6156f6e5895
Instruction Fuzzy Hash: A151B436315A0C8AEB96CF19E444BAC7795F348BD8F50C126FA4947788EF79CA49C710

Function 00007FF6297F1DCC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6297F1DF4
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF6297F1EDC

Strings

csm, xrefs: 00007FF6297F1E16
csm, xrefs: 00007FF6297F1F2E

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: 1c7f32590a0a5e31803e0cd6c6efa8edac5466215bfbb7b2d07330e269dc0479
Instruction ID: 556d4a35c659a9ea5809b2ac00787c21a934c1624523c64735421b2c58417cac
Opcode Fuzzy Hash: 1c7f32590a0a5e31803e0cd6c6efa8edac5466215bfbb7b2d07330e269dc0479
Instruction Fuzzy Hash: D4516C32A0928286EF748F22984436876A0FB94BD9F184175DE9DA7BD5CF3CE451E702

Function 00007FF6297F15DC Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF6297F163B
_CallSETranslator.LIBVCRUNTIME ref: 00007FF6297F1687

Strings

MOC, xrefs: 00007FF6297F164F
RCC, xrefs: 00007FF6297F1657

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: b953805b3f16366bb71475c1063139944ec3feeea47b818f87e78a0e56bad00b
Instruction ID: 357190531dd89134c82788ee97ea0b3982e746c2eb19df7e4e1ccb1ddfe7ae03
Opcode Fuzzy Hash: b953805b3f16366bb71475c1063139944ec3feeea47b818f87e78a0e56bad00b
Instruction Fuzzy Hash: B4616C32908B8586EB608F15E8407AAB7A0FBD5BD8F044225EE9C97B55DF7CE190CB01

Function 000000018000F54C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 000000018000F574
__FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 000000018000F65C

Strings

csm, xrefs: 000000018000F6AE
csm, xrefs: 000000018000F596

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
String ID: csm$csm
API String ID: 3896166516-3733052814
Opcode ID: b0850b60aa430e1cd45b4dfe011a4f88f42e9d6e7321bba01b274de4dab42dce
Instruction ID: 7d909c39642bbe28e3b4d0590481b9fc60b29fe1a352d34aa78265810ee218f3
Opcode Fuzzy Hash: b0850b60aa430e1cd45b4dfe011a4f88f42e9d6e7321bba01b274de4dab42dce
Instruction Fuzzy Hash: 6C518F32108B888AEBB6CF2195443A877A0F759BD4F14C126FA9947FD5CF38C659DB02

Function 000000018000ED5C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 000000018000EDBB
_CallSETranslator.LIBVCRUNTIME ref: 000000018000EE07

Strings

MOC, xrefs: 000000018000EDCF
RCC, xrefs: 000000018000EDD7

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 3544855599-2084237596
Opcode ID: 07b4155514e20e92ecf9f64cf41b237b3d8f1a0173dca8fd81025e83db01d437
Instruction ID: c2457d181eea9d09e04ac9aac13fdd46311119c7a2a8b61cb530facff3a1096e
Opcode Fuzzy Hash: 07b4155514e20e92ecf9f64cf41b237b3d8f1a0173dca8fd81025e83db01d437
Instruction Fuzzy Hash: B7619072508BC881E7A2DB15E4407EAB7A0F799BD4F048216FB9857B95DF78C298CB00

Function 0000000180006A20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180006A8B
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000000180006AD3
std::_Lockit::~_Lockit.LIBCPMT ref: 0000000180006B63

Strings

bad locale name, xrefs: 0000000180006B86

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Lockit$Locinfo::_Locinfo_ctorLockit::_Lockit::~_
String ID: bad locale name
API String ID: 2775327233-1405518554
Opcode ID: 7f1a061b8976af83d8b946719d0ec26aa59b87afe9c014548f265c5772a16625
Instruction ID: 5a1a701f3471aaf2f3f08e489f1841eccae9a4ca403c690e0dbf9b0557de1cd2
Opcode Fuzzy Hash: 7f1a061b8976af83d8b946719d0ec26aa59b87afe9c014548f265c5772a16625
Instruction Fuzzy Hash: 97416F72702B48D9FB96DFB0D4913EC33A5EB48B88F048424AE4967A66DF34C619D344

Function 00007FF62980A7BC Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF62980A83B
WriteFile.KERNEL32 ref: 00007FF62980AB03
WriteFile.KERNEL32 ref: 00007FF62980AB49
GetLastError.KERNEL32 ref: 00007FF62980ABFF

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 77dd5d4aa20de0d79966c3f830593b01910af74af4cc21fda2ecf357b99f0be0
Instruction ID: f149ccf31613eed957a5b3d83f623237b30543a1e9b396b27607d153b1e5abb9
Opcode Fuzzy Hash: 77dd5d4aa20de0d79966c3f830593b01910af74af4cc21fda2ecf357b99f0be0
Instruction Fuzzy Hash: E4D10432B19A818AEB10CF65C8446EC37B6FB847D8B084636CE5D97B99DE3CE446D301

Function 000000018001E11C Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 000000018001E19B
WriteFile.KERNEL32 ref: 000000018001E463
WriteFile.KERNEL32 ref: 000000018001E4A9
GetLastError.KERNEL32 ref: 000000018001E55F

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: 861a04f167a145640bfa4ac565840c1d7945a4f9820a114d807eab6d418f50fa
Instruction ID: b3bd019fd41701119b6a00839c2f359c3c6b0fb5a801230ecd94157a94045758
Opcode Fuzzy Hash: 861a04f167a145640bfa4ac565840c1d7945a4f9820a114d807eab6d418f50fa
Instruction Fuzzy Hash: 54D1FF72704E888AE752CF69D4403DC37B2F359BD8F548216EE5997B99EE34C65AC300

Function 00007FF6297E7530 Relevance: 6.2, APIs: 4, Instructions: 238COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E78D6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E78DC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E78E2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E78E8

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: d257f816be6d76ad57501a7a9538cdd953e8241577ca37a1fb4d3e277f8092b9
Instruction ID: 55176166aec22014731139f5ace4be198c66c66621901e05806da7531c644016
Opcode Fuzzy Hash: d257f816be6d76ad57501a7a9538cdd953e8241577ca37a1fb4d3e277f8092b9
Instruction Fuzzy Hash: 6BB18B62F14B5585EF008FA5C8447EC23B1FB94BD8F409226DFAC67A99DF78A881D305

Function 00007FF62980B0E4 Relevance: 6.2, APIs: 4, Instructions: 219COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF62980B0CF), ref: 00007FF62980B200
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00007FF62980B0CF), ref: 00007FF62980B28B

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 8d852cd364b953300601feb318994bc5f66eb9b85f3205e0d4ed1d6cdd918134
Instruction ID: 75fabd387341c5d9e422c9f1b679628e867df6a7065ee9fb9cb36d4f96e14b89
Opcode Fuzzy Hash: 8d852cd364b953300601feb318994bc5f66eb9b85f3205e0d4ed1d6cdd918134
Instruction Fuzzy Hash: ED91A532E1965185FF508F659C502BD2BA0BB84B98F28453DDE0E97695EF3CD441E702

Function 000000018001EA44 Relevance: 6.2, APIs: 4, Instructions: 218COMMON

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000018001EA2F), ref: 000000018001EB60
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000018001EA2F), ref: 000000018001EBEB

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 49a2e42ec551f1b941d191485315cc1d7aab3ab981fb49e9029b938607fd3b67
Instruction ID: 968b22b41c18c0cc5373cbc988b2759c4878e4006f223ace9c89d3772c01036f
Opcode Fuzzy Hash: 49a2e42ec551f1b941d191485315cc1d7aab3ab981fb49e9029b938607fd3b67
Instruction Fuzzy Hash: 2D91D672714ED885F792CF6598803ED6BA0B74ABC8F54810AFE0A57A85DF74C64AC701

Function 00007FF6297E8750 Relevance: 6.2, APIs: 4, Instructions: 198COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E8994
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF6297E89A0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E89A6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E8A07

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID:
API String ID: 3936042273-0
Opcode ID: cedb37415d28f0d5fc81d2be32ad27eefc419e6366b4b4598dc6ad78484c38c0
Instruction ID: 6ecd68b3d803b353f0423e529fd414302e0fe79ff39b43187e346bf4fff6d25b
Opcode Fuzzy Hash: cedb37415d28f0d5fc81d2be32ad27eefc419e6366b4b4598dc6ad78484c38c0
Instruction Fuzzy Hash: 17719C62F18B8585EE04DF65D8083AC6361EB84FE4F558631DFAC57B95DF38E4809301

Function 00007FF6297DF160 Relevance: 6.2, APIs: 4, Instructions: 190processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF6297DF1AD
Process32FirstW.KERNEL32 ref: 00007FF6297DF23F
Process32NextW.KERNEL32 ref: 00007FF6297DF333

Part of subcall function 00007FF6297F87A0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F87C6

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297DF3FB

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Process32$CreateFirstNextSnapshotToolhelp32_invalid_parameter_noinfo_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 4260596558-0
Opcode ID: c6f38536b4c1532cb70b46ea82a55bc7ea5d3f0e8f222eae863a7f2387986adb
Instruction ID: 8191bf8aab4a40097e3584ea3351650f41a4a5ca5d29c36ed45000c58bfb08db
Opcode Fuzzy Hash: c6f38536b4c1532cb70b46ea82a55bc7ea5d3f0e8f222eae863a7f2387986adb
Instruction Fuzzy Hash: 9071C062B29A8681EF208F25D84426E6261FFC5BE0F458631EA6E837D4DF3CE540D711

Function 00007FF6297F9344 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF6297F939B
GetSystemInfo.KERNEL32 ref: 00007FF6297F93B4
VirtualAlloc.KERNEL32 ref: 00007FF6297F9422
VirtualProtect.KERNEL32 ref: 00007FF6297F943D

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: Virtual$AllocInfoProtectQuerySystem
String ID:
API String ID: 3562403962-0
Opcode ID: 8276b17d3f0086b027f55cc71dd443fed715192864dd3a3d0b6a65bee2902499
Instruction ID: 18a09071ddf4af796529a35456134d5dcc9025b3f7ae00dc221d276b675b2ec5
Opcode Fuzzy Hash: 8276b17d3f0086b027f55cc71dd443fed715192864dd3a3d0b6a65bee2902499
Instruction Fuzzy Hash: 66313532714A819EDB20CF25DC547E923A5FB88B88F888436EE4D97B48DF38E645D701

Function 00007FF6297D4F90 Relevance: 6.1, APIs: 4, Instructions: 58COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00007FF6297D4FAC
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D4FC3
LeaveCriticalSection.KERNEL32 ref: 00007FF6297D504B
SetEvent.KERNEL32 ref: 00007FF6297D506B

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CriticalSection$Leave$EnterEvent
String ID:
API String ID: 3394196147-0
Opcode ID: ee59a16ddcb61b2f30476306e2c70f7e991c931b41d410101ed0a7d795a74e2b
Instruction ID: 38dbee3eed2c21c4c8fe75ecf57f88ab982d64c3ff09f26fdc2c1b92b82e169a
Opcode Fuzzy Hash: ee59a16ddcb61b2f30476306e2c70f7e991c931b41d410101ed0a7d795a74e2b
Instruction Fuzzy Hash: FA21FB36704B8193DB48CF2AE9802ADB3A4FB88B84F548535DB6D83765DF38E4A1C740

Function 00007FF6297EE760 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF6297EE78C
GetCurrentThreadId.KERNEL32 ref: 00007FF6297EE79A
GetCurrentProcessId.KERNEL32 ref: 00007FF6297EE7A6
QueryPerformanceCounter.KERNEL32 ref: 00007FF6297EE7B6

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: cc56691cd60568e6146a7dde9c83608ec099c6c6a56f3e0ff612a8b3836fe06a
Instruction ID: 4d51b21c62c0c7e6ab8ba9702bc436374db4e3a21c76206736067fba1b1dad45
Opcode Fuzzy Hash: cc56691cd60568e6146a7dde9c83608ec099c6c6a56f3e0ff612a8b3836fe06a
Instruction Fuzzy Hash: 6D111826B15B018AEF008F60EC552B833A4FB99758F480E35EA6D86BA4DF7CD1549381

Function 00007FF6297D3FF0 Relevance: 6.0, APIs: 4, Instructions: 22synchronizationsleepCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 00007FF6297D4002
Sleep.KERNEL32 ref: 00007FF6297D400D
WaitForSingleObject.KERNEL32 ref: 00007FF6297D4024
WaitForSingleObject.KERNEL32 ref: 00007FF6297D4036

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ObjectSingleWait$Sleep
String ID:
API String ID: 2961732021-0
Opcode ID: 4ede45267323656183b3c0ec57ef8ecec2c46d3b5a24cc8965c2015fc5653a59
Instruction ID: f66e9a44c5e6a337cfef70bf03fa2874d5aa83e2c9158fd8b2452b591a5c1360
Opcode Fuzzy Hash: 4ede45267323656183b3c0ec57ef8ecec2c46d3b5a24cc8965c2015fc5653a59
Instruction Fuzzy Hash: 2EF0B762606E4586EB409F3ADC542283261EBC9B35F194730CE2D873E4CF2C84859355

Function 00007FF6297E1840 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 202COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E1A68
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF6297E1AD7

Strings

^(T[A-Za-z0-9]*|0x[A-Za-z0-9]*)$, xrefs: 00007FF6297E1868

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ^(T[A-Za-z0-9]*|0x[A-Za-z0-9]*)$
API String ID: 3668304517-660079095
Opcode ID: d6e9319f76612da4129a7a39a2785b1a8ebb768b0e5a827b01119e51270e07b9
Instruction ID: f2111a22b3ec5e73563fddef4291b14b917c2cf07f1575ec677274acde973764
Opcode Fuzzy Hash: d6e9319f76612da4129a7a39a2785b1a8ebb768b0e5a827b01119e51270e07b9
Instruction Fuzzy Hash: 0581AB72A15B818AEF68CF64D8417FC33A5EB88B98F044235EA9D83B88DF38D550D341

Function 00007FF6297F2004 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6297F202E

Strings

csm, xrefs: 00007FF6297F21C2
csm, xrefs: 00007FF6297F2053

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 2e13650262a6f61ea207b4025eb27adbf5cb157b43e28d55221f4b040b54e9a1
Instruction ID: 2a20dacaf5853cee2ae1db919de77a8f874f0ee5830d43ded3d274625670ec99
Opcode Fuzzy Hash: 2e13650262a6f61ea207b4025eb27adbf5cb157b43e28d55221f4b040b54e9a1
Instruction Fuzzy Hash: 3E71B072A0868186DF609F25984067D7BA0FB95BC8F148135DE8CA7B89CF3CD551E782

Function 000000018000F784 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 000000018000F7AE

Strings

csm, xrefs: 000000018000F942
csm, xrefs: 000000018000F7D3

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: __except_validate_context_record
String ID: csm$csm
API String ID: 1467352782-3733052814
Opcode ID: 895abce1613108e09bf91c6752ff72b91439e2e548a11cd7f7d4602d38364546
Instruction ID: becc8f7099377ae79f9dd4482b5ba2fdf4c1387738658b329dfe7b8e2f24bcde
Opcode Fuzzy Hash: 895abce1613108e09bf91c6752ff72b91439e2e548a11cd7f7d4602d38364546
Instruction Fuzzy Hash: D5717D722046C486EBB2CF25D4907B97BA0F349BC8F14C126EE8947B96DF38C699D741

Function 00007FF629801CC4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF6297F9248: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6297F927B

_get_daylight.LIBCMT ref: 00007FF629801DDC
_get_daylight.LIBCMT ref: 00007FF629801DED

Strings

?, xrefs: 00007FF629801D6D

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 0b7c1d742c13ddddedbe4d6e2c5e7ad1023c035335ca7369220edd5dde904ae5
Instruction ID: f1a313a7732f399a8f6fdb74c98e838623c8f62c12f31b245ed70066ee2b4549
Opcode Fuzzy Hash: 0b7c1d742c13ddddedbe4d6e2c5e7ad1023c035335ca7369220edd5dde904ae5
Instruction Fuzzy Hash: B5411622A0978242FF649F25D85137A6AA1EFC0BB4F184635EF5C86AE6DF3CD441D702

Function 00007FF6297F269C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF6297F2746
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF6297F276F

Strings

csm, xrefs: 00007FF6297F286F

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 503767daf86984436527780b72ab736630531d0d6d2b9058069c45c3b2766ca2
Instruction ID: 799e951ae0fdb5f81a127acf1cc72753be883b6d32636c4ebea3726602971c86
Opcode Fuzzy Hash: 503767daf86984436527780b72ab736630531d0d6d2b9058069c45c3b2766ca2
Instruction Fuzzy Hash: 9A516932A1874196EA20AF25E84026E7BA4FBD9BD4F140134EF8D97B55CF3CE460DB46

Function 000000018000FE1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 000000018000FEC6
_CreateFrameInfo.LIBVCRUNTIME ref: 000000018000FEEF

Strings

csm, xrefs: 000000018000FFEF

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_record
String ID: csm
API String ID: 2558813199-1018135373
Opcode ID: 5b34568935c4705788cbef81ace7358cb1415b5559f1a6b740380e12c6fe9909
Instruction ID: ba345324194aeead1a7fd208c2bc7d11cf1416831069b0cac38a44b55e278ebe
Opcode Fuzzy Hash: 5b34568935c4705788cbef81ace7358cb1415b5559f1a6b740380e12c6fe9909
Instruction Fuzzy Hash: E3514F36615B4886E7A1EF25E44039E77A4F38CBE0F14911AFB8907B56CF38D5A5CB00

Function 00007FF6297FBF84 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF6297FBFB6

Part of subcall function 00007FF6297FE6BC: RtlFreeHeap.NTDLL(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6D2
Part of subcall function 00007FF6297FE6BC: GetLastError.KERNEL32(?,?,?,00007FF6298065C2,?,?,?,00007FF62980693F,?,?,00000000,00007FF629806D85,?,?,?,00007FF629806CB7), ref: 00007FF6297FE6DC

GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6297EDF31), ref: 00007FF6297FBFD4

Strings

C:\Users\user\Desktop\A74lw30K2g.exe, xrefs: 00007FF6297FBFC2

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\Desktop\A74lw30K2g.exe
API String ID: 3580290477-2153160974
Opcode ID: 3a5b6248115956fb8c5867fcb2c099a73d6e8c573ad95eb16c3a51b61da9d299
Instruction ID: f5912d0d4350123a54b65037ea0bac5f551820f25442068f393ec6b307b61aa6
Opcode Fuzzy Hash: 3a5b6248115956fb8c5867fcb2c099a73d6e8c573ad95eb16c3a51b61da9d299
Instruction Fuzzy Hash: 0C419F36A08B5285EF14EF25AC501B82794FFC47C8B58403AED4E97B85DF3DE4419342

Function 00007FF62980AE54 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF62980AF6B
GetLastError.KERNEL32 ref: 00007FF62980AF8D

Strings

U, xrefs: 00007FF62980AF17

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 54112263acd02f42df0a8cef6501b04abbfb211da2f70ad802a6942ee1910395
Instruction ID: 3522acb50541d42a5e285a12178ff4fa27169ee78b4990959fe0e773d2fef328
Opcode Fuzzy Hash: 54112263acd02f42df0a8cef6501b04abbfb211da2f70ad802a6942ee1910395
Instruction Fuzzy Hash: 9941BF72A19A8182DB208F65E8483AA67A0FB88784F444531EE4DC7B98EF3CD441D741

Function 000000018001E7B4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 000000018001E8CB
GetLastError.KERNEL32 ref: 000000018001E8ED

Strings

U, xrefs: 000000018001E877

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: f24d4360071c80fb71cad35b825f144506e0bf8956c3b6e5e033a727242eb68e
Instruction ID: 6ca80f441ea9d728a68e55209c120f710e03378b6947d59e009682c10d2f7603
Opcode Fuzzy Hash: f24d4360071c80fb71cad35b825f144506e0bf8956c3b6e5e033a727242eb68e
Instruction Fuzzy Hash: D841B232614A8881DBA1CF25E8443EAA7A1F79C7D4F558022FE4D87798EF78C549CB40

Function 0000000180002640 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00000001800026EF
__std_exception_copy.LIBVCRUNTIME ref: 0000000180002728

Strings

ios_base::failbit set, xrefs: 0000000180002640

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: __std_exception_copy_invalid_parameter_noinfo_noreturn
String ID: ios_base::failbit set
API String ID: 1109970293-3924258884
Opcode ID: f48672037dbc756fe4a3c608245e54b90e6796cb79f5c20c2a751e4f68631c12
Instruction ID: ebe7e70430f3d93ff5bac542733ca5d67b21a4867189b9d29e9eb3c82015a28f
Opcode Fuzzy Hash: f48672037dbc756fe4a3c608245e54b90e6796cb79f5c20c2a751e4f68631c12
Instruction Fuzzy Hash: 44217272A14B8881EA428B25E5413E9B320EB6D7E4F54D312BAAC12795EF68C2D5C300

Function 0000000180001BD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180001BE7
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0000000180001C26

Part of subcall function 0000000180009268: _Yarn.LIBCPMT ref: 0000000180009296

Strings

bad locale name, xrefs: 0000000180001C3A

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_Yarn
String ID: bad locale name
API String ID: 1838369231-1405518554
Opcode ID: 7fa6409ea9060c50129f46dd6aba4315dbb287674bbff41f9bc8a706b28e0065
Instruction ID: 7684f1584dce57dd15b1b76c37149e27feac844ddba349f45601ed614675140c
Opcode Fuzzy Hash: 7fa6409ea9060c50129f46dd6aba4315dbb287674bbff41f9bc8a706b28e0065
Instruction Fuzzy Hash: 2D016232206B8489D786DF75A84038D77A5F76CB88F189129DA8C8371AEF34C694C340

Function 00007FF6297F0050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297D1111), ref: 00007FF6297F00A0
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF6297D1111), ref: 00007FF6297F00E1

Strings

csm, xrefs: 00007FF6297F00CE

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 3c98ac448948905eff4ad47a47963f754950c65019d46630b15deedf807f34ab
Instruction ID: 341e40689b852a4ca7ad78c98e3ce4b06414885ae3be24b6d43b321a0c6ba952
Opcode Fuzzy Hash: 3c98ac448948905eff4ad47a47963f754950c65019d46630b15deedf807f34ab
Instruction Fuzzy Hash: 3F115B32609B8082EB208F15E800269B7E1FB88B98F588231DE8C87B58DF3CC5518B01

Function 000000018000D4A8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00000001800075C6), ref: 000000018000D4F8
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00000001800075C6), ref: 000000018000D539

Strings

csm, xrefs: 000000018000D526

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: b4b2e42f82535f6cd8f43ede81a42d412f061f5a20d12d5532239127ba30e230
Instruction ID: f9483296fcb1112b1c41b7b709c5cb24d3e63c0f5610d76f34831a106a2daeab
Opcode Fuzzy Hash: b4b2e42f82535f6cd8f43ede81a42d412f061f5a20d12d5532239127ba30e230
Instruction Fuzzy Hash: 3A11FE36214B4882EBA2CF15E44039977E5F788B98F588226EE8D07B55DF38C655CB00

Function 00000001800077EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0000000180007801

Strings

ios_base::failbit set, xrefs: 00000001800077EE

Memory Dump Source

Source File: 00000000.00000003.3996677593.0000000180001000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000000180000000, based on PE: true

Associated: 00000000.00000003.1789807836.000000018002D000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.1789823968.000000018003E000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3569772161.0000000180042000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996578342.0000000180046000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000003.3996629569.0000000180000000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_180000000_A74lw30K2g.jbxd

Similarity

API ID: LockitLockit::_std::_
String ID: ios_base::failbit set
API String ID: 3382485803-3924258884
Opcode ID: 97d73ab2c9be66f3b8356052de4806099d5498c412a7310db58eab878f6b97e3
Instruction ID: 2400c2c62faab8a80a5c937cb35b6122776fcd50979075003f5fae5a11897ed5
Opcode Fuzzy Hash: 97d73ab2c9be66f3b8356052de4806099d5498c412a7310db58eab878f6b97e3
Instruction Fuzzy Hash: FE01DB32B4158854FB97DB55DA447E97711D7A87D4F08D021BE0C076A6DF38CA8BC310

Function 00007FF6297EA3D0 Relevance: 5.1, APIs: 4, Instructions: 103COMMON

Download Yara Rule

APIs

IsBadReadPtr.KERNEL32 ref: 00007FF6297EA40E
IsBadReadPtr.KERNEL32 ref: 00007FF6297EA4E3
SetLastError.KERNEL32(?,00000000,00007FF6297EA9E9,?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA505
SetLastError.KERNEL32(?,00000000,00007FF6297EA9E9,?,?,?,?,?,?,?,?,?,00007FF6297DD242), ref: 00007FF6297EA523

Memory Dump Source

Source File: 00000000.00000002.4142841260.00007FF6297D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6297D0000, based on PE: true

Associated: 00000000.00000002.4142818118.00007FF6297D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142877004.00007FF62980F000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142905980.00007FF629825000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142927877.00007FF629828000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142949532.00007FF62982C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.4142974460.00007FF629830000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff6297d0000_A74lw30K2g.jbxd

Similarity

API ID: ErrorLastRead
String ID:
API String ID: 4100373531-0
Opcode ID: e0e517c51036cec7b570afbeb596ed896a79d3929b09d4426d0e27ecdcf8b3b8
Instruction ID: 0f4dbe309900bf8d1fe3d77bb41d12914ff171afcb61098837021e7e965d82fe
Opcode Fuzzy Hash: e0e517c51036cec7b570afbeb596ed896a79d3929b09d4426d0e27ecdcf8b3b8
Instruction Fuzzy Hash: 1A411962B09B4287EF148F2AE84426923A0FB89B94F095435DF8E87754DF3CE4A1D711

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete or modify artifacts generated within systems to remove evidence of their presence or hinder defenses. Various artifacts may be created by an adversary or something that can be attributed to an adversary’s actions. Typically these artifacts are used as defensive indicators related to monitored events, such as strings from downloaded files, logs that are generated from user actions, and other data analyzed by defenders. Location, format, and type of artifact (such as command or login history) are often specific to each platform.
Tactics:	Defense Evasion
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Deletion, File: File Metadata, File: File Modification, Firewall: Firewall Rule Modification, Network Traffic: Network Traffic Content, Process: OS API Execution, Process: Process Creation, Scheduled Job: Scheduled Job Modification, User Account: User Account Authentication, User Account: User Account Deletion, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, Google Workspace, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report A74lw30K2g.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\kernelquick.sys

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Windows Analysis Report
A74lw30K2g.exe

Function 00007FF6297D62F0 Relevance: 193.3, APIs: 81, Strings: 29, Instructions: 845
registrystringprocessCOMMON

Function 00007FF6297EB500 Relevance: 103.7, APIs: 41, Strings: 18, Instructions: 406
registrylibrarysleepCOMMON

Function 00007FF6297DF410 Relevance: 81.0, APIs: 35, Strings: 11, Instructions: 532
registryprocessfileCOMMON

Function 00007FF6297DFD10 Relevance: 56.3, APIs: 27, Strings: 5, Instructions: 326
windowCOMMON

Function 00007FF6297D7250 Relevance: 54.7, APIs: 26, Strings: 5, Instructions: 457
COMMON

Function 00007FF6297D79E0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 216
stringregistrycomCOMMON

Function 00007FF6297DCD40 Relevance: 26.7, APIs: 7, Strings: 8, Instructions: 406
threadinjectionprocessCOMMON

Function 00007FF6297EA5A0 Relevance: 25.8, APIs: 17, Instructions: 347
memoryCOMMON

Function 00007FF6297D8900 Relevance: 45.7, APIs: 22, Strings: 4, Instructions: 225
memoryCOMMON

Function 00007FF6297E02A0 Relevance: 45.3, APIs: 30, Instructions: 260
memorywindowCOMMON

Function 00007FF6297DC340 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 297
windowCOMMON

Function 00007FF6297D3820 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 157
networkstringtimeCOMMON

Function 00007FF6297D8AD0 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 101
memoryCOMMON

Function 00007FF6297EBDD0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 223
memoryCOMMON

Function 00007FF6297D8690 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 149
memoryCOMMON