Edit tour

Windows Analysis Report
$RMH4FA8.exe

Overview

General Information

Sample name:	$RMH4FA8.exe
Analysis ID:	1523114
MD5:	be23dc8179b9aa8ddcfe08be342c27cb
SHA1:	fba1c67bbaaa7b62398fb99952940d82c66ceecb
SHA256:	1df5c8c17b6d6e1bb93cee6dca6a03b34c94db46416bc7653194ad570d986f7e
Infos:

Detection

Score:	39
Range:	0 - 100
Whitelisted:	false
Confidence:	20%

Compliance

Score:	32
Range:	0 - 100

Signatures

AI detected suspicious sample

Found stalling execution ending in API Sleep call

Uses known network protocols on non-standard ports

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

EXE planting / hijacking vulnerabilities found

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

OS version to string mapping found (often used in BOTs)

PE file contains an invalid checksum

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

$RMH4FA8.exe (PID: 7564 cmdline: "C:\Users\user\Desktop\$RMH4FA8.exe" MD5: BE23DC8179B9AA8DDCFE08BE342C27CB)

ISL_Light_Client_4_4_2332_44 49919761.exe (PID: 7664 cmdline: ISL_Light_Client_4_4_2332_44_49919761.exe MD5: D84CB294555A00A98C35FE808177007E)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 97.8% probability

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\$RMH4FA8.exe	EXE: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	EXE: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	EXE: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	EXE: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe	Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\$RMH4FA8.exe	EXE: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	EXE: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	EXE: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	EXE: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe	Jump to behavior

Uses 32bit PE files

Source: $RMH4FA8.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

PE / OLE file has a valid certificate

Source: $RMH4FA8.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: $RMH4FA8.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Binary contains paths to debug symbols

Source:	Binary string: E:\Builds\CL-ID3197-BILFA\b.ProgramISLLight3_win32.0\Release\shellsendto.pdb source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, shellsendto.exe.1.dr
Source:	Binary string: E:\build-dir\CL-NS111-BW32\b.ProgramISLNetworkStart_win32.0\Release\launch_normal.pdb source: $RMH4FA8.exe
Source:	Binary string: E:\BuildCache\libdatachannel-0.19.3-10-f9667200\libdatachannel-0.19.3\build\RelWithDebInfo\datachannel.pdb source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, datachannel.dll.1.dr
Source:	Binary string: E:\Builds\CL-ID3197-BILFA\b.ProgramISLLight3_win32.0\Release\ISLLightClient.pdb source: ISL_Light_Client_4_4_2332_44 49919761.exe, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLLight.dll.1.dr
Source:	Binary string: E:\Builds\CL-ID3197-BILFA\b.ProgramISLLight3_win32.0\Release\launch_normal.pdb source: $RMH4FA8.exe, 00000000.00000002.1701762634.0000000003109000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000000.1700818276.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, isllight.exe.1.dr
Source:	Binary string: E:\Builds\CL-ID3197-BILFA\b.ProgramISLLight3_win32.0\Release\mailopen.pdb source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, mailopen.exe.1.dr
Source:	Binary string: E:\build-dir\CL-NS111-BW32\b.ProgramISLNetworkStart_win32.0\Release\ISLNetworkStart.pdb source: $RMH4FA8.exe, 00000000.00000002.1703433838.000000006D002000.00000002.00000001.01000000.00000004.sdmp, $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr

Spreading

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_00C44157 FindFirstFileW,FindFirstFileA,

1_2_00C44157

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData\Local\ISL Online Cache	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Networking

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 7615 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 7615 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 7615 -> 49733

Detected TCP or UDP traffic on non-standard ports

Source: global traffic	TCP traffic: 192.168.2.4:49731 -> 195.201.59.111:7615
Source: global traffic	TCP traffic: 192.168.2.4:49732 -> 170.187.160.42:7615
Source: global traffic	TCP traffic: 192.168.2.4:49733 -> 139.144.234.209:7615

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: networkstart-ivfqcxy.islonline.net
Source: global traffic	DNS traffic detected: DNS query: networkstart-myipaicohlcbpwnb.islonline.net
Source: global traffic	DNS traffic detected: DNS query: isllight-myipaicohlcbrbhl.islonline.net

Source: $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, mailopen.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: $RMH4FA8.exe, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, mailopen.exe.1.dr, isllight.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, mailopen.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: $RMH4FA8.exe, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, mailopen.exe.1.dr, isllight.exe.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, mailopen.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: $RMH4FA8.exe, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, mailopen.exe.1.dr, isllight.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, mailopen.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: mailopen.exe.1.dr, isllight.exe.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: $RMH4FA8.exe, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, mailopen.exe.1.dr, isllight.exe.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: $RMH4FA8.exe, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, mailopen.exe.1.dr, isllight.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: $RMH4FA8.exe, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, mailopen.exe.1.dr, isllight.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, mailopen.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, mailopen.exe.1.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: ISLLight.dll.1.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0).
Source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1829930988.000000000330F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0).6L
Source: $RMH4FA8.exe, 00000000.00000002.1701625088.0000000002DC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0).P
Source: $RMH4FA8.exe, 00000000.00000002.1703433838.000000006D002000.00000002.00000001.01000000.00000004.sdmp, $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0).invalid
Source: $RMH4FA8.exe, ISLNetworkStart.dll.0.dr, datachannel.dll.1.dr, shellsendto.exe.1.dr, ISLLight.dll.1.dr, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, mailopen.exe.1.dr, isllight.exe.1.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: LangAll.tr2.1.dr	String found in binary or memory: http://www.islonline.com
Source: LangAll.tr2.1.dr	String found in binary or memory: http://www.islonline.com/help?%5%
Source: LangAll.tr2.1.dr	String found in binary or memory: http://www.islonline.com/help?p=isl-light&v=3-2&f=html&l=%5%
Source: ISL_Light_Client_4_4_2332_44 49919761.exe, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLLight.dll.1.dr	String found in binary or memory: http://www.islonline.com/r301?
Source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLLight.dll.1.dr	String found in binary or memory: http://www.islonline.com/r301?&topic=SETTINGS_PLUGINS_AVAILABLESETTINGS_PLUGINS_LOADEDplugin

System Summary

Detected potential crypto function

Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02704324	0_3_02704324
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026D4389	0_3_026D4389
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02700384	0_3_02700384
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026F8394	0_3_026F8394
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02710044	0_3_02710044
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270C024	0_3_0270C024
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270A0E4	0_3_0270A0E4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026EE764	0_3_026EE764
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02710764	0_3_02710764
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02706794	0_3_02706794
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026F2434	0_3_026F2434
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270E414	0_3_0270E414
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026FE404	0_3_026FE404
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026D4418	0_3_026D4418
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02706564	0_3_02706564
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02706A74	0_3_02706A74
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02728A28	0_3_02728A28
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0273CB4D	0_3_0273CB4D
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270EB24	0_3_0270EB24
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02710B94	0_3_02710B94
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026FE924	0_3_026FE924
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270C9A4	0_3_0270C9A4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02724F24	0_3_02724F24
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02728C58	0_3_02728C58
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270ED54	0_3_0270ED54
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02706DF4	0_3_02706DF4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270F3A4	0_3_0270F3A4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02707064	0_3_02707064
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270F124	0_3_0270F124
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026ED104	0_3_026ED104
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0272F734	0_3_0272F734
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02717454	0_3_02717454
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0271B544	0_3_0271B544
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_027115C4	0_3_027115C4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026FDAE4	0_3_026FDAE4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026EDAF4	0_3_026EDAF4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026FFBA4	0_3_026FFBA4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_027118F4	0_3_027118F4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026EF9E4	0_3_026EF9E4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270BEB4	0_3_0270BEB4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026F3E84	0_3_026F3E84
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270DFE4	0_3_0270DFE4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02705C34	0_3_02705C34
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270FDB4	0_3_0270FDB4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270FDA4	0_3_0270FDA4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270FD94	0_3_0270FD94
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0273DD9B	0_3_0273DD9B
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026FFD84	0_3_026FFD84
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BCC734	0_3_06BCC734
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06C124F5	0_3_06C124F5
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BB4454	0_3_06BB4454
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BAE5C4	0_3_06BAE5C4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BB8544	0_3_06BB8544
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BAC3A4	0_3_06BAC3A4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA4064	0_3_06BA4064
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BAC124	0_3_06BAC124
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B8A104	0_3_06B8A104
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA8EB4	0_3_06BA8EB4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B90E84	0_3_06B90E84
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BAAFE4	0_3_06BAAFE4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA2C34	0_3_06BA2C34
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BACDB4	0_3_06BACDB4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BACDA4	0_3_06BACDA4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BDAD9B	0_3_06BDAD9B
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BACD94	0_3_06BACD94
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B9CD84	0_3_06B9CD84
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06C12AE0	0_3_06C12AE0
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B8AAF4	0_3_06B8AAF4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B9AAE4	0_3_06B9AAE4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B9CBA4	0_3_06B9CBA4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BAE8F4	0_3_06BAE8F4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B8C9E4	0_3_06B8C9E4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06C0F6DA	0_3_06C0F6DA
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA3794	0_3_06BA3794
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B8B764	0_3_06B8B764
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BAD764	0_3_06BAD764
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B8F434	0_3_06B8F434
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BAB414	0_3_06BAB414
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B71418	0_3_06B71418
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B9B404	0_3_06B9B404
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA3564	0_3_06BA3564
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B95394	0_3_06B95394
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B9D384	0_3_06B9D384
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B71389	0_3_06B71389
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA1324	0_3_06BA1324
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA70E4	0_3_06BA70E4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA9024	0_3_06BA9024
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BAD044	0_3_06BAD044
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BE7161	0_3_06BE7161
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BC1F24	0_3_06BC1F24
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BC5C58	0_3_06BC5C58
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA3DF4	0_3_06BA3DF4
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BABD54	0_3_06BABD54
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BC5A28	0_3_06BC5A28
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0270A254	0_3_0270A254
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026FEB84	0_3_026FEB84
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026EAF44	0_3_026EAF44
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_026F8D24	0_3_026F8D24
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BA7254	0_3_06BA7254
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B87F44	0_3_06B87F44
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06B95D24	0_3_06B95D24
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C47181	1_2_00C47181
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C4718E	1_2_00C4718E
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C4719B	1_2_00C4719B
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C47542	1_2_00C47542
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C46D69	1_2_00C46D69
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C46F7C	1_2_00C46F7C
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CFB24D0	1_2_6CFB24D0
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE2ECB0	1_2_6CE2ECB0
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CDF8480	1_2_6CDF8480
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE31410	1_2_6CE31410
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE0F5D0	1_2_6CE0F5D0
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE30D70	1_2_6CE30D70
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE27530	1_2_6CE27530
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE05D09	1_2_6CE05D09
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE3AE90	1_2_6CE3AE90
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CDF3F4F	1_2_6CDF3F4F
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE0B750	1_2_6CE0B750
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE11730	1_2_6CE11730
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE0B078	1_2_6CE0B078
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CDE71FB	1_2_6CDE71FB
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE3A960	1_2_6CE3A960
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE26170	1_2_6CE26170
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE2FAB0	1_2_6CE2FAB0
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CDE728A	1_2_6CDE728A
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE05BE9	1_2_6CE05BE9
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE3AB90	1_2_6CE3AB90
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE03396	1_2_6CE03396

Found potential string decryption / allocating functions

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: String function: 6CE57575 appears 70 times
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: String function: 6CE575A8 appears 147 times
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: String function: 06BDA6F2 appears 44 times
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: String function: 0273D6BB appears 187 times
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: String function: 06BDA6BB appears 307 times
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: String function: 06BC1764 appears 36 times
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: String function: 0273D687 appears 157 times
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: String function: 02724764 appears 40 times
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: String function: 06BDA687 appears 217 times

Sample file is different than original file name gathered from version info

Source: $RMH4FA8.exe	Binary or memory string: OriginalFilename vs $RMH4FA8.exe
Source: $RMH4FA8.exe, 00000000.00000002.1701762634.0000000003125000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameISLLightClient.exeB vs $RMH4FA8.exe
Source: $RMH4FA8.exe, 00000000.00000002.1701219106.000000000047D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelaunch.rc. vs $RMH4FA8.exe
Source: $RMH4FA8.exe, 00000000.00000000.1653124428.000000000047D000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenamelaunch.rc. vs $RMH4FA8.exe
Source: $RMH4FA8.exe	Binary or memory string: OriginalFilenamelaunch.rc. vs $RMH4FA8.exe

Uses 32bit PE files

Source: $RMH4FA8.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: shellsendto.exe.1.dr

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: classification engine

Classification label: sus39.troj.evad.winEXE@3/83@3/3

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CEF4778 __EH_prolog3,GlobalAlloc,CreateStreamOnHGlobal,CoCreateInstance,GlobalFree,

1_2_6CEF4778

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CE5B0C9 DllStartService,

1_2_6CE5B0C9

Source: C:\Users\user\Desktop\$RMH4FA8.exe

File created: C:\Users\user\AppData\Local\ISL Online Cache

Jump to behavior

Source: $RMH4FA8.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\$RMH4FA8.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: $RMH4FA8.exe	String found in binary or memory: --boot-address
Source: $RMH4FA8.exe	String found in binary or memory: georeconnect/check-address is disabled
Source: $RMH4FA8.exe	String found in binary or memory: georeconnect/check-address is enabled
Source: $RMH4FA8.exe	String found in binary or memory: ISL-Network-Start/4.4.2332.7 (Win; x86)
Source: $RMH4FA8.exe	String found in binary or memory: Check-Address: 1
Source: $RMH4FA8.exe	String found in binary or memory: Service-Address:
Source: $RMH4FA8.exe	String found in binary or memory: Udp-Service-Address
Source: $RMH4FA8.exe	String found in binary or memory: service-address: %1%:%2% service-here:%3%
Source: $RMH4FA8.exe	String found in binary or memory: Service-Address
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: --add-title
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: --proxy-address-hint
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: --proxy-address
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: faking force-stop message
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: Service-Address
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: service-address: %1%:%2% service-here:%3%
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: Udp-Service-Address
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: georeconnect/check-address is enabled
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: Service-Address:
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: georeconnect/check-address is disabled
Source: ISL_Light_Client_4_4_2332_44 49919761.exe	String found in binary or memory: Check-Address: 1

Source: unknown	Process created: C:\Users\user\Desktop\$RMH4FA8.exe "C:\Users\user\Desktop\$RMH4FA8.exe"
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Process created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe ISL_Light_Client_4_4_2332_44_49919761.exe
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Process created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe ISL_Light_Client_4_4_2332_44_49919761.exe	Jump to behavior

Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: dbgcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32

Jump to behavior

Found graphical window changes (likely an installer)

Source: Window Recorder

Window detected: More than 3 window changes detected

Found window with many clickable UI elements (buttons, textforms, scrollbars etc)

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Window detected: Number of UI elements: 12
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Window detected: Number of UI elements: 15

PE / OLE file has a valid certificate

Source: $RMH4FA8.exe

Static PE information: certificate valid

Contains modern PE file flags such as dynamic base (ASLR) or NX

Source: $RMH4FA8.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

PE file contains a debug data directory

Source: $RMH4FA8.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Binary contains paths to debug symbols

Source:	Binary string: E:\Builds\CL-ID3197-BILFA\b.ProgramISLLight3_win32.0\Release\shellsendto.pdb source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, shellsendto.exe.1.dr
Source:	Binary string: E:\build-dir\CL-NS111-BW32\b.ProgramISLNetworkStart_win32.0\Release\launch_normal.pdb source: $RMH4FA8.exe
Source:	Binary string: E:\BuildCache\libdatachannel-0.19.3-10-f9667200\libdatachannel-0.19.3\build\RelWithDebInfo\datachannel.pdb source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, datachannel.dll.1.dr
Source:	Binary string: E:\Builds\CL-ID3197-BILFA\b.ProgramISLLight3_win32.0\Release\ISLLightClient.pdb source: ISL_Light_Client_4_4_2332_44 49919761.exe, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLLight.dll.1.dr
Source:	Binary string: E:\Builds\CL-ID3197-BILFA\b.ProgramISLLight3_win32.0\Release\launch_normal.pdb source: $RMH4FA8.exe, 00000000.00000002.1701762634.0000000003109000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000000.1700818276.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr, source_pkg.dat.1.dr, isllight.exe.1.dr
Source:	Binary string: E:\Builds\CL-ID3197-BILFA\b.ProgramISLLight3_win32.0\Release\mailopen.pdb source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, mailopen.exe.1.dr
Source:	Binary string: E:\build-dir\CL-NS111-BW32\b.ProgramISLNetworkStart_win32.0\Release\ISLNetworkStart.pdb source: $RMH4FA8.exe, 00000000.00000002.1703433838.000000006D002000.00000002.00000001.01000000.00000004.sdmp, $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_00C4489A LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,

1_2_00C4489A

PE file contains an invalid checksum

Source: isllight.exe.1.dr	Static PE information: real checksum: 0x1f07af should be: 0x1ec393
Source: ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr	Static PE information: real checksum: 0x1f07af should be: 0x1ec393
Source: $RMH4FA8.exe	Static PE information: real checksum: 0x9a249 should be: 0x976de
Source: source_pkg.dat.1.dr	Static PE information: real checksum: 0x1f07af should be: 0x1ec393

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_027247AA push ecx; ret	0_3_027247BD
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_0273D650 push ecx; ret	0_3_0273D663
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BDA650 push ecx; ret	0_3_06BDA663
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BC17AA push ecx; ret	0_3_06BC17BD
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C420FD pushad ; ret	1_2_00C420FE
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CD58D44 push cs; iretd	1_2_6CD58E1A
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE57543 push ecx; ret	1_2_6CE57556
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CD58E46 push cs; iretd	1_2_6CD58E1A
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CD58FF6 push ebx; ret	1_2_6CD58FF7
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CD5276D push esi; ret	1_2_6CD52776
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CD56719 push esp; iretd	1_2_6CD5671A
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CD58905 pushad ; ret	1_2_6CD58906
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CFB2220 push eax; ret	1_2_6CFB223E

Source: $RMH4FA8.exe	Static PE information: section name: .text entropy: 6.892876635151667
Source: ISL_Light_Client_4_4_2332_44 49919761.exe.0.dr	Static PE information: section name: .text entropy: 6.872760099374544
Source: isllight.exe.1.dr	Static PE information: section name: .text entropy: 6.872760099374544
Source: source_pkg.dat.1.dr	Static PE information: section name: .text entropy: 6.872760099374544

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RMH4FA8.exe	File created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\source_pkg.dat	Jump to dropped file
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\datachannel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RMH4FA8.exe	File created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File created: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe	Jump to dropped file

Boot Survival

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CE5B0C9 DllStartService,

1_2_6CE5B0C9

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 7615 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 7615 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 7615 -> 49733

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CF73521 LoadLibraryA,GetProcAddress,GetCurrentProcess,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,GetProcAddress,FreeLibrary,LoadLibraryA,GetProcAddress,

1_2_6CF73521

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Process information set: NOALIGNMENTFAULTEXCEPT \| NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Found stalling execution ending in API Sleep call

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Stalling execution: Execution stalls by calling Sleep

graph_1-35554

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\$RMH4FA8.exe

Code function: 0_3_026FD9B4 rdtsc

0_3_026FD9B4

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\datachannel.dll	Jump to dropped file
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe	Jump to dropped file

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\$RMH4FA8.exe TID: 7592	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe TID: 7708	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_00C44157 FindFirstFileW,FindFirstFileA,

1_2_00C44157

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CF41481 __EH_prolog3_GS,CreateFileA,SetFilePointer,GetCurrentThreadId,GetCurrentProcessId,GetModuleFileNameA,GetSystemTime,GetSystemInfo,GetVersionExA,LoadLibraryA,GetProcAddress,GlobalMemoryStatus,CloseHandle,

1_2_6CF41481

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData\Local\ISL Online Cache	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData	Jump to behavior
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	File opened: C:\Users\user\AppData\Local	Jump to behavior

Source: $RMH4FA8.exe, 00000000.00000002.1701475097.0000000000BAF000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1827855145.0000000000E70000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\$RMH4FA8.exe

Code function: 0_3_026FD9B4 rdtsc

0_3_026FD9B4

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CDF4C26 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_6CDF4C26

Contains functionality to dynamically determine API calls

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_00C4489A LoadLibraryA,GetProcAddress,GetProcAddress,FreeLibrary,

1_2_00C4489A

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_02731859 mov eax, dword ptr fs:[00000030h]	0_3_02731859
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BCE859 mov eax, dword ptr fs:[00000030h]	0_3_06BCE859
Source: C:\Users\user\Desktop\$RMH4FA8.exe	Code function: 0_3_06BFFDBB mov eax, dword ptr fs:[00000030h]	0_3_06BFFDBB
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C43BC2 mov eax, dword ptr fs:[00000030h]	1_2_00C43BC2
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_00C43BDB mov eax, dword ptr fs:[00000030h]	1_2_00C43BDB
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE012A4 mov eax, dword ptr fs:[00000030h]	1_2_6CE012A4
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CDFBD93 mov eax, dword ptr fs:[00000030h]	1_2_6CDFBD93
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CE012E8 mov eax, dword ptr fs:[00000030h]	1_2_6CE012E8

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_00C466C1 GetProcessHeap,RtlAllocateHeap,

1_2_00C466C1

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CDF4C26 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CDF4C26
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CF22EA2 VirtualAlloc,SetUnhandledExceptionFilter,	1_2_6CF22EA2
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CDEF87B SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_6CDEF87B
Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	Code function: 1_2_6CDF026C IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	1_2_6CDF026C

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CEF44F1 CoInitialize,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,CreateMailslotW,ReadFile,ReadFile,CloseHandle,CoUninitialize,

1_2_6CEF44F1

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_00C461D2 AllocateAndInitializeSid,

1_2_00C461D2

Source: ISL_Light_Client_4_4_2332_44 49919761.exe, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: DllGetVersionshell32.dllShell32.dllShell_TrayWndTrayNotifyWndShell_NotifyIconWShell_NotifyIconATRAY_OPEN_ALLTRAY_OPEN_ITEM$
Source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp	Binary or memory string: lDllGetVersionshell32.dllShell32.dllShell_TrayWndTrayNotifyWndShell_NotifyIconWShell_NotifyIconATRAY_OPEN_ALLTRAY_OPEN_ITEM$

Language, Device and Operating System Detection

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\$RMH4FA8.exe

Code function: 0_3_027247BF cpuid

0_3_027247BF

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CF4B53A __EH_prolog3_catch_GS,RegOpenKeyExA,RegQueryValueExA,GetSystemTimeAsFileTime,RegCloseKey,

1_2_6CF4B53A

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_00C44F4F GetVersion,RegOpenKeyExA,RegQueryValueExW,RegQueryValueExW,RegCloseKey,RegCloseKey,

1_2_00C44F4F

Source: C:\Users\user\Desktop\$RMH4FA8.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

OS version to string mapping found (often used in BOTs)

Source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1827855145.0000000000E70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2018_11_16_isllight_5185_win_xp_issc_optimize_init_dev_mode_struct
Source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1827855145.0000000000E70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2018_11_16_isllight_5185_win_xp_issc_optimize_change_hw_acc_type
Source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1827855145.0000000000E70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2018_11_16_isllight_5185_win_xp_issc_optimize_init_dev_mode_struct(
Source: ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1827855145.0000000000E70000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2018_11_16_isllight_5185_win_xp_issc_optimize_use_hw_acc
Source: $RMH4FA8.exe, 00000000.00000002.1701625088.0000000002DC0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2018_11_16_isllight_5185_win_xp_issc_optimize_change_hw_acc_typesettingsY
Source: $RMH4FA8.exe, 00000000.00000002.1701625088.0000000002DC0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2018_11_16_isllight_5185_win_xp_issc_optimize_change_hw_acc_type
Source: $RMH4FA8.exe, 00000000.00000002.1701625088.0000000002DC0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 2018_11_16_isllight_5185_win_xp_issc_optimize_init_dev_mode_structX

Remote Access Functionality

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Source: C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Code function: 1_2_6CF1247B __EH_prolog3_GS,ioctlsocket,WSAGetLastError,__EH_prolog3_catch_GS,bind,listen,WSAGetLastError,__EH_prolog3,

1_2_6CF1247B

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 Windows Service	1 Windows Service	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Service Execution	1 DLL Side-Loading	2 Process Injection	1 Virtualization/Sandbox Evasion	LSASS Memory	31 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	11 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Native API	1 DLL Search Order Hijacking	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Search Order Hijacking	2 Process Injection	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	1 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	3 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	25 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Software Packing	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Search Order Hijacking	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
$RMH4FA8.exe	1%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\datachannel.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\datachannel.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe	1%	Virustotal	Browse
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe	0%	Virustotal	Browse
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe	0%	Virustotal	Browse
C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\source_pkg.dat	1%	Virustotal	Browse
C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll	0%	Virustotal	Browse
C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe	1%	Virustotal	Browse

Source	Detection	Scanner	Link
http://www.islonline.com/r301?	0%	Virustotal	Browse
http://www.apache.org/licenses/LICENSE-2.0).P	0%	Virustotal	Browse
http://www.islonline.com	0%	Virustotal	Browse
http://www.islonline.com/r301?&topic=SETTINGS_PLUGINS_AVAILABLESETTINGS_PLUGINS_LOADEDplugin	0%	Virustotal	Browse
http://www.apache.org/licenses/LICENSE-2.0).	0%	Virustotal	Browse
http://www.apache.org/licenses/LICENSE-2.0).invalid	0%	Virustotal	Browse
http://www.islonline.com/help?p=isl-light&v=3-2&f=html&l=%5%	0%	Virustotal	Browse
http://www.islonline.com/help?%5%	0%	Virustotal	Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
isllight-myipaicohlcbrbhl.islonline.net	139.144.234.209	true	false	unknown
networkstart-ivfqcxy.islonline.net	195.201.59.111	true	false	unknown
networkstart-myipaicohlcbpwnb.islonline.net	170.187.160.42	true	false	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.apache.org/licenses/LICENSE-2.0).P	$RMH4FA8.exe, 00000000.00000002.1701625088.0000000002DC0000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse	unknown
http://www.islonline.com	LangAll.tr2.1.dr	false	0%, Virustotal, Browse	unknown
http://www.islonline.com/help?%5%	LangAll.tr2.1.dr	false	0%, Virustotal, Browse	unknown
http://www.islonline.com/r301?	ISL_Light_Client_4_4_2332_44 49919761.exe, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLLight.dll.1.dr	false	0%, Virustotal, Browse	unknown
http://www.apache.org/licenses/LICENSE-2.0).	ISLLight.dll.1.dr	false	0%, Virustotal, Browse	unknown
http://www.islonline.com/r301?&topic=SETTINGS_PLUGINS_AVAILABLESETTINGS_PLUGINS_LOADEDplugin	ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1703667351.0000000006F0E000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704234343.0000000007119000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1710830908.0000000007520000.00000004.00000020.00020000.00000000.sdmp, ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000003.1704632615.0000000002EF7000.00000004.00000020.00020000.00000000.sdmp, ISLLight.dll.1.dr	false	0%, Virustotal, Browse	unknown
http://www.apache.org/licenses/LICENSE-2.0).6L	ISL_Light_Client_4_4_2332_44 49919761.exe, 00000001.00000002.1829930988.000000000330F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.apache.org/licenses/LICENSE-2.0).invalid	$RMH4FA8.exe, 00000000.00000002.1703433838.000000006D002000.00000002.00000001.01000000.00000004.sdmp, $RMH4FA8.exe, 00000000.00000003.1657645536.0000000002B4D000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, $RMH4FA8.exe, 00000000.00000003.1661584031.0000000006C7B000.00000004.00000020.00020000.00000000.sdmp, ISLNetworkStart.dll.0.dr	false	0%, Virustotal, Browse	unknown
http://www.islonline.com/help?p=isl-light&v=3-2&f=html&l=%5%	LangAll.tr2.1.dr	false	0%, Virustotal, Browse	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
170.187.160.42	networkstart-myipaicohlcbpwnb.islonline.net	United States	7018	ATT-INTERNET4US	false
139.144.234.209	isllight-myipaicohlcbrbhl.islonline.net	United States	8968	BT-ITALIAIT	false
195.201.59.111	networkstart-ivfqcxy.islonline.net	Germany	24940	HETZNER-ASDE	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523114
Start date and time:	2024-10-01 05:37:54 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 1s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	$RMH4FA8.exe
Detection:	SUS
Classification:	sus39.troj.evad.winEXE@3/83@3/3
EGA Information:	Successful, ratio: 50%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target $RMH4FA8.exe, PID 7564 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
23:38:44	API Interceptor	1x Sleep call for process: $RMH4FA8.exe modified
23:38:49	API Interceptor	1x Sleep call for process: ISL_Light_Client_4_4_2332_44 49919761.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
170.187.160.42	SummarISL.exe	Get hash	malicious	Unknown	Browse
139.144.234.209	SummarISL.exe	Get hash	malicious	Unknown	Browse
195.201.59.111	isl_pronto.exe	Get hash	malicious	Unknown	Browse
195.201.59.111	isl_pronto.exe	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ATT-INTERNET4US	https://booking.com-partners.one/confirm/login/qAlElVVF	Get hash	malicious	Unknown	Browse	13.32.27.89
	https://wtm.ventes-privees-du-jour.com/r/eNplj92OmzAQRp+GvQwYbGNfRBVNwgblh61I0jQ3kTEmOAXsgoFNnr6utFppVcnSSOd845mZXApCiJCbs5xhHwkaMq/EwEMCc1wCRjGl3MOeC0iAXArdEmJaepgUhBKOwoJCQIUgBJU+CwoB3NCFrnK/DfPKGN07QeT4sX3TNM0q1TRCd3IUM64aC2Xb805qI1XrBLENL33iewR4nu/4eDDNtVdDx4UVk6htjxh1cf9QjSjk0FjFdf2BOGs0k7f2v7xomKwt7VQuOuNAz4hatMLMcmEtH3pjs921lF1vWtb8Gxi1rfwia/bpfibb7WqXWVvr66gtcfzgmiyvtrwUfJ4+1qCs1GnU/YrCyR4TK60aFU3idQ8ntNjW9+hZoTo/m7dl4PjfT7UZq27RguCy3hwOoZ/CanOkZnFKm8Oe4SnLJU5uXnywf50j/fb0ft/+8Et0eC2nJEu3krdIqEyy22bEjzBN90n9rLTMyO7Ml8kK3n+dH7dwWhNYgGP6owiHUdD7eRVnLOlHu8Lx/ZJ2uwc/BY8jgXGUDvsXJueAIgDJX8NYskg=	Get hash	malicious	Unknown	Browse	13.32.27.65
	https://www.allegiantair.com/deals//smsgiveaway	Get hash	malicious	Unknown	Browse	13.32.27.30
	https://serrespec.weebly.com/tc2000-stock-charting-software.html	Get hash	malicious	Unknown	Browse	13.32.27.68
	https://vh.gskoffihoura.com/okta.vailhealth.org/oauth2/v1/authorize&client_id=okta-2b1959c8-bcc0-56eb	Get hash	malicious	Unknown	Browse	13.32.27.116
	P030092024LANDWAY.exe	Get hash	malicious	FormBook	Browse	172.191.244.62
	https://en.softonic.com	Get hash	malicious	Unknown	Browse	13.32.27.6
	ITC590-Script 3 V2-P-2024.exe	Get hash	malicious	Unknown	Browse	172.16.89.192
	SecuriteInfo.com.Linux.Siggen.9999.28931.8128.elf	Get hash	malicious	Mirai	Browse	12.156.153.37
	SecuriteInfo.com.Linux.Siggen.9999.30976.5557.elf	Get hash	malicious	Mirai	Browse	12.135.213.79
HETZNER-ASDE	Printable_Copy.js	Get hash	malicious	Unknown	Browse	188.40.187.174
	Printable_Copy.js	Get hash	malicious	Unknown	Browse	188.40.187.174
	Confirmation transfer AGS # 22-0024.exe	Get hash	malicious	GuLoader	Browse	95.217.165.68
	file.exe	Get hash	malicious	Unknown	Browse	95.217.142.125
	https://en.softonic.com	Get hash	malicious	Unknown	Browse	178.63.248.56
	https://sandbox-2.digital68.com/	Get hash	malicious	Unknown	Browse	78.47.205.166
	https://whm.agcofarm.com/	Get hash	malicious	Unknown	Browse	49.12.82.250
	https://webmail.tallermultimarcassfk.com/	Get hash	malicious	Unknown	Browse	94.130.92.83
	file.exe	Get hash	malicious	Clipboard Hijacker, Vidar	Browse	5.75.211.162
	https://quatangff-garena.pw.io.vn/	Get hash	malicious	HTMLPhisher	Browse	135.181.63.70
BT-ITALIAIT	https://nlnline.naexva.com/	Get hash	malicious	HTMLPhisher	Browse	139.177.198.193
	jade.mpsl.elf	Get hash	malicious	Mirai	Browse	157.29.93.237
	O9M84hUenb.elf	Get hash	malicious	Mirai, Okiru	Browse	157.28.114.62
	ACUN4Da4d7.exe	Get hash	malicious	Unknown	Browse	139.144.120.232
	https://www.kisa.link/JUjOQ	Get hash	malicious	Phisher	Browse	139.177.207.244
	SecuriteInfo.com.Linux.Siggen.9999.5151.15671.elf	Get hash	malicious	Mirai	Browse	89.118.249.184
	https://u46709706.ct.sendgrid.net/ls/click?upn=u001.DKwEP7VZOQzO0CdL8oA-2F1XfRWjdnnJf8AzT08E2sLXTgMdD9Jn8frnIecLny3eAokPJfihouroN0Bfpu-2Fc6LnrjqjViS2pLM6S7dZHOEwpuLfW-2BIU7dEMYGgaqQi-2B7ZF0pXBlOGA-2BSPzvia0EbhuUQ-3D-3D_2_r_uaJJRFhr-2BcMTvUL7itRYOkOTFwa3yBQ-2Be5ivdH2VumIL8X-2BH-2Fbr48QmarAca3fouHSsMOxgbLM7p2wkFK-2FUQL6-2FE9yCCxVee50mxUV1yVgD0jP9rXVSjBZFhWzNsNI0r917tCy3Siqu3AuAzm4HWroH5uBBAEhWW2PKqu-2B5XjabsjUwJhDJYiuP7NzEfnzrbkWW2CLIJbYvjD7vD7au-2BFw-3D-3D	Get hash	malicious	Phisher	Browse	139.177.207.244
	arm.elf	Get hash	malicious	Mirai, Moobot	Browse	157.28.126.46
	mpsl.elf	Get hash	malicious	Mirai, Moobot	Browse	157.28.126.18
	ppc.elf	Get hash	malicious	Mirai, Moobot	Browse	157.28.174.101

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	ASCII text, with very long lines (3008), with CRLF line terminators
Category:	dropped
Size (bytes):	48075
Entropy (8bit):	5.714593415325684
Encrypted:	false
SSDEEP:	768:U4pMbbQ3S5Z2cawe4LFJM7/rf3iJfJLd+wzGlUt4iBaQ3S5A5bZL5tPlH75/l9lK:ZpkbyGZ2cawe4LFJM7/rf3iJfJLd+wzy
MD5:	F004A3D708BFA01A2CADE300CDE78CCA
SHA1:	4A4326F762CE5A92F3955820D5BC01A66D8289A8
SHA-256:	6627DB595022AF8C5A2CF7901DB81ADB19CA473FC985194D838EFD3A62DDBF76
SHA-512:	7AFCDDD83C1E8A00A9C5BE1D9DAEC526FF87B2165A0AEF71F204D289F7078B1B93413D4A1514BC1837AA6953EC6647855E6DF797DFDC113662FFF05116DDA05A
Malicious:	false
Reputation:	low
Preview:	2024-10-01T03:38:44Z network start: version [4.4.2332.7]..2024-10-01T03:38:44Z flag: [4.4.2234 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2023-04-11 LIB-1344 fix exists_config_storage on win..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2020-09-03 LIB-1134 xml attr apos..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2020-10-15 LIB-1138 send scope_web flag on MUX netstart channel..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2020-12-03 LIB-1145 secure http header encoder..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2020-12-17 LIB-1149 linux glibc in os_version..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2023-03-31 LIB-1345 raise signed format version..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 2 in_script: 0] 2023-06-13 LIB-1363 s

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3251008
Entropy (8bit):	6.741563003029357
Encrypted:	false
SSDEEP:	49152:mT5yWghdMC4eQhMuenZFkKsmMNimoSpedFtJf1E3VvKIGSdKfE0q9SD95RypXHeE:MUl4eQ2pZFomMMPJS39KIGRuSfI1Mj4
MD5:	24754B10246766DDA98E82855E71C6EE
SHA1:	893E291686669A5C82F4EFA9DA5F7BAB1EAE0CE6
SHA-256:	4B58E1B0D4EB121EDA6754D8BDB018B4208B72175D9E2F1D627A575FF8CC50EB
SHA-512:	4CC1AB75D56D1E854F322EE8B0B4EE1D5A814EBF41EA3B318DC825581F8BE6B2F359358CC89FBB38B03EA428E8FA5061CE504714EC8074948EB61503F7940A2D
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	low
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......I.....bT..bT..bTV.aU..bTV.gU..bTk..T..bT_.gU>.bT_.fU..bT_.aU..bTV.fU..bTV.dU..bTV.cU..bT..cTh.bT..aU..bT..fUX.bT..kUN.bT..bU..bT..T..bT...T..bT..`U..bTRich..bT........PE..L..._+.f...........!.........`......X........ ...............................`3.......1...@.............................s.....0.,.....0..!...........r1.@)....1.$G......T...........................8...@.............0..............................text...#........................... ..`.data....r... ......................@....idata..27....0..8..................@..@.rsrc....!....0.."..../.............@..@.reloc..$G....1..H...*/.............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf\ISLConfiguration.ini

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	180
Entropy (8bit):	4.89202222551141
Encrypted:	false
SSDEEP:	3:Xds61LqIcbRhWxRYXqM0smadcbRI6qQEWo6OvcbBKXAiGHDJiL5GHD9Adn:tnLqh1hWXYaMjPe1dNEaQXLGHDKGHD9c
MD5:	ABD73C6E83A567860F81EFE095EE87BB
SHA1:	4E734E5CB2D4AF64225A7B279D7C42773DF3512B
SHA-256:	F23ABA4F5D8F96FA8E89ADB3553872502910F53E2DC9FD95CE65FB427AA8E2D8
SHA-512:	22E1843242AF4E50A2D55585E7892969B7D61D3F8AD1FDA737AB94C0489FCDA0A379ED6EEF95C8C2BADF4F0575D64983E37F68B8811D047EAA7CF847A810FDD6
Malicious:	false
Reputation:	low
Preview:	[ISLLight]..Customization=drag-cat..ProxyHost=isllight-*.islonline.net..ProxyHostAdditional=..SendReport=0..TransportHttptPort=7615..TransportUseHTTP=TRUE..TransportUseHTTPS=TRUE..

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf\cmdline.txt

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	33
Entropy (8bit):	3.8966879684212654
Encrypted:	false
SSDEEP:	3:15xDj7kvUH:/x37eUH
MD5:	09BE5D5F762F94224886D98071A25CA4
SHA1:	333C403E6367846C98FAE029FFFCABC01A8E4F20
SHA-256:	10C7A2A6AEA955641977AE49A70E965D41AE00EF44FD0EE7A2A115B5A6F87FC0
SHA-512:	AFABCB81C7116CF49BFD0A9AD797C92CC4C43ED2D6A39C00455479D71E10D7571AB95850BF52EF3BCD70C0FEB72F618BA93D17359FD7454C82B2416C57533D2F
Malicious:	false
Reputation:	low
Preview:	--auto-close --connect "49919761"

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\ISLStaticConfiguration.ini

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	25
Entropy (8bit):	4.163856189774724
Encrypted:	false
SSDEEP:	3:X3f:f
MD5:	E20A6564CBBACC657742C788A6509AD6
SHA1:	DD233D137E842FF122F7097A0DBBB35C4BF39390
SHA-256:	21A6885960DFB656DD167C714E9AD6A18D29A6B43F96AB588AE91BB77650E3BE
SHA-512:	CB94CE2B91121E6467C35FD9E087178EABE06C1A08D07BDA0B612C2B9E84948CE64E1973BE638C2C99A0DC0A32C4C96F2C4E2007D9805D49FE0B21B2E7291A12
Malicious:	false
Reputation:	low
Preview:	[ISLLight]..Type=client..

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\icon.ico

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	MS Windows icon resource - 10 icons, 16x16, 16 colors, 4 bits/pixel, 16x16, 8 bits/pixel
Category:	dropped
Size (bytes):	49783
Entropy (8bit):	6.816153773383414
Encrypted:	false
SSDEEP:	768:KMX5mNtf4Z/E7mF9cX149xSnrzTRb0aPcN6F:XXoNGW7MS1nXRb/
MD5:	7C8F982CB45B52BF94C6636A5FB0A78D
SHA1:	CCB854A6BD6ECAFD15BF448D5F9B6EA75DD69B29
SHA-256:	8C5C2A1433FFB2B460136600D0FE637A9FCB2979D3340FDAD1BC4BF483BD8340
SHA-512:	DBDE2841294B7B23489BC255B0252903248C371D89B01296DA8B62966422D7A09BB6E1576CE1D5B57187E539E23EA128BACC78B3AA48F526ACE2A108D2D69FEE
Malicious:	false
Reputation:	low
Preview:	..............(...............h............. .h...6... .............. .............. .... .........00......h....'..00..........>...00.... ..%...<........ .._...b..(....... ....................................31.""#...y..................................................""""....'wwr.."""'r"""'wwwwwwr'4DFdDCr'EUQ.UTr'EUQ.UTr'Efa.fTr'E....Tr'E....Tr'EUQ.UTr'EUQ.UTr'EUP.UTr'4DDDDCr'wwwwwwr""""""""................................................................(....... ....................................31.""#.''(...x...y..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\logo.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 311 x 80 x 24, cbSize 74694, bits offset 54
Category:	dropped
Size (bytes):	74934
Entropy (8bit):	4.901158178262799
Encrypted:	false
SSDEEP:	1536:qre999999999999999999999999999999999999999999999999999999999999p:U7oD
MD5:	B84ACE0920EB1DE9485775673FDD0A86
SHA1:	0BB4F45F09F611C0076D08A47FC15333761F4C8D
SHA-256:	42CC71274D7BED799457C8912FF63809A735D769C0EC931658E9B4B34C63A635
SHA-512:	81F1180B4E0F429AA121D503274B589444723AF118A322C1F80CAD1C4689AE7FFF41A7ABC1738DAFA027CFB574F580F7A490A2CC83F32F8EE866C93DFEDAFEAE
Malicious:	false
Preview:	BM.#......6...(...7...P................................V.}Q.~P.vD..L.\|H.\|G.~J.{J.{J.{J.{J.{J.{J.{J.{J.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.uI.zM.vK.tH.oC..N.zG.\|H.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.zN.vL.sI.uL.xN.tH.sE.\|L.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.zI.nK.tP.tP.pI.tI.yI..O.~G.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.yH.xG.zI.yH.{J.yH.zJ..R....vH.o?.q@.q

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\datachannel.dll

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1647944
Entropy (8bit):	6.744169181636678
Encrypted:	false
SSDEEP:	49152:cb7Dulet4AHDjNSxxS3cT04AVuZYtXdzzyJjXZ/5y:cb76lIHDjNSbS3cTRA0ZYtXdzzyvo
MD5:	E977B73F43E5C2225BAAB4926E22F4B6
SHA1:	3696F017F6B5E17A33746B5EF7566CA91C005DEA
SHA-256:	D18E545A2BCED736ED55C17AE7F010383638DB1221C1B19AC0F54A113AEA00B1
SHA-512:	0F1D1D72251043C03CC55E1D6D2C2D9BAD8FCDF96B798CBB69147C17575D8A6495C18678F52C7703D960248F121599B21A91E3BEA1C0BD0BDA2D1927E1D46D1B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>..._.._.._...7.._...7..8_...7.._....._....._......_..9..._...7.._.._../_..9..._..9.._..9(._..9.._..Rich._..................PE..L.....e...........!.........\|............................................................@.........................P...........d.......................H)..........p...p...............................@...............0............................text............................... ..`.rdata..............................@..@.data............r..................@....rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1974240
Entropy (8bit):	7.945925618008356
Encrypted:	false
SSDEEP:	49152:P2bt1j16uZ+N28wL302i37IDPPQxzA8E/+iJadA:+bt1jlE2b/EIDghnaadA
MD5:	D84CB294555A00A98C35FE808177007E
SHA1:	7DC2EC2D7CE9A64C076FF629784D8D493F8C69D2
SHA-256:	D3C2E27197611CFB3A4E7FEEB397E73179B95FDA35FFD2B6968D784916281DEB
SHA-512:	377C75C9FDD685797F81CC714CBB82B298C8F7C1B205C52E6C1FF9FC006E19C98292EAC8634A812DBA838A38CE97B419048E411CA12A23D2520B30159B6FC0EF
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 1%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..7...7...7...l...>...7...T...e...6......>......8......6......6...Rich7...................PE..L....*.f.............................f............@.......................................@.................................l...d.......D...........@...........,....3..T...............................................l............................text.............................. ..`.data...h...........................@....idata..\...........................@..@.rsrc...D...........................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	66352
Entropy (8bit):	6.365522731366028
Encrypted:	false
SSDEEP:	1536:I+fzgnfjhyXwMaXrMs8jcd2qlNyCXly72f2xK:IKz+FygMaXd2yICXlyiT
MD5:	1C58F14E6736CB8E997ADA4E19BE6C29
SHA1:	5C0DEE89FD125D3028F4F1134349490447EEDCAF
SHA-256:	909602B0AD36C8ADDC4A65AD4034F109CC966A67A2CF626753388B295361EFC0
SHA-512:	DE25BB3465554C60BA2A006829D4BC0D86F6E6C750AB2767524F872763527FD3DCA2B23F8CC1D590BDE92287EDF649CA0D721AC902809872BE3DFE424E56F14F
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t.#.0.M.0.M.0.M.b.I.<.M.b.N.<.M.b.H.!.M.k.N.2.M.k.H.B.M.k.I.2.M.k.L.=.M.0.L.J.M..H.2.M....1.M..O.1.M.Rich0.M.................PE..L....*.f.................r...l.......$............@.......................... .......>....@.................................,...........@...............0)..............T...............................@...............x............................text....p.......r.................. ..`.rdata..XI.......J...v..............@..@.data...T...........................@....rsrc...@...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	14648
Entropy (8bit):	6.873593766602275
Encrypted:	false
SSDEEP:	192:kUCq+IYiYF8UAvK2XOqSFRkjFtA5K+o/y2sE9jBF0Ny/aV2s:ka+IYiC8+fb2TAM+o/8E9VF0NyCgs
MD5:	F8B51D40FDF47BCE08D740B4906488B2
SHA1:	F7ABC0FC6EB3A1D47C99E780125B7761AF44DC4E
SHA-256:	8CBA35505BC850872632B57C6F4488AE77479140D6A2D08ECDDC448B8A59CA33
SHA-512:	790C55D91B7D12F7E80314233C179F9B0208E3979814AEB17DD4CE4B77D527A4219D983A4AFD4885241592540A1464F03F710BE4F29DF2E4946E388D45C5116A
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.MG..#...#...#.F."...#..."...#.O. ...#...&...#.......#...!...#.Rich..#.................PE..L....*.f..................................... ....@..........................P......A.....@................................. "..<....0..P...............8)...@......< ..T............................................ .. ............................text............................... ..`.rdata....... ......................@..@.rsrc...P....0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\VNC-blue-ikone.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 330 x 30 x 32, image size 39602, resolution 2834 x 2834 px/m, cbSize 39656, bits offset 54
Category:	dropped
Size (bytes):	39656
Entropy (8bit):	1.3955213525980155
Encrypted:	false
SSDEEP:	96:SuZESLCXU9y1111111111VtzWLdw3Sg3JOeZ1Ha7heElc3xdpGMcWNLWVNGMSP:S2Lvy1111111111VtCcgK3xdpPN/
MD5:	528AFD47EC20DC0C5D5D1DF8D86F879D
SHA1:	3CD76FB0178C76F63E4D621516505E43ED69DE87
SHA-256:	F7B4328673FA7A51D14813C38DC1E44246097AC9E531E4BF89A9ADAD86D46FE0
SHA-512:	A46F664D71A8EE3008B6CD95B10F77FF62876563703608E49C1037C514A933EFF19EA9C38E6E3551FAB0670FE3B028334D8E2C1FF3409B51F3C912B6C17C5FC8
Malicious:	false
Preview:	BM.......6...(...J......... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\background.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 32 x 32 x 24, image size 3072, resolution 2834 x 2834 px/m, cbSize 3126, bits offset 54
Category:	dropped
Size (bytes):	3126
Entropy (8bit):	0.1561239795860306
Encrypted:	false
SSDEEP:	3:Shl/3c/l636t/LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLH:/c69
MD5:	1AA0EE545CD05D5A826519DD14533808
SHA1:	DCD251D1705BBCC1C129AC20D1FC34A1B9D2DB44
SHA-256:	0C200ADE3AFB9921AFC1C2A78F9CA6AEAD4734AEA552D68C76223CD758A17849
SHA-512:	E1F262D4488D57F09A7679160BC80AB2B6332649137931919D3EC46AD6E5D1899C59779E8A081195A44E5D33F336004296CCF21A22242176973053EC7AF8272C
Malicious:	false
Preview:	BM6.......6...(... ... .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-ctrl-dsk-small.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 120 x 29 x 24, image size 10440, resolution 3780 x 3780 px/m, cbSize 10494, bits offset 54
Category:	dropped
Size (bytes):	10494
Entropy (8bit):	2.656104763872606
Encrypted:	false
SSDEEP:	24:pDwkwPywkwPywkwPywkwPywkwPywkwPywkwPywkwPywkwPywkwPywkwPywkwPywV:p+tttttttttttttttttttttR
MD5:	D9F882F18AB543CE36EF7DA62856205C
SHA1:	C7DB47D06CA9E64CB816022578967D3E4463289E
SHA-256:	D319480C8DF548C23CA7747B27987FCB49521F2B69D274DC015F301BBF4408E5
SHA-512:	A789BC5F1DAA1A38C8E7559B6752195975AB6501EB973D143E6EF4324C31752A8A8754B9D599022098401669DA9DE240B2E699AC7222F928C4262A6D26232A9E
Malicious:	false
Preview:	BM.(......6...(...x................(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-dsk-vnc-ex.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 190 x 34 x 24, image size 19448, resolution 2834 x 2834 px/m, cbSize 19502, bits offset 54
Category:	dropped
Size (bytes):	19502
Entropy (8bit):	2.2750184215772613
Encrypted:	false
SSDEEP:	48:UKF/bPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPnbPM:UGzzzzzzzzzzzzzzzzzzzzzzzU
MD5:	8EB52CFC73347B2839EC52619156A610
SHA1:	5CAAE3C9EEC1A54E8355D84044D3765DF160C581
SHA-256:	AD9810CB4680BD69E31DF9671CF1EAE1A67AB6B3549A991DE64CA936B2019498
SHA-512:	1195B755AA28768491E14BB57F762E5BA3E983F45EA9B1A139A792763689A565A26A317EF0161A132809753731D0C2B47363922C5F43134F62B089F83F05AAD2
Malicious:	false
Preview:	BM.L......6...(......."............K....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-dsk-vnc.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 500 x 34 x 24, image size 51000, resolution 2834 x 2834 px/m, cbSize 51054, bits offset 54
Category:	dropped
Size (bytes):	51054
Entropy (8bit):	2.1913829979285397
Encrypted:	false
SSDEEP:	48:wBLELwLELwLELwLELwLELwLELwLELwLELwLELwLELwLELwLELwLELwLELwLELwL3:w9
MD5:	69761A3FA6C6AB65B1D63263B5AAFE55
SHA1:	97750FCD40C0C049C6097D6C687E6291ED2F0692
SHA-256:	0DA664D8C910E511B4AF6D50AA25E53371AFFEE5B1C240F1377EC9C1E8BBF857
SHA-512:	2BA778C048870160CC98F927FBEE944DC16D69BF02F651A079383CDC20059B51B46F1DE330F31FDA88885C4EFE948235E4360F239C039870A3A57AF1E9CA9C16
Malicious:	false
Preview:	BMn.......6...(......."...........8.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-vnc-top.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 96 x 24 x 24, image size 6914, resolution 2834 x 2834 px/m, cbSize 6968, bits offset 54
Category:	dropped
Size (bytes):	6968
Entropy (8bit):	1.9612895270894053
Encrypted:	false
SSDEEP:	48:5jV9V9V9V9V9V9V9V9V9V9V9V9V9V9V9V9V9V9V9V9V9VH:59
MD5:	A22B98004C6EF28981EA5B715CB7D87F
SHA1:	ED339B3128797AFCD29924A07E578EEAAE6CFAA2
SHA-256:	0E621DAEFD8E1AEB124B1CE7B1997053D1A479561ECE9846E5FF927C2E89FFF9
SHA-512:	24D608CF621E56E3AA71B173BDA46DB72680A6B25DA078D8FF02B20BC15B25FDBF03A4E977C4467650D04492903B650F43BBD02E5B9E8BDF724C580F262A5C25
Malicious:	false
Preview:	BM8.......6...(...`.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btns-ft.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 550 x 32 x 24, image size 52866, resolution 2834 x 2834 px/m, cbSize 52920, bits offset 54
Category:	dropped
Size (bytes):	52920
Entropy (8bit):	2.1489090260371495
Encrypted:	false
SSDEEP:	48:lyzvzvzvzvzvzvzvzvzvzvzvzvzvzvzvzvzvzvzvzm:lH
MD5:	6818E6CB1B7B70398B2B36212F87AFCC
SHA1:	0E827978A6D982777DC3AE5817F03FE9D2F0B090
SHA-256:	653EFE993B7FE4345CFF5EE1B9D93E9C1DB240DCD9DF59B67426392B65FC2FA8
SHA-512:	1F75C0E4E14A05AA071760469B2277AC1F1142DB2F13721D04568268ADD5C0A72CE096230640A5D467A2B81104EA7CC00F522713FF4FD30F18F6E6EB2E6F6034
Malicious:	false
Preview:	BM........6...(...&... .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons-chooser.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 750 x 38 x 24, image size 85576, resolution 3780 x 3780 px/m, cbSize 85630, bits offset 54
Category:	dropped
Size (bytes):	85630
Entropy (8bit):	2.2201442578427915
Encrypted:	false
SSDEEP:	24:IXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX6:N
MD5:	E2483C95920E51E27A96C15FEF4642F1
SHA1:	88F38F6AB74E223F0A546AB3308A8399489D0FD0
SHA-256:	8AF7698B20D8EE6FC6279D6B3F03D5072F0186E1BCB6F2B244AF2997DFA696CF
SHA-512:	84163138EA08ED706976228BF2FB82EEF8B79CD87F0ED12A98A8C42E418FA0FF8B45EA964F93329F720A0E6F5F594120B50B723BF625867DC723953C56C81A2B
Malicious:	false
Preview:	BM~N......6...(.......&...........HN.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+..............................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons-connect.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 750 x 38 x 24, image size 85576, resolution 2834 x 2834 px/m, cbSize 85630, bits offset 54
Category:	dropped
Size (bytes):	85630
Entropy (8bit):	3.0254508021813145
Encrypted:	false
SSDEEP:	24:I0EDddDddDddDddDddDddDddDddDddDddDddDddDddDddDddDddDddDddDddDddC:X1
MD5:	A92A3BDF577B513B03929F8649A4C1CC
SHA1:	E4B38B745A8684F6A9EA781A0BE2CC4871FD8A94
SHA-256:	43A85652AE0F7E9E29876BE12D52031B152AC64DB7300BAA564519066E5DFF7E
SHA-512:	EF350FD09BCF01F9C4CB52C7F1910007564F4348CD72C654090D305E4723DE8DB475CDB9FDF159964678D8755246FD1CFC5BDB58062227C20C0CFCD40BD7B8F1
Malicious:	false
Preview:	BM~N......6...(.......&...........HN.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+.+..............................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons-start-frame.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 144 x 36 x 24, image size 15552, resolution 2834 x 2834 px/m, cbSize 15606, bits offset 54
Category:	dropped
Size (bytes):	15606
Entropy (8bit):	5.000531485531976
Encrypted:	false
SSDEEP:	384:xU5zXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX7XXXXXXXXXXXXXXXXXXXXXXXXXXX4:C5zXXXXXXXXXXXXXXXXXXXXXXXXXXXXk
MD5:	7347F884C72EBE1DA1A15C522DC67358
SHA1:	CEE19EEA0DC5ED94FDDE405E6497BBC7F2948B49
SHA-256:	22E09928EBFA64E7E97C0633D704FA70ECB69E7E3D71926A4ECA76E0F12F4BAD
SHA-512:	8956B2601D78974206819C41E35FA2988F3BE7376D22F70DEEA20E6236C99847307F6EA3FFA429C09F2A188E7CDC2F4F1D207EEF58431ABE1768A862FF04788B
Malicious:	false
Preview:	BM.<......6...(.......$............<...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons-start.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 144 x 36 x 32, image size 20736, resolution 2834 x 2834 px/m, cbSize 20790, bits offset 54
Category:	dropped
Size (bytes):	20790
Entropy (8bit):	4.616322768369548
Encrypted:	false
SSDEEP:	192:pSeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeewfnerG:pDnh
MD5:	C4544FCF308C40301E2D577AF8E37454
SHA1:	9FD2F9686261AFF70D2B6259091756CA17B4E84B
SHA-256:	1321E07DFFCF55361B67A05ED07BE8C1349ED455E36023B0DEA720A248FF0E38
SHA-512:	AF5FDE6C0399E3ED53365EB5727502D31FDB350E18AF406AE087CD2F8817BF851837EA2BD3E2D74200998F2BE6F10051C71AA70038EF5C8DC599415CEFBEB90C
Malicious:	false
Preview:	BM6Q......6...(.......$..... ......Q....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\buttons.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 550 x 32 x 24, image size 52866, resolution 2834 x 2834 px/m, cbSize 52920, bits offset 54
Category:	dropped
Size (bytes):	52920
Entropy (8bit):	1.8190090652924158
Encrypted:	false
SSDEEP:	48:l5bzbzbzbzbzbzbzbzbzbzbzbzbzbzb7b7b7b7b7b7b7b7b7b7b7b7b7b7b7bf:lN
MD5:	49CDCAAC9E553A616E38756C6E7D487A
SHA1:	D37886AB55551E949F35ED8D9B2B9BC3D11B6619
SHA-256:	B9E2CEBBFF61C6A279177750F5B307671186C3E6787E980EBAE493869EC6B22A
SHA-512:	E362CB311FB3E4A23E3C93385DE9FB066BA509014124B1E1956359CD8EB602B313ED6F1E0E2CDB91278907468C37DE2D8FA9B620D6E996EA7FFBA61B1C7EBCD7
Malicious:	false
Preview:	BM........6...(...&... .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\client-bk-black.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 55 x 58 x 24, image size 9744, cbSize 9798, bits offset 54
Category:	dropped
Size (bytes):	9798
Entropy (8bit):	0.29326954790775805
Encrypted:	false
SSDEEP:	3:+5l/l2lXlsl9/lHu3N33N33N33N33N33N33N33N33N33N33N33N33N33N33N33NN:+5ml1slfO
MD5:	68B6D9274A15ED796C256E1C123F7D4C
SHA1:	BA3ABF7B2C0D714F1612B2DFDA6A5B0E4EAE5CD4
SHA-256:	4AEFA685893BBF4C246AFD45F37706A4FD51A61A5B03533AAAC20966B2D95A84
SHA-512:	6AEA123A3F3FCA80579C8AB6CAF10F286C613BD96762EB140F08936638F5CA133B90650E001FB5E9CC981E9DDCE2270A7D612510F9ED3681105D561C5819348C
Malicious:	false
Preview:	BMF&......6...(...7...:............&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\client-bk-gray-top.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 63 x 45 x 24, image size 8640, cbSize 8694, bits offset 54
Category:	dropped
Size (bytes):	8694
Entropy (8bit):	5.488665873826241
Encrypted:	false
SSDEEP:	96:XcJwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwE:XrtN
MD5:	A9D86706D6875CB0742FAD5C6A1FEC4A
SHA1:	4C42A2C3E9C25A7C2AE440E7A047A9A47FC95EB3
SHA-256:	371B93F50248BDD719BFAA599CBD95A75CC91EDD5A39CAB534B30FFED6CFAD72
SHA-512:	0714B3C773564C46DB8332088DEDE23B77757770E16FB318829D1B8FB06673F95B9EB987A2605820CA246EC86760E8B87033ADC6BFAA331540386844DDE95FED
Malicious:	false
Preview:	BM.!......6...(...?...-............!..................{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{{.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\client-bk-gray.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 47 x 30 x 24, image size 4320, resolution 2834 x 2834 px/m, cbSize 4374, bits offset 54
Category:	dropped
Size (bytes):	4374
Entropy (8bit):	0.44302591160421156
Encrypted:	false
SSDEEP:	3:ucl/ll0l/ylltu/6t/LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL0:ucul/2m/6W
MD5:	E984B8FD2314E32439C6DFC6DC35594C
SHA1:	E069A96A2E0E95F446F52CA5F5CC4FBE11A6ED2E
SHA-256:	E68AEAD01420E77C79854C194DA18CC64F20B90A21573033169BAB1CA02A1C9C
SHA-512:	02C7B0E2D8B394D9E3BD83A1E8C4950BDA4FC19F09EDE68FFDAAD9EB63E2C4F2D399C6D61E4217D65188250A2A11CB0CCF585BF6FFA6C4CE8B8365CEF919103E
Malicious:	false
Preview:	BM........6...(.../.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\client-edit.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 180 x 24 x 24, image size 12960, resolution 2834 x 2834 px/m, cbSize 13014, bits offset 54
Category:	dropped
Size (bytes):	13014
Entropy (8bit):	0.9504326557892825
Encrypted:	false
SSDEEP:	6:IU0/6I+svvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvu:Zrepvvvvvvvvvvvvvvvvvvvvq
MD5:	3EE9F13E72A0E553E3D8C7B6F9E4644A
SHA1:	D40B5E3B208F29C4729771743C1F3C89B6064354
SHA-256:	FF09DCC1493FF904DC9802E5E27756A17A5FB4EC9861B48959E8F74CDC22A614
SHA-512:	FB7B04A68A24ADB56A4C141531EA187C590A6DD5085D75FC2BF07C1319FFE636288D4F1441646D8E64063E80724E69D24C1B43D1F8CDF9F1B431A575BF8CDE0F
Malicious:	false
Preview:	BM.2......6...(....................2.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\close_info.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 16 x 16 x 32, image size 1026, resolution 2834 x 2834 px/m, cbSize 1080, bits offset 54
Category:	dropped
Size (bytes):	1080
Entropy (8bit):	2.608029882276642
Encrypted:	false
SSDEEP:	12:JnP0HaOQrEixH0iGUimO++5Xc72kiggJCE:JncHa5EiqirixXc/igU/
MD5:	E11680807BDF3EA818437127A6134121
SHA1:	A91C8F17F7AFEE7089D01B066C800DE1C659F42D
SHA-256:	ED6E3E3B5E94325E5C53BA67A9C8B8C22AD03C119114BB24ECE046C1C2A92403
SHA-512:	984FCACB3E98E39DE004D7581E93402D796D0525385F0F6F8C2AD153C3327462DF81A843F11677D0B830CF113A542370F3CE23B6D0A339B3E64B82B4A7D990A4
Malicious:	false
Preview:	BM8.......6...(............. ........................................................................................................................................................................,FFF........................#HHH....,.......................,RRR.YYY.MMM................#PPP.YYY.RRR....,................FFF.YYY.YYY.YYY.MMM........#PPP.YYY.YYY.YYY.HHH.....................MMM.YYY.YYY.YYY.MMM.PPP.YYY.YYY.YYY.PPP....#........................MMM.YYY.YYY.YYY.YYY.YYY.YYY.PPP....#................................MMM.YYY.YYY.YYY.YYY.PPP....#...................................#PPP.YYY.YYY.YYY.YYY.MMM....................................#PPP.YYY.YYY.YYY.YYY.YYY.YYY.MMM............................#PPP.YYY.YYY.YYY.PPP.MMM.YYY.YYY.YYY.MMM.....................HHH.YYY.YYY.YYY.PPP....#....MMM.YYY.YYY.YYY.FFF....................,RRR.YYY.PPP....#............MMM.YYY.RRR....,.......................,HHH....#....................FFF....,..............................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\custom_texts.ini

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	64
Entropy (8bit):	4.489918704467279
Encrypted:	false
SSDEEP:	3:kBHWpFW4w60S6L3kJJLM+IK:mHQYl3kJFqK
MD5:	4A9B2A79F2924F18F7161ED0025297E4
SHA1:	454C9E34BE771BF5F9FDE9045F46A22DC95BA0EB
SHA-256:	A0DFAA925BBA1C5563C59400AACAC92757DC8B7B71CFC3F08F5F5E44FEC89329
SHA-512:	9F1B2F8000C5B83FEA99EFA174FCF66FB46D5805F314252E534F1544B7B47B2BAC4E47072E2FBE72FCF59EC3FB9138B85CEBF2D9A7F4738863AB704A2142EAD5
Malicious:	false
Preview:	[en].#Add custom strings here.#Check syntax in LangAll.ini file.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\dialog_205.xml

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	33959
Entropy (8bit):	4.529178364623804
Encrypted:	false
SSDEEP:	384:4h8aSidQJJ7LaP/W7aJActEZpoY2mGSUpmvUC7m3cLoAVE2FQN:9D6sGSP+N
MD5:	C1D5501E9D9F029320DAEFC17EA0CE7D
SHA1:	8DB3FE80B1CC22B59238C118F58C962BD0D40B7A
SHA-256:	5A9D8B2A0586A5F8E25CBD7472FACEC00F2E6BFE1708E053AA1A5AE7249C83BE
SHA-512:	9C9BE9EE5CD7CBC53F353F3B9A47D6CE157872E6BBA7F0D49446875759CEF8B7CE88E0F175EDCB41B91FBBBB9333BA3B78BF69539F4EDBF5233981DD5A882C01
Malicious:	false
Preview:	<dialog left="0" top="0" width="240" height="285" style="0x80ca02c0" exstyle="0x40000" title="Generic Dialog" fontName="MS Sans Serif" fontSize="8" skin="main" skin_ctl_color="0x01ffffff" >.... <static left="14" top="94" width="200" height="12" style="0x40020000" exstyle="0x0" id="IDC_USERNAME_TEXT"></static>.. <edit left="15" top="106" width="210" height="20" style="0x40810080" exstyle="0x0" id="IDC_USERNAME" skin="cli-border" skin_non_client_border="4,0"/>.. <static left="14" top="131" width="200" height="12" style="0x40020000" exstyle="0x0" id="IDC_PASSWORD_TEXT"></static>.. <edit left="15" top="143" width="210" height="20" style="0x408100A0" exstyle="0x0" id="IDC_PASSWORD" skin="cli-border" skin_non_client_border="4,0"/>.... <static left="14" top="90" width="200" height="13" style="0x40020000" exstyle="0x0" id="IDC_CODE_TEXT"></static>.. <edit left="15" top="103" width="210" height="20" style="0x50810081" exstyle="0x0" id="IDC_CODE" skin="cli-border" skin_non_client_border="4

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\dlgframe.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 85 x 80 x 24, image size 20480, resolution 2834 x 2834 px/m, cbSize 20534, bits offset 54
Category:	dropped
Size (bytes):	20534
Entropy (8bit):	0.34388923621533435
Encrypted:	false
SSDEEP:	96:gj5555555555555555555555555555555555555555555555555555555555555n:gN
MD5:	6E9ADA7EBED099657434EC4975810FB8
SHA1:	CBAFAB4BAE6F1DEBF6AE08547B340D1C5A34DDA2
SHA-256:	D4312E9397CD8AE2F0B1B26D080C1F403BE76FE06CA98B5731A4AB8E0B7DCB72
SHA-512:	3CE50E528813968DF3E224F58E4AA031C9FDA7263EF011B8132A14CDF5AB355DC95EBB0824FFA98012D865B86510DFA8DB146B2804E7EF20445ABAF6CB7C0B44
Malicious:	false
Preview:	BM6P......6...(...U...P............P...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ic-backspace.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 24 x 24 x 32, image size 2304, resolution 3780 x 3780 px/m, cbSize 2358, bits offset 54
Category:	dropped
Size (bytes):	2358
Entropy (8bit):	1.0138962771878544
Encrypted:	false
SSDEEP:	24:JNVz0+oEWSzfSGcIY1smt6tVY1+yYG2WwL7S+o1zx0:HVzclscA4Nf+
MD5:	70EE20D403001596B489E1CA7885A9DA
SHA1:	1964B55F70164B7C6813CFFAF00E77F468AEA148
SHA-256:	A2FABF65990A7FB68C10AC7A7FFA5785E00DC847DC31A917107CD52CDCE53BE0
SHA-512:	F46BC62B26483FB3A5A029B01FFB95EA894C0E637058DEB48305E911D28464AB8D8C9A6602AB91DBC882078E92619CE80DECBF121DAB733D580A61E18010F381
Malicious:	false
Preview:	BM6.......6...(............. ............................................................................................................................................................................................................................................................................................................................................................I...........................................................................................9...........................................................................................,.......................................................................................................................................................................................................................=...................5.......$...........................................................d...........<...........7...........m...........................................%...............................7.../..................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ic-enter.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 24 x 24 x 32, image size 2304, resolution 3780 x 3780 px/m, cbSize 2358, bits offset 54
Category:	dropped
Size (bytes):	2358
Entropy (8bit):	1.1090191697195664
Encrypted:	false
SSDEEP:	6:J5FUlturl+eGGGGGGGGGGGG6rROef1YZo4ionoioeHiohwoAioCo:J5et8ZORHxI/z4
MD5:	3550598F094380A6EA1371BEB651DE47
SHA1:	DA258F0EB448FCB7369B79515AC3C16CFD9C50FF
SHA-256:	8C0E1346BE34380C50A6CC624C4FBFAD1E6DDEA605F83A44DD78E4B49DF69324
SHA-512:	4B1562A9F155AA2CD337E09A31C83CD3AB3D83F99BEE1107FE8C39506700E61603622BF3FB97ABB185AC21C572747F6402480648D8712B35E90D86191AE7F18A
Malicious:	false
Preview:	BM6.......6...(............. ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................1......................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ik-enter.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 24 x 24 x 32, image size 2304, resolution 2835 x 2835 px/m, cbSize 2358, bits offset 54
Category:	dropped
Size (bytes):	2358
Entropy (8bit):	1.2521452279124916
Encrypted:	false
SSDEEP:	3:JZllntl9MlXn//jMaoHuPMaoHoQoQt1hhh1hhh1hhh1hhh1hhh1hhh1hhh1ggpN/:JSxjDE4zX1za67Z7PwR3fwwwPwPwPw
MD5:	9F5D3A83FB041853BC0E42484BECC320
SHA1:	B5981C20300195918816E9A256660224F282010F
SHA-256:	749851E1260C647640B85BA81764F03642511D801F568C5DE360B09E1655CEE0
SHA-512:	3971F65D647E035CB8A35E8812E93EBDB12F57EF45DE868C680A79D408D3800A9BD41B67E09DF524220D58D9F24BBD85E0CB0D6B20F6F39B69B95635E452EDF0
Malicious:	false
Preview:	BM6.......6...(............. ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................8........................................................................................))).222.....................................................................................))).MMM.KKK.................................................................................))).MMM.MMM.MMM.............................................................................***.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM.MMM...

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ik-exit.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	2.5082798037991916
Encrypted:	false
SSDEEP:	24:swblCi4Yt3CVh9ixyKdMMkIukEj1dRXNXXkt24NF49:VCAAWxddMfX4S9
MD5:	82D876E0A0AAE7C4E41E145D623CD153
SHA1:	642648B82E8D406F674073FFF6D1E344E0791627
SHA-256:	DED5B2E609A923E2C284AB310A452822205FC71C8612E12F1484C622B6803AC0
SHA-512:	CFEF5E7BB55694809A188F381B9580F3EB83FF991B343C316356521A6E54801C75395D6AF5BF908BB9C25A5CE3F686BD62187B6DA6254E4F0FB1CE3393EA0ECD
Malicious:	false
Preview:	BM6.......6...(... ... ..... .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................HHHH..................HHHH........................................................................................................tss.IGG.><;.IGG.tss.....................................................................................................~}\|.?==.DBA.FDC.GED.FDC.DBA.?==.~}\|.....................................................................................GGGG~}\|.B@?.FDC.GED.GED.GED.GED.GED.FDC.B@?.~}\|.GGGG..................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ik-play.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 84 x 28 x 32, image size 9410, resolution 2834 x 2834 px/m, cbSize 9464, bits offset 54
Category:	dropped
Size (bytes):	9464
Entropy (8bit):	0.26521379937527745
Encrypted:	false
SSDEEP:	6:blK6HX3nnHnXHXnHX3nnHXHXnHXXHnXH3nH:BHHX3nnHnXHXn33nn3HXn3XHnXH3nH
MD5:	829091EAC0A37FC786C0191F3DBAA944
SHA1:	DCB564DCAA6EC2459BF18C1E2ED2887A10AB8E33
SHA-256:	B67B09AEFC33AA8A99A7F124114361747320BCF3729630B5F4006640CA21FADF
SHA-512:	CD51C4D057BD1D147E9E8721767A094761114C328765932CC0FE355DF320C84945A338902B8DA53BC3E584ABD764C91E9BCB25D2A12CADE759BD536FB2284927
Malicious:	false
Preview:	BM.$......6...(...T......... ......$....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\ik-settings.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	2.1085152145029395
Encrypted:	false
SSDEEP:	24:ThIy4B9les1RxPt/FGc8nBMFLuGEuy91QorP:Sya9Vl/FGpnBMwTP
MD5:	50598AC26EDFBDD76513B07C19F047D0
SHA1:	FAD0D8F5D0C4AA52598320A413D3FA97C744C940
SHA-256:	32FA2A92A688A867783F68899724874AAFC1C9CE40E89F2E43C371199D32D69D
SHA-512:	C3C842F6B63061256C6B28560644B157A4C9328B3324E320FAD379E390C89BBF76DE6B1162D13DA714AF75BDB4E83FF5930F8A9DFD6B8A26CD9DC0F1E3BD2257
Malicious:	false
Preview:	BM6.......6...(... ... ..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\incurves.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 81 x 72 x 24, image size 17570, resolution 2834 x 2834 px/m, cbSize 17624, bits offset 54
Category:	dropped
Size (bytes):	17624
Entropy (8bit):	0.8744404462802957
Encrypted:	false
SSDEEP:	12:5EXjYCYCYCYCYCYCYCACACACACACACACACACACACACACACACACACACACACACACAK:5ml
MD5:	C7E6E482CBCB9CA2F8E9417ACB70AF44
SHA1:	FE7DAB077A3F1EB845261E7863C40F2DC4349B91
SHA-256:	ACC8F2D68541396327D07D038BDA3AB42F89D5FCD4081BFDF64D7051A02B7A04
SHA-512:	94FC8441B2B52971E782D20709D2617FB0911AF1697EFBB0312F8CC36D1F62B4D96EA85341E4D03B9AA13AAB6B9DAA4A29C617521D7ED32B25B1666E1738835D
Malicious:	false
Preview:	BM.D......6...(...Q...H............D....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\mail.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	4.905654184534826
Encrypted:	false
SSDEEP:	48:irNq4ESNnxkPaLtThylTcVmE+kF4CkMXu9I/mEXk6axZUqOiUqSsW+TEHXM:iJqzgxkPI0TcV9+kqCkYuc9Xk7Ujt
MD5:	02002ED9C73191F2FA17554A026752AB
SHA1:	9C3F3CBD6F298F69ABEC357F88688214CF5B7218
SHA-256:	72D93E39C8BB6FAF6ABD541991182DF85BFD370D205E5B9FF3CA47ADF4F3BCB8
SHA-512:	9BF557EED8FF172FADA7FF827115872BAA1E496ABD1BE808A9B1BF5B43342DD38779B149707EDD0717E8DEB054C7D9DE1A557A67236555FE62B320DCC9BAE6FA
Malicious:	false
Preview:	BM6.......6...(... ... ..... .........................................................@,,k.ss.hFF....\...9...'.........................................................................................................hh....zz..pp.R77....O...5...#............................................................................................+..J.yy.............oo..ff.=((....@...1........................................................................................wUU..........................mm..VV.(..v...>...................................................................................*.....................................jj.xNN....]...:...(....................................................................dHH.........................................ww..gg.Y88....P...7...%.............................................................}}................................................mm..]].N11....B...3... ................................................D33k..........................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\outcurves.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 95 x 83 x 24, image size 23904, resolution 2834 x 2834 px/m, cbSize 23958, bits offset 54
Category:	dropped
Size (bytes):	23958
Entropy (8bit):	1.3639219507470428
Encrypted:	false
SSDEEP:	96:Vnxp3p3p3p3p3p3p3p3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3G3F:xL
MD5:	2223902A0ADA082E823D0C08648873C4
SHA1:	72E2FFDA500C07F1C7C979B068EFCDC315F12DF1
SHA-256:	05DF9468B73246550E87692156BEE59A31FFFE92B4B18FCF6F3E6D12B8C8F065
SHA-512:	8C5313ECDDE4F6CCFDF131177DDD9D4791BAE46B69B96ED21675E87995471454E6E1FDE686D14D64C0F7821C0A0171DB02C19115BF606877771DC8D3352E0775
Malicious:	false
Preview:	BM.]......6...(..._...S...........`]..................$.........................................................................................................................................................................................................................................................................................$.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\pin.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 40 x 20 x 32, image size 3200, resolution 2835 x 2835 px/m, cbSize 3254, bits offset 54
Category:	dropped
Size (bytes):	3254
Entropy (8bit):	2.1879658885592783
Encrypted:	false
SSDEEP:	24:1i5EPePfmbVdlaw7Uo6qh5vVL9VBlCb8ZJxtU:1i50efADa86qPD7DtU
MD5:	B9DF2712D83F9257BAC49BCBAE2EF99E
SHA1:	1E8216AE2D6C4635B5A729D8C1F09C5C6B501045
SHA-256:	CAC02E8926A1F93FFC22D413E5C87E0BB7F92301F0ABF691287FCF43448651A5
SHA-512:	75C9E715B8475096F513F6E3978C5D893E270F62019338F12D23C855DCFFB5AE8FB635FEFED419B96EF6DEE9AE9992BB5C1309C2C9B61F0FAA41730DDEF7477C
Malicious:	false
Preview:	BM........6...(...(......... .........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................:99dxxw~....................................!!!!................................:99dxxw~...........................................................................'KII....................................ppp....................................'KII..........................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\skin_data.txt

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	10608
Entropy (8bit):	5.302208537737955
Encrypted:	false
SSDEEP:	192:4kgG9uL8v/4n12UxpypsMp3LGiMXa9i+TlSve7I4kQxV:4dBCQ12UxpypsM91kfvTQxV
MD5:	19511D9DBBDF8C08193B6D8537FE2C6B
SHA1:	8B47A2ACC3A9B621CBBDD05F7BC0492C597197FB
SHA-256:	2419442769F983A1EC25CCE6104AD6DF6F036ABBB873D2B144B3F12392B99547
SHA-512:	BFDA445F8766D2A86429B103E830B9ED825949A34E95E852D385662AA9256FEC62EDE4A764E432060926712D0D1EF6A2DAA72A092C0C829EEDBF2CC05209EA7E
Malicious:	false
Preview:	SkinVersion 2..ButtonPrefixEnabled <font color="333333" size="130">..ButtonPrefixDisabled <font color="004444">..DialogSkinTitle false..TranslationSubstitutes %3Cfont%20color%3DFFFFFF%3E=%3Cfont%20color%3D%22333333%22%3E..TranslationSubstitutes %3Cfont%20color%3Dffffff%3E=%3Cfont%20color%3D%22333333%22%3E..TranslationSubstitutes %3Cfont%20color%3D%22ffffff%22%3E=%3Cfont%20color%3D%22333333%22%3E..TranslationSubstitutes %3Cfont%20color%3D%22FFFFFF%22%3E=%3Cfont%20color%3D%22333333%22%3E....TranslationSubstitutes %3Cfont%20color%3D00FF00%3E=%3Cfont%20color%3D%2279bf1d%22%3E..TranslationSubstitutes %3Cfont%20color%3DFF0000%3E=%3Cfont%20color%3D%22cc3333%22%3E..TranslationSubstitutes %3Cfont%20color%3D%2200FF00%22%3E=%3Cfont%20color%3D%2279bf1d%22%3E..TranslationSubstitutes %3Cfont%20color%3D%22FF0000%22%3E=%3Cfont%20color%3D%22cc3333%22%3E....DefaultTextColor 333333....//green 79bf1d..//red cc3333....// load textures..texture white white.bmp Width,Height 0,0..texture logo white.bmp Width,

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\slider_btns.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 90 x 18 x 24, image size 4898, resolution 2834 x 2834 px/m, cbSize 4952, bits offset 54
Category:	dropped
Size (bytes):	4952
Entropy (8bit):	1.6177698778067837
Encrypted:	false
SSDEEP:	12:gnmndddddb2abmK4CBBVixovbtqvbt78iJBBbrUaRwDhtuRB:gm/bmK9BBViOvpqvp4iJBBMaRwlYL
MD5:	590EE39AE7CDE74215609D59060E7CE5
SHA1:	AC833A6290767E72810C5A0C0A5C2844604A47E1
SHA-256:	8E1DE6E1B04512894B46B82913A26F125176D90D1BECD7B010D760C91D1688E7
SHA-512:	95FE5CE3B1618B296E2A252CF93128503A44C48E219484791EAB0DBAD95C6767E4E7CCF813AB55C30CD557EE525645C436C4C90CD64D567FC3BCF4F97354081A
Malicious:	false
Preview:	BMX.......6...(...Z...............".....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\slider_inner.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 36 x 26 x 24, image size 2810, resolution 2834 x 2834 px/m, cbSize 2864, bits offset 54
Category:	dropped
Size (bytes):	2864
Entropy (8bit):	1.1562351746410495
Encrypted:	false
SSDEEP:	6:Io63UYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYUYX:IxEppppppppppppppppppppppppY
MD5:	685CC374CA8511C6222720ADCF1E4700
SHA1:	A759C1DB084A7F015178B8828B6A523BA0351EEC
SHA-256:	3052FC2A20CD12C41C137D104546A1F961CFC4B1D3D683AFD24DAA8508FA0C6F
SHA-512:	9A34CFA38F26DD395386A5E8848EC6A420C0475B82586BEB184198645F7638BDFAC3C8A65271AA5D78ACCB4DA174F6503BC53DE45CC9139AD2338D63F6D08D61
Malicious:	false
Preview:	BM0.......6...(...$............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\thumb-audio.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 13 x 12 x 24, image size 482, resolution 3779 x 3779 px/m, cbSize 536, bits offset 54
Category:	dropped
Size (bytes):	536
Entropy (8bit):	4.48010124230735
Encrypted:	false
SSDEEP:	12:gKzcQW9z4P8aVbR3jYWRvVjW8EIPLM/hRPTfF:gus9WR3kWNVi8EIPLMjTt
MD5:	8317C506A41EDD9E23C11D0D99794565
SHA1:	CAEC207708FF0B117A09172277F5D158D75A3936
SHA-256:	5B502277C63D14303CCEB772F9E37E14E1638325CAC25CDDFF33C29465E19550
SHA-512:	FC7443BD61C7DEE1AF0BA9C6CA207C0AC7AB09C80CD8FF41058CB19AF222491103744AC5916B521D14CF983C3E5605EC6BA5A52C04B6C8394EBCCB0A246A4DEB
Malicious:	false
Preview:	BM........6...(...................................................xvu.........xvu............................`_^# `_^...............................`]]EBB`]]............................ZYY.........ZYY......................DBA.....lji......CBA................HFF......A>=NKJA=<......GEE.............ihh...zwwURQ^[ZVSRwut...jii...................ljiURQ]ZYVSRjgg.........................dbaVRQ^[ZVRQecb.........................YXXPMLZWUPMLYXX.........................{zy?=<HFE?=<{zy............................\|{{SPP\|{{..................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\thumb-desktop.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 12 x 11 x 24, image size 398, resolution 2834 x 2834 px/m, cbSize 452, bits offset 54
Category:	dropped
Size (bytes):	452
Entropy (8bit):	4.59493404689497
Encrypted:	false
SSDEEP:	6:K0F6BHaYrw9xs9bujqTtNhszc8ic5Ls/MRW02a0cEUOENvl:K0cAL9G9b8StNhsQ8ihuEUZ3
MD5:	8E5F8BB4961BCD220B60E6AEE2340709
SHA1:	14C72EF7A0FFC9C9EA5E3444C0DC59785DA98A21
SHA-256:	DB482EBEE408616C83A7396D9F7C6BEF52C0F88AAE7F1AE12A563F3B969BA6CA
SHA-512:	1FCDC9A6450919EFC864BDEA0D7CF7AA45EDC5122204D97212F1EECC02587839B1604B1F5C2019C5DED6A13AE015AEE0C716130E67A696B5C271C163F8F2239A
Malicious:	false
Preview:	BM........6...(...................................................yxw......wuu.....................yww...''('...\ZZ.........311<;9`__fdd.~~}}\|}}\|..~onnb``KII...311..............................865311..............................754422..............................976533..............................2001................................)'&644..............................-,zyyHFF322200200200200200200321=:;cba......................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\thumb-file.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 16 x 14 x 24, image size 674, resolution 2834 x 2834 px/m, cbSize 728, bits offset 54
Category:	dropped
Size (bytes):	728
Entropy (8bit):	4.9247633302215785
Encrypted:	false
SSDEEP:	12:9RUgYR11yf9eYlSk2auzl95/VYNaEOKifC/aRmTNV5E:rLYRLyzlFOdYvDifOTHK
MD5:	B129BE9789F58ECEDAA8F015AA197357
SHA1:	8B4C6712AE2EAA57CBB19E5E134387B3DB49A592
SHA-256:	7B2436444F18EFB7564EDB986291FBF1819CD1B1CEBBDFB78310E84B23ED2F6D
SHA-512:	B3EC527A752A6692FD8006BF95D4609B99F33D6E07E78D3E0AE5CC3A149841D9CE400813B5233763CDB6EF94D1978B874B2786CC734F9D93064617D295BE2B33
Malicious:	false
Preview:	BM........6...(.............................................................................................NLLTSQSRRPOOPOOPOOPOOPOOPOOOMM^]\............31/.................................'%%.........421.................................XVVggf......><;JGF.................................654......DA@?<;................................." .......FDCB?>kih.................................XWW...GEDPMMKHG.................................@==...HFDWTTVRQTQPb`_^\[ZXWYWVXVUXVUVUTSQPRPPPNN@??...ECBURQ[XWVSRMJIHEDB?>><;<:9;97966311ECC.........=;:LHHQNNPNMMIIHFEPNM[ZYVUUVUTQPP[ZZ............10/977><;><;:87866.................................][[dccecca``................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\thumb-video.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 12 x 10 x 24, image size 362, resolution 3779 x 3779 px/m, cbSize 416, bits offset 54
Category:	dropped
Size (bytes):	416
Entropy (8bit):	4.081734889748452
Encrypted:	false
SSDEEP:	6:JElfrmjrrnn7iEu1tT/zWChORkNvgGg5Rql:24H7iE2T/KCykOX5Re
MD5:	CB664896B5B823466765D09E3BA32F58
SHA1:	0639E6F827815FF34D69F45A89410F92835BD939
SHA-256:	6419541B33E79497E64A9D9CAF236DF5997A21617150DAC1589A5293DB12D484
SHA-512:	B35A68A59B4D696CCC956CEAE7AD5F866BE70E50024DBEBA4E98ABB5C44C4FA9C2C1B1D5E2AB7427E4EF9781699F0A24A1C431C196CD5C91BCC566A61E384E62
Malicious:	false
Preview:	BM........6...(...................j............................333333333333333333........................GGGGGG...........................444333333444.....................333333KKKKKK333333...............<<<333...........333<<<............333333...eee999...333333............333333......www...333333............YYY333PPP......PPP333YYY...............:::333PPPPPP333:::.....................}}}......}}}..............

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\titlebar-vnc-top.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 640 x 29 x 24, image size 55680, resolution 2834 x 2834 px/m, cbSize 55734, bits offset 54
Category:	dropped
Size (bytes):	55734
Entropy (8bit):	0.5026517359041639
Encrypted:	false
SSDEEP:	6:Tc0Ktu/6qPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPk:T3Ktx8AWW
MD5:	5E82F4480AC7AFD04705FA90ADAE4213
SHA1:	11CC032C05AEA6BBEA4840065E61CEC2A96AE3AB
SHA-256:	CD5CBBA3326C44A47E107F6F59818DCBBD526BA9DE8C5EBE093D6932728A2113
SHA-512:	91E848B1F6C3FC9458BF42B5A4F1C222E7A1B53DA2CFB73B217FD618103D104E546A95BD032A997F0475529AF8ECC7597CA76640871E4484C497852A100116E8
Malicious:	false
Preview:	BM........6...(.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\titlebar-vnc.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 320 x 28 x 24, image size 26880, resolution 2834 x 2834 px/m, cbSize 26934, bits offset 54
Category:	dropped
Size (bytes):	26934
Entropy (8bit):	0.5416998007961362
Encrypted:	false
SSDEEP:	6:j4Z+lfT63PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPR:jUaf2HWW
MD5:	7CBF4F6A92AD0A1A983D819DFF9C0847
SHA1:	722BD42739FD4869D2666A0B50116D3ED8328857
SHA-256:	FFD70057021409E57B3FFAD8389B8AFE555A3681857BD1D8FFD5EB44EB791E3D
SHA-512:	8E33C9E3CB6BED7CA0721A009D85F17C5A23ABF5C039A015F7164A0D66640C331B3EABC5DC954F0673698635834E7E4C5D09AEDC931717EE251802709A59F22A
Malicious:	false
Preview:	BM6i......6...(...@................i....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_arrow-up.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 20 x 20 x 32, image size 1600, resolution 2835 x 2835 px/m, cbSize 1654, bits offset 54
Category:	dropped
Size (bytes):	1654
Entropy (8bit):	0.8825870516356522
Encrypted:	false
SSDEEP:	6:ee8KY/ucwaJm/OlH9fdRaJuaLla9fdRa969fdRala9f2a:GKYtss9raU9F9N9ua
MD5:	4C04DB1A682441F21AD82C11E9F83572
SHA1:	6046FFF1F6CE015CD8CD1E1F64C50AF48CCA5F84
SHA-256:	F18B0306B2CC5554B7BA04CB94F18B04E9F5FDABA273E90370B353632CF81DAD
SHA-512:	5C990A0F064B2E5B68618BE554CBF3B33FFCCD0E3A22C5E863DA6B0236F7F87C3C1666C20E773821A26EB68D8528664E5972EAF61D5C5BF812DCE196B67C4CF6
Malicious:	false
Preview:	BMv.......6...(............. .....@...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................???.........................???.............................................XXX.333.???.................???.333.XXX.............................................XXX.333.???.........???.333.XXX.....................................................XXX.333.???.???.333.XXX.............................................................XXX.333.333.XXX...................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_arrow.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 20 x 20 x 32, image size 1600, resolution 2835 x 2835 px/m, cbSize 1654, bits offset 54
Category:	dropped
Size (bytes):	1654
Entropy (8bit):	0.8825870516356522
Encrypted:	false
SSDEEP:	6:eec9f2aP9fdRal69fdRa9a9fdRaJuaLlwwaJm/Olf/uWK:m9uaP9N9F9ra+sKvK
MD5:	C1C250B1E5C27642E0EA7F9EFC9BA5CF
SHA1:	FEAA17CE6F446EF6B62FC491573164E62B556AB6
SHA-256:	DC4DAA60AF77158C971EAAEA90BCD1713EBC40EF08B358D0A781130F37D3084D
SHA-512:	B248E3601D12413A693D34CE72606394EE6A7B38DC4491F373A2F282EC7F96026DD615B3E21123B98BCA162A92258BA387CF810730A4BA0A32E91E3C463CA195
Malicious:	false
Preview:	BMv.......6...(............. .....@.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................XXX.XXX.....................................................................XXX.333.333.XXX.............................................................XXX.333.???.???.333.XXX.....................................................XXX.333.???.........???.333.XXX.............................................XXX.333.???.................???.333.XXX.............................................???.........................???...........

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_files.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	2.0723984015548
Encrypted:	false
SSDEEP:	12:eQHI7Gn////RCXRZ+lyW29FfVd53BmzMYi7DCvBQElqArZFT7Nej/ydSpG0JZnrc:Loan////uHvp1YiQ57FT7Ne9Flg
MD5:	F1367365DE63996CFA8ED254432C8DE3
SHA1:	8DDE403280AB6CAAA8E9ED6BAB33BA4C6BC57B99
SHA-256:	4E94A1D17EEB1DEF4B3D6670DC89A189F6D4123E0FDC283D2B4B657C6E1BB485
SHA-512:	D1E45C3D1B2D5EF4CD58C8257958F192A51CE8FEB577C56DE7181584C76EDFD197FB24E0CA22F34F53180049311C74B84BADACC95893778EB7833DB1481C5D0A
Malicious:	false
Preview:	BM6.......6...(... ... ..... ...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_icon_chat_audio.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	2.1026244624306227
Encrypted:	false
SSDEEP:	24:EdUPtr8s0W/auwRSmGDSQMKLygeO4Pvso2BdF:EdaN8s0WLIG+QMcyge5vso2/
MD5:	4EE13CDF3643EFD88EEEC826481FC092
SHA1:	BE6C9F763254335547628990C0450201EEF6A69C
SHA-256:	E5ED71BF66E7D12006ED35FFE9B52A4F1EA4341FAF0C0592EA163BD00E2BD644
SHA-512:	F61402C361B09427BCD03354981F642EE500865B950FB5EFE3718636B7672B826026F3FC2D4981F584B2F127AF17430BAFFC6C2763F21F4FDED621DD6CB48007
Malicious:	false
Preview:	BM6.......6...(... ... ..... .....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................5555LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL5555........................................................................................................................................................................................................................--,.311.<:9.CA@.GED.GED.CA@.<:9.311.---............................................................................................6!

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_icon_chat_video.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 32 x 32 x 32, image size 4096, resolution 2835 x 2835 px/m, cbSize 4150, bits offset 54
Category:	dropped
Size (bytes):	4150
Entropy (8bit):	3.154861116534492
Encrypted:	false
SSDEEP:	24:BuiNepfmfQv115f1Klxpb5c3g4a3SqNVYRX/S0lSisa5qZwwmg7TJAbfSa:BuUehmQ4lxpmkNyRvS0lSx4Yx7TJcSa
MD5:	783E0CD24AC6C880F64E7A4CD8441110
SHA1:	5EC225C5B245646C1068D0A5F62F18BB1C3C43DB
SHA-256:	CFAC377723C758F6E56627032C20A2DA33FE1F8FD482DD1B9C042A77AE09B68C
SHA-512:	0BCCF1E5A065B7866A5BFF39038D57A94EBF4FEE6E2E241EDC87085A854796DC9D77012314CE63CF65CDBC6E7558EEF3254A4015A80D0A64C6C56AC3D2A0343E
Malicious:	false
Preview:	BM6.......6...(... ... ..... .............................................................................................................................................................................................................................................................................................................................................................................................................................................................,,,,@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@,,,,........................................................................................................................................................................................................RRR.643.=;;.CA@.GED.KHG.MJI.MJI.KHG.GED.CA@.=;;.643.RRR..........................................................................--.422.=;:.ECB.KHH.PML.RPO.RPO.PML.KHH.ECB.=;:.422./--............................................................................4....,+*.A@

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_icon_start_sharing.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 18 x 18 x 32, image size 1296, resolution 2835 x 2835 px/m, cbSize 1350, bits offset 54
Category:	dropped
Size (bytes):	1350
Entropy (8bit):	3.664329479658931
Encrypted:	false
SSDEEP:	12:dPdw5cPoMfEbwU47Vx5thfAvEOZnI6hDImAmANwf9qmlORmY4/sm4HXUmFXImn/:/wAoF4UZI09hANwfBIAd/1cNi
MD5:	01E6DA6217025B661BA5862BF863C1C3
SHA1:	D3C298C4DB0D752ED74DF02458AE45EDC0B5B331
SHA-256:	F1206ADC5E8E0B42F85F48C597D36C13120CAC1F42F7FB316B408666FDF053FE
SHA-512:	137F458CD53548E2F569E27C940BE4BAEE8B222DDB03D57A28CE811625B1E7FE307F636D2B16C8537038873CED7F2A596187DF602D5819C75FC4CEE2676D87C2
Malicious:	false
Preview:	BMF.......6...(............. ..........................................................................................................................\:{..[...i...i...[..\:{.........................................a=...u...y...y...y...y...y...y...u..a=...............................R...y...v..nF...9..........9.nF...v...y...R......................a=...y...m..%.2.........................%.2..m...y..a=...................u...v..%.2.................................%.2..v...u..............\:\|..y..nF..........................................nF...y..\:{..........[...y...9..........................................9..y...[...........i...y......................^;~.^;~......................y...i...........k...y...................9..y...y...9..................y...k...........]...y..).8............./.@..y...y../.@.............).8..y...]..........`=...y..oF............../.@..y...y../.@.............oF...y..`=...............v...w..#.0........./.@..y...y../.@.........#.0..w...v..................a

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_icon_stop_sharing.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 18 x 18 x 32, image size 1296, resolution 2835 x 2835 px/m, cbSize 1350, bits offset 54
Category:	dropped
Size (bytes):	1350
Entropy (8bit):	3.4218476932782464
Encrypted:	false
SSDEEP:	12:dP0a1o9LOcZk1E/JH2Y4ovS/1t6uheBTIUgdUiRXEBU3UAUF/U5KUClU1Xl:CSodOLE/JH2t1nRT11Xl
MD5:	7702238CAC805065126CA7EB451BD399
SHA1:	68699C534557A0C21CB177487A973CA468B9E548
SHA-256:	47D61B6AC5BE3E9F32612EB2B0E7E5EFBAFBBD8DD51738B92D70D971989D6590
SHA-512:	96887A3576B3F2248DD7EC75E93CA763650E023A4BFA3EF9913F979E7F970A123ADD424C5A626930A313A4A1D90CE5D314BBB25633F3BD2FFC5C670A950E78AC
Malicious:	false
Preview:	BMF.......6...(............. ...........................................................................................................................b{&&..,,..,,..&&....b{..........................................h.11..33..33..33..33..33..33..11....h.............................""..33..22....v...-9..........-9..v.22..33..""........................h.33........(2..........................(2....33....h.................11..22....(2..................................(222..11................c\|33....v...........................................v.33....b{........&&..33....-9..........................................-933..&&..........,,..33........................d~..d~....................33..,,..........--..33....................-933..33....-9................33..--..........''..33....,8..............3@33..33....3@..............,833..''............g.33....w...............3@33..33....3@..............w.33....g.............22..22....&0..........3@33..33....3@..........&022..22....................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\v4_ik-VNC-top.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 30 x 14 x 32, image size 1680, resolution 2835 x 2835 px/m, cbSize 1734, bits offset 54
Category:	dropped
Size (bytes):	1734
Entropy (8bit):	2.2871478135707815
Encrypted:	false
SSDEEP:	12:IfAFujIqhnxtNWyPMDzRuBTERTNHPhv4NkuGVqoXBZXU:ITjLtITuY9bwov
MD5:	0112622CCDCC2AE3B8413A0D878CC929
SHA1:	B1C979EB6B8EFD8045293DFE2C60B6776FA4982A
SHA-256:	6C6AE8F162B3BC78F727EEF3F335D2C4E8C29D293ECD0368B16DD5D891FDDADB
SHA-512:	6165EDF8CF3F9E0817A0D817DBB209DBD0DCA1DF70063F54991B98B6036E56FD6B20A432FB27C4C4527ECBFE308EC915DC4047EB15919985E3E356ED2298120A
Malicious:	false
Preview:	BM........6...(............. .............................................................................................................................................................................................................................................NNNb.......................................... )!!..//..33..//..!!.... )................................................A?>..../..................................BS00....p...$.......$...p.00....BS....................................BBBEJHG.$$#................................... )00....8F......................8F00.... )........................yww.bbbg....EBA....T................................!!....p...............................p.!!..........................GCD.pmm.GCD.^[[.MMMQ................................//....$...............................$.//..........................GCD.GCD.GCD.GCD.uss./-,.............................33......................................33..........................GCD.GCD.GCD.GCD.864...."......

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\white.bmp

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PC bitmap, Windows 3.x format, 17 x 17 x 24, image size 884, cbSize 938, bits offset 54
Category:	dropped
Size (bytes):	938
Entropy (8bit):	0.4780294059421572
Encrypted:	false
SSDEEP:	3:VSl/88lIlRRoEEEEEEEEEEEEEEEEn:VSl/80IpoEEEEEEEEEEEEEEEEn
MD5:	B3231B9533E0D15621250A14B944FDF6
SHA1:	B22E449859D395B11849469E6D7EB6BB89D2D90E
SHA-256:	B5912084339ABC32BCFC7F1865351F0169BB6797550A906176D920ECD290940F
SHA-512:	9856FCD9685E6E6EE3372DAE5491C04EC1AF039E101C24B66D2799F2E18892B778DCF59AC28B6A70241F9586CE3CCA10C5135FB1C1B33FD780A5B8C43145D74D
Malicious:	false
Preview:	BM........6...(...................t.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\source_pkg.dat

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1974240
Entropy (8bit):	7.945925618008356
Encrypted:	false
SSDEEP:	49152:P2bt1j16uZ+N28wL302i37IDPPQxzA8E/+iJadA:+bt1jlE2b/EIDghnaadA
MD5:	D84CB294555A00A98C35FE808177007E
SHA1:	7DC2EC2D7CE9A64C076FF629784D8D493F8C69D2
SHA-256:	D3C2E27197611CFB3A4E7FEEB397E73179B95FDA35FFD2B6968D784916281DEB
SHA-512:	377C75C9FDD685797F81CC714CBB82B298C8F7C1B205C52E6C1FF9FC006E19C98292EAC8634A812DBA838A38CE97B419048E411CA12A23D2520B30159B6FC0EF
Malicious:	false
Antivirus:	Antivirus: Virustotal, Detection: 1%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..7...7...7...l...>...7...T...e...6......>......8......6......6...Rich7...................PE..L....*.f.............................f............@.......................................@.................................l...d.......D...........@...........,....3..T...............................................l............................text.............................. ..`.data...h...........................@....idata..\...........................@..@.rsrc...D...........................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\trace.out

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	732
Entropy (8bit):	5.035947077744581
Encrypted:	false
SSDEEP:	12:FT4Mx1IQsD5t44vqw6jtAMQOAhEgu0tz6wSUtszjj/VGe:Ff1IJD5JqwwmMQOl0tz6wptszjjAe
MD5:	9AA5A49EB39CF87E11B26B4323B72ED6
SHA1:	5E3178BDA803F44CCB4F7A9CAF465D24279CFD72
SHA-256:	55C902349967ADCCF1510AE5C918C289C6596FC1D1EF7348D4495CFBBAE2C622
SHA-512:	09359720088DAB2953FA57810D3A4FE8473233809A359BF0400836A2732935D6086C4FB227F625B644F8478A2EC75D2DAF8B8F63E7F3D81B82CD8C1FFC328ABB
Malicious:	false
Preview:	2024-10-01T03:38:49Z metrics: allocated..2024-10-01T03:38:49Z dialog: init languages..2024-10-01T03:38:49Z system locale (win): GetUserDefaultLCID() = 0x2000, langid = 0x2000, primary = 0x0, sub = 0x8..2024-10-01T03:38:49Z system locale (win): matching language from list: [ar, bg, ca, cs, da, de, el, en, es, et, fi, fr, he, hi, hr, hu, it, ja, ko, lt, lv, mk, nl, no, pl, ptbr, pt, ro, ru, sl, sq, sr, srl, sv, tr, vi, zh, zhs]..2024-10-01T03:38:49Z system locale (win): ... no match, using default: en..2024-10-01T03:39:19Z dialog: finding char set..2024-10-01T03:39:19Z dialog: enumerating fonts..2024-10-01T03:39:19Z dialog: font Microsoft Sans Serif Western MS Shell Dlg 36 0 34..2024-10-01T03:39:19Z dialog: init basic done..

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\translations\LangAll.tr2

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	data
Category:	dropped
Size (bytes):	596156
Entropy (8bit):	6.284844413358593
Encrypted:	false
SSDEEP:	12288:ScITURECqik8YZ0WRgH9O2hJejRg0KJZEVHHe:jw0NOx9le
MD5:	C6F948BEC96E925AD3AF8100B6BB647C
SHA1:	681171AFAEC15C5E62E8C3A5D65FB954C5012AE5
SHA-256:	F317EA33739C929253CE6C7499D2E0A2BA16A25C214BA9345B4C10B24DB3A7A6
SHA-512:	4F30114C0C9EFD6243CAF02283D58C863F9DF5CC8BEF350A542DF4C4C5D354681059CA7521C152206E0B477FC119F9E7ECBEF53ADC7F91FBDD4BEDD23D93EE2A
Malicious:	false
Preview:	....ar..LAYOUT..RTL..MATCH_IETF..ar..MATCH_LINUX..ar..MATCH_MAC..ar..MATCH_WIN..0x01..NAME..Arabic..NATIVE...........PRIORITY..50..TEXT_COMMAJOIN.... ....bg..MATCH_IETF..bg..MATCH_LINUX..bg..MATCH_MAC..bg..MATCH_WIN..0x02..NAME..Bulgarian..NATIVE.............PRIORITY..50....ca..MATCH_IETF..ca..MATCH_LINUX..ca..MATCH_MAC..ca..MATCH_WIN..0x03..NAME..Catalan..NATIVE..Catal...PRIORITY..50....cs..MATCH_IETF..cs..MATCH_LINUX..cs..MATCH_MAC..cs..MATCH_WIN..0x05..NAME..Czech..NATIVE...e.tina..PRIORITY..50....da..MATCH_IETF..da..MATCH_LINUX..da..MATCH_MAC..da..MATCH_WIN..0x06..NAME..Danish..NATIVE..Dansk..PRIORITY..50....de..MATCH_IETF..de..MATCH_LINUX..de..MATCH_MAC..de..MATCH_WIN..0x07..NAME..German..NATIVE..Deutsch..PRIORITY..100....el..MATCH_IETF..el..MATCH_LINUX..el..MATCH_MAC..el..MATCH_WIN..0x08..NAME..Greek..NATIVE............PRIORITY..50....en..MATCH_IETF..en..MATCH_LINUX..en..MATCH_MAC..en..MATCH_WIN..0x09..NAME..English..PRIORITY..100....es..MATCH_IETF..

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1335616
Entropy (8bit):	6.818938913856093
Encrypted:	false
SSDEEP:	24576:DEpu7P85kSWDf6vgQjwlve/1Q69PBO6qhSqd0+Rt6AyY/gyP6ne:DEQD85NW25ieddPAhSqd0YtpnXP6ne
MD5:	3F3E59BE7FCD410E4CA185D7714BDED4
SHA1:	D567E0FD73FEAD1B78AD5635028D90820DE83C56
SHA-256:	E029E48C4E530A136BF0A167F4EA3A0D1F5B0366DCDA134490F25C4A6E36C528
SHA-512:	4FAF40425353789314E6EAAE6BD74E243DDE960B39D02F953EC47AA0B86008ABE46DBC3A18792DE3E1621A2A8484A24E93FAE635C7A83464816D8D4F1D39F93B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.......6..%r..vr..vr..v...wy..v...w...v...wk..v.J4vs..vI..wj..vI..wb..vI..wT..v..wJ..v...wc..vr..vp..v..w...v..ws..v..vs..vr.dvs..v..ws..vRichr..v........................PE..L...J./e...........!................7%....... ............................................@.............................X...X...........p............8..@)..........`h..T....................i.......h..@............ ...............................text...#........................... ..`.rdata....... ......................@..@.data............H..................@....gfids.. ............J..............@..@.tls.................L..............@....rsrc...p............N..............@..@.reloc...............T..............@..B................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\address

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	28
Entropy (8bit):	3.637537511266052
Encrypted:	false
SSDEEP:	3:EPvbqM0sn:EneMjn
MD5:	B50ABBAEBFCC11D0627C68E668329F3B
SHA1:	FE722D01403BC46D8AC8A77F99E8956D252548A6
SHA-256:	72B8479D9DC810F3C03BAA56A84046159DA471C3605F08F8452CE0AD23467D4C
SHA-512:	29CEC9F5167CF2E4D030E2D4EBE258FF026649250D227A332E8BD1DC38424E3BAC319C48DAC4687225E72F80EA70F715F97663FD8DD606080128C24A2EAC7899
Malicious:	false
Preview:	networkstart-*.islonline.net

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\port

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	4
Entropy (8bit):	2.0
Encrypted:	false
SSDEEP:	3:gUQn:gUQn
MD5:	5A0C828364DBF6DD406139DAB7B25398
SHA1:	777C6FAE7017DF6B8C5EE285F6F5713FE6BF2D48
SHA-256:	00FCB2D718C2116664250CE295B3D7D73ED9285609D6FEF71233DA70F637BD65
SHA-512:	41FDB9D7AAB358F8F13EFDFCA49A73D991FBBEE344A0F4F15FB348260E35FDC58DEDEEC86E3EE25633B5CA785A78A0788BB631B27755E946B75A75CC4132C1DD
Malicious:	false
Preview:	7615

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\query

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	188
Entropy (8bit):	4.8579996860866625
Encrypted:	false
SSDEEP:	3:KOhOmR6eHJRZFzOmR6eHL/9+EzUvUdJKAYAy0/rFd7VFgUEDGDRKlhIawWHMZCe:FOmR6eh9OmR6erd4vUd6UZt3gUqzhI5j
MD5:	35B0DE1E72C3D5CBE3D9C0D01342A8A0
SHA1:	C1AFC4A8356E8C9FFDBCCA58188646D91C0D5C26
SHA-256:	13F0B07DDC24927D0BCBF7304FE79E437963A2C9DA9F3A1205EF7732CE0BB2F4
SHA-512:	506A494A9E79573AE6CA5F33705B80207F5AFAEAC578F4581F2E65C87C5F03FD9BF5C5A7D3F16E881D2E0F69C7958937AC2F7956FD1192C108ADFF0334D51494
Malicious:	false
Preview:	__ISL+Network+Start__web_country=es&__ISL+Network+Start__web_language=es&addbase=+49919761&cmdline=%2d%2dauto%2dclose+%2d%2dconnect+%2249919761%22&custom=drag%2dcat&web_name=ISLLightClient

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\use_http

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf\use_https

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\conf_static\caption

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.5
Encrypted:	false
SSDEEP:	3:5FiORw:5FbRw
MD5:	B2EDEF8BED24DA82C79A1BCBCA385D49
SHA1:	2AD504131867BC25D15B0E8382E5194DBAC9405F
SHA-256:	ED722B6701B48A8D619DBCB05467755B644319B6035BF4E89F20C7AEEE48A9A1
SHA-512:	B13E30FEFBE6A4384420E29D52ECFB5AD8353B2C86A60B8C637AECE0A411685C38D6A9D87F05AD4760F55048207318B9AB0778C4CDA89372D5A506B73C9C139A
Malicious:	false
Preview:	ISL Light Client

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\connection_keys\connection_keys

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	1844
Entropy (8bit):	6.351938172824839
Encrypted:	false
SSDEEP:	24:I6V3FhxFNbrYBOQ9Vz3TzprLG/bYbSp3a66SJ6O3HLmRuE2u8YUyHZLBh6/qYe5i:ImLbrYUQ9VzT9rS13lzyL8YU4Lbdo
MD5:	2B1837FBFB56683039240033CAFCFE65
SHA1:	080AC9280CEDA3BDA35BF1B1D2E50D26860657FF
SHA-256:	A29A34DB5DE5F47DC9CA81EACB7EB116D4AF33CD1C5365FE85AB876010998BBA
SHA-512:	2AB6CB4567059BD45AD7A21250C77BDBFFE2479A5E2BB51D20DDA940EB7580C9C5468B688964811756A30E1EAF7A0F36802501FE1DB2BA5FA91E6C8D88F538F5
Malicious:	false
Preview:	key_cs..-----BEGIN CERTIFICATE-----..MIIBjjCB+AIJANiwjSuJvvJjMA0GCSqGSIb3DQEBBQUAMAwxCjAIBgNVBAMTATEw..HhcNMDkwMTIzMDg0OTQ1WhcNMzYwNjA5MDg0OTQ1WjAMMQowCAYDVQQDEwExMIGf..MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKeXOPm/0/pU73gl5gyon+zOCvUTuP..KrYTU94G1MzB5SlVUjwaKFHfCbefg+JkeCfo8NLt+sriO1LAppCKmLhLecf0KNQN..o3xrz1HEjaCaqkcXagwJehq7KEQIm73q8BgnqHnNyAUCpWg2JovEMAcXDQY+OEdn..GZF1IwM5TER1lwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBABfwFgdsni3UooyU6SZ4..0CJhWdu3eA/hC8XYuIGaRdk1NJlnIuKm33Epmz0nE+64WSt+wz1DK89PKQWXUeRU..uSzK5RQmHqN7fAzzXJhXOH/ODHVZsqTT/DpypjHeoUEaD2E3jGrqaH6M8COtbvrC..F2TMNLabCFcP/TnfqPC8X8bk..-----END CERTIFICATE-----..b..key_cs_latest..-----BEGIN CERTIFICATE-----..MIICvzCCAaegAwIBAgIWAJfIuhV2xIywhK5GXMCvk8oQAYQDAjANBgkqhkiG9w0B..AQsFADARMQ8wDQYDVQQDDAZpc2xfY3MwHhcNMTcwOTExMTQzNDIxWhcNNDUwMjI1..MTQzNDIxWjARMQ8wDQYDVQQDDAZpc2xfY3MwggEiMA0GCSqGSIb3DQEBAQUAA4IB..DwAwggEKAoIBAQC5y20VYj/PDkJTA2NeJL+m08hBoTNMOYVXoPaWQ5ChBxKhT5qo..UNsujhFBx3ZGPQHyaUsHmFMBdNyikE5LXSZ8X21ObqQjeFDNodMPEKKymG1KDxz+..VdXkZ

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1974240
Entropy (8bit):	7.945925618008356
Encrypted:	false
SSDEEP:	49152:P2bt1j16uZ+N28wL302i37IDPPQxzA8E/+iJadA:+bt1jlE2b/EIDghnaadA
MD5:	D84CB294555A00A98C35FE808177007E
SHA1:	7DC2EC2D7CE9A64C076FF629784D8D493F8C69D2
SHA-256:	D3C2E27197611CFB3A4E7FEEB397E73179B95FDA35FFD2B6968D784916281DEB
SHA-512:	377C75C9FDD685797F81CC714CBB82B298C8F7C1B205C52E6C1FF9FC006E19C98292EAC8634A812DBA838A38CE97B419048E411CA12A23D2520B30159B6FC0EF
Malicious:	true
Antivirus:	Antivirus: Virustotal, Detection: 1%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s..7...7...7...l...>...7...T...e...6......>......8......6......6...Rich7...................PE..L....*.f.............................f............@.......................................@.................................l...d.......D...........@...........,....3..T...............................................l............................text.............................. ..`.data...h...........................@....idata..\...........................@..@.rsrc...D...........................@..@.reloc..,...........................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	ASCII text, with very long lines (3008), with CRLF line terminators
Category:	dropped
Size (bytes):	23565
Entropy (8bit):	5.761560952304858
Encrypted:	false
SSDEEP:	384:U4pMbbQ3S5MmmnHc2XsNwwe4LFJM7/rH///iJfJLds/wBRGlUt4iBaQ3S5MmmnSL:U4pMbbQ3S5Z2cawe4LFJM7/rf3iJfJLu
MD5:	A64A598210ACD94B920E6D1429886481
SHA1:	5B3B77A05C98A8F823AA801BBF9F15B57DB16555
SHA-256:	782E020C325612CF766111BE2CF5020924A36254D17F15AE663CF607A473F498
SHA-512:	ED7072166E40267BD0995F1708C303318708D57AEE9B91F6D0E710CA376C150A3D2639AEAA2B9B09FF941BB783F3FD6A444012CF3344F9A4A335C533E12E9476
Malicious:	false
Preview:	2024-10-01T03:38:44Z network start: version [4.4.2332.7]..2024-10-01T03:38:44Z flag: [4.4.2234 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2023-04-11 LIB-1344 fix exists_config_storage on win..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2020-09-03 LIB-1134 xml attr apos..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2020-10-15 LIB-1138 send scope_web flag on MUX netstart channel..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2020-12-03 LIB-1145 secure http header encoder..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2020-12-17 LIB-1149 linux glibc in os_version..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 1 in_script: 0] 2023-03-31 LIB-1345 raise signed format version..2024-10-01T03:38:44Z flag: [4.4.2332 is_default: 1 enabled: 1 in_binary: 2 in_script: 0] 2023-06-13 LIB-1363 s

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\translations\translations

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	46623
Entropy (8bit):	6.373231848225147
Encrypted:	false
SSDEEP:	768:0BYlPsMPkZduXz7hkrAwpsjeKF6qgllEfxOnY+hnNDH/ZRl2:sfWX01psjeKF1g/Es1ftO
MD5:	69478C3AE768E684A44E1DF2911A5871
SHA1:	4D82C8D770AD31868C8CF6DF65FD5601C95B7C25
SHA-256:	4E737CDD519DB84E80840F1A5FAB2899F418AF3476150D2FE5C039C63BA9FF24
SHA-512:	89232BAAE1FFD2E24C0E29970111DD5C11C3C0166320F728FB6FC89C1ECD10FED6639D4B6072AFE4F6B5A15EF9D1903D273FCFFF5A956106CA2D6A5CD6EF9099
Malicious:	false
Preview:	....bg..MATCH_IETF..bg..MATCH_LINUX..bg..MATCH_MAC..bg..MATCH_WIN..0x02..NAME..Bulgarian..NATIVE.............PRIORITY..50....ca..MATCH_IETF..ca..MATCH_LINUX..ca..MATCH_MAC..ca..MATCH_WIN..0x03..NAME..Catalan..NATIVE..Catal...PRIORITY..50....cs..MATCH_IETF..cs..MATCH_LINUX..cs..MATCH_MAC..cs..MATCH_WIN..0x05..NAME..Czech..NATIVE...e.tina..PRIORITY..50....da..MATCH_IETF..da..MATCH_LINUX..da..MATCH_MAC..da..MATCH_WIN..0x06..NAME..Danish..NATIVE..Dansk..PRIORITY..50....de..MATCH_IETF..de..MATCH_LINUX..de..MATCH_MAC..de..MATCH_WIN..0x07..NAME..German..NATIVE..Deutsch..PRIORITY..100....el..MATCH_IETF..el..MATCH_LINUX..el..MATCH_MAC..el..MATCH_WIN..0x08..NAME..Greek..NATIVE............PRIORITY..50....en..MATCH_IETF..en..MATCH_LINUX..en..MATCH_MAC..en..MATCH_WIN..0x09..NAME..English..PRIORITY..100....es..MATCH_IETF..es..MATCH_LINUX..es..MATCH_MAC..es..MATCH_WIN..0x0a..NAME..Spanish..NATIVE..Espa.ol..PRIORITY..100....et..MATCH_IETF..et..MATCH_LINUX..et..MATCH_MAC..et..MATCH

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_043065b2e452ce2cf70257bf9425894cba1c5de87ed10248a2b672c5c399c723 (copy)

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_3ed70ed34cf00c10cc154e384abd36a689ae85d7c5b9bae1ab71608ebbb9fb8c (copy)

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_419ef57f0b28960c833825d468211467de332c0e3dfadec7b6e72b82ed3c04b7 (copy)

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_45390ea339a822941ab593a53883383e16a0d5f46ac05d5b9c7b49218cb8014e (copy)

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_68e7d0a5d2fbad6a95db87b21edc997063a5b30d2660721392f4498ac45d20b5 (copy)

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_b5ca13e92e299006b18361a251e52720a13c30ba0c08a23fc19e6b6ba3b0c01f (copy)

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_ccc40b01224b537ac32e8a9ac7abe0c619020bafddf89f6f60f98345b23e5563 (copy)

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\file_cache_v3_e05fc368b8b5e4bdfc11af1c131268794ca22b3ce2da363e9d7d1418b807ce98 (copy)

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\cache\tmp_7564_7596

Download File

Process:	C:\Users\user\Desktop\$RMH4FA8.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	2.9182958340544896
Encrypted:	false
SSDEEP:	3:+6L8ln:zwn
MD5:	172C9E83F1C28D9795A9639CD70CE895
SHA1:	4D64A5ACC7F6506825284E215C688CD8BFA70DE1
SHA-256:	3ED70ED34CF00C10CC154E384ABD36A689AE85D7C5B9BAE1AB71608EBBB9FB8C
SHA-512:	9DD9EFB94FA55FBFB569E52DC3F8A5434C6DFA9954A51CBA5F7EF08AC72FF8CAF529F5DC717EDBE8DEFC42C0E4361DB6F84BE9306681F484FB1F38A34BEB4B38
Malicious:	false
Preview:	.{{ending}}.

C:\Users\user\AppData\Roaming\Microsoft\Windows\SendTo\ISL Light Client.lnk

Download File

Process:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 1 02:38:49 2024, mtime=Tue Oct 1 02:38:49 2024, atime=Tue Oct 1 02:38:49 2024, length=14648, window=hide
Category:	dropped
Size (bytes):	2321
Entropy (8bit):	4.293303843929937
Encrypted:	false
SSDEEP:	24:8EMbRwRDH+KAkiKA36oLfkgyANfs9S0SvpWYO4Zr3qS0SvpWBpP+IqyFm:8EMFwRDH+aiak9s9S0AoYZzqS0AoWyF
MD5:	9378930FE53E9BBA3BFA664919B89543
SHA1:	8317C4FEC19695692CF82144F793FB5E829EDDCD
SHA-256:	2734D24A6445A94CF36D331409BF82C35AFBCCDC15BAF7A1EFF17A3E41EE75EF
SHA-512:	12AADDEDBAB5BDABF43D7B8D32454C781EEFFEF90EEE2CB0C2B49C3A1A62D63824807CBBA1147B008AAFDFDF146A3DEB9AA01364EA981638D4CE980B5D3BA633
Malicious:	false
Preview:	L..................F.@.. ....aMm.....aMm.....aMm....89........................:..DG..Yr?.D..U..k0.&...&......vk.v....5.e.....l.m........t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^AY.............................%..A.p.p.D.a.t.a...B.P.1.....AY....Local.<......CW.^AY......b.....................-...L.o.c.a.l.....j.1.....AY....ISLONL~1..R......AY..AY............................-...I.S.L. .O.n.l.i.n.e. .C.a.c.h.e.....j.1.....AY....ISLLIG~1..R......AY..AY................................I.S.L. .L.i.g.h.t. .C.l.i.e.n.t.....D.1.....AY....1.4......AY..AY................................1.....l.2.89..AY.. .SHELLS~1.EXE..P......AY..AY......;........................s.h.e.l.l.s.e.n.d.t.o...e.x.e.......................-.......~............J......C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe....I.S.L._.L.I.G.H.T._.D.D.1._.7.6.6.4...C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.I.S.L. .O.n.l.i.n.e. .C.a.c.h.e.\.I.S.L

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.917180040041448
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	$RMH4FA8.exe
File size:	594'944 bytes
MD5:	be23dc8179b9aa8ddcfe08be342c27cb
SHA1:	fba1c67bbaaa7b62398fb99952940d82c66ceecb
SHA256:	1df5c8c17b6d6e1bb93cee6dca6a03b34c94db46416bc7653194ad570d986f7e
SHA512:	175ce421f638699b66c08088d4a85db98ee8beacb21ad3a496464b91e5a7e1f7480f7ae5380c37fd72ea3d57882f3dbcf56a7308539499b3ea1524360afd69fc
SSDEEP:	12288:gtfu3bk/pEUSlde0zk/Ltxids16UPPrA8AdqH1ZqtPHbFnCFpEUVkwoe6x+zwZS1:g9u3bk/pEUSlde0zk/Ltxids16UPPsTB
TLSH:	E8C4126263C8D9F3C8020E30B618D7948179BF463121CD6692FE3D5FF9722DA561A9E3
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......!.L.ei".ei".ei"..4#.li".ei#..i".^7!.di"..7'.li"..7&.ji"..7..di"..7 .di".Richei".........PE..L...H./e...........................

File Icon


Icon Hash:	8ecc8e8eccaa8e06

Static PE Info

General

Entrypoint:	0x406730
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x652FD348 [Wed Oct 18 12:44:56 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	6bcd61fd0c79a200cdb0f32f0a655791

Authenticode Signature

Signature Valid:	true
Signature Issuer:	CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US
Signature Validation Error:	The operation completed successfully
Error Number:	0
Not Before, Not After	04/10/2022 01:00:00 05/10/2025 00:59:59
Subject Chain	CN=ISL Online Ltd., O=ISL Online Ltd., L=Swindon, C=GB
Version:	3
Thumbprint MD5:	B662021BB8598B80EC8287105175D462
Thumbprint SHA-1:	4BF7E669EA69D32ECF1514826EE28249150640B2
Thumbprint SHA-256:	28C5DBF280852788A7BFF3B158933E128050D00304717F940DE5F83AE725B2AA
Serial:	09D897A7D494BB94C69C7B992E424EC3

Entrypoint Preview

Instruction
push 00000000h
call dword ptr [0040D108h]
mov ecx, eax
jmp 00007F27604EF89Eh
push dword ptr [esp+04h]
push 00000000h
call dword ptr [0040D0E0h]
push eax
call dword ptr [0040D0DCh]
ret
push dword ptr [esp+04h]
push 00000000h
call dword ptr [0040D0E0h]
push eax
call dword ptr [0040D0D4h]
ret
cmp dword ptr [esp+04h], 00000000h
push dword ptr [esp+08h]
je 00007F27604EFBC6h
push dword ptr [esp+08h]
push 00000000h
call dword ptr [0040D0E0h]
push eax
call dword ptr [0040D0D8h]
ret
push 00000000h
call dword ptr [0040D0E0h]
push eax
call dword ptr [0040D0D4h]
ret
sub esp, 0Ch
push ebx
mov ebx, dword ptr [ecx]
mov eax, edx
push ebp
push esi
mov dword ptr [esp+14h], eax
mov esi, dword ptr [eax]
mov dword ptr [esp+10h], ecx
mov dword ptr [esp+0Ch], ebx
cmp esi, 40h
jnc 00007F27604EFBBAh
xor eax, eax
inc eax
jmp 00007F27604EFCF7h
push edi
lea ecx, dword ptr [ebx+3Ch]
call 00007F27604ECB7Fh
mov edi, eax
cmp edi, 2Ch
jc 00007F27604EFCE0h
cmp edi, esi
ja 00007F27604EFCD8h
lea ecx, dword ptr [edi+000000B0h]
cmp esi, ecx
jnc 00007F27604EFBB9h
push 00000003h
jmp 00007F27604EFCC8h
push 00000004h
add ebx, edi
push 004012F4h
push ebx
call 00007F27604ED266h

Rich Headers

Programming Language:

[RES] VS2015 UPD3 build 24213

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xd16c	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xe000	0xca48	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x8f860	0x1ba0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x1b000	0x430	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x33e0	0x54	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xd000	0x16c	.idata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xaada	0xac00	e4bce3abf4e4587e73fa4b9aef1b7f29	False	0.5984965479651163	data	6.892876635151667	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.data	0xc000	0x68	0x200	cab1cac3a46b71a3786ab1ce6a51cb73	False	0.0390625	ISO-8859 text, with no line terminators	0.12460826972976341	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0xd000	0x95c	0xa00	5079f4d9a2916069d049d6f4d4e361cf	False	0.42421875	data	5.023061296912452	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0xe000	0xca48	0xcc00	35766934be18428df5f3654ad93d8301	False	0.5972732843137255	data	6.732056546650596	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x1b000	0x430	0x600	7a93fd6561fc1f6998cf679448058bda	False	0.6360677083333334	data	5.214813570435844	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0xe2e0	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors			0.46959459459459457
RT_ICON	0xe408	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors			0.14667630057803469
RT_ICON	0xe970	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024			0.1622340425531915
RT_ICON	0xedd8	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colors			0.364247311827957
RT_ICON	0xf0c0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors			0.20803249097472923
RT_ICON	0xf968	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096			0.10600375234521577
RT_ICON	0x10a10	0x668	Device independent bitmap graphic, 48 x 96 x 4, image size 1152, 16 important colors			0.3329268292682927
RT_ICON	0x11078	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors			0.4640191897654584
RT_ICON	0x11f20	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216			0.17977178423236514
RT_ICON	0x144c8	0x5fe9	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced			0.9898179448539893
RT_GROUP_ICON	0x1a4b1	0x92	data			0.6301369863013698
RT_VERSION	0x1a543	0x2a8	data	Slovenian	Slovenia	0.46911764705882353
RT_MANIFEST	0x1a7eb	0x25d	XML 1.0 document, ASCII text, with CRLF line terminators			0.5851239669421487

Imports

DLL	Import
KERNEL32.dll	lstrcpyA, lstrcatA, lstrlenA, SetCurrentDirectoryA, SetCurrentDirectoryW, CreateDirectoryA, CreateDirectoryW, CreateFileA, CreateFileW, DeleteFileA, DeleteFileW, FindFirstFileA, FindFirstFileW, FindNextFileA, FindNextFileW, GetFileAttributesA, GetFileAttributesW, RemoveDirectoryA, RemoveDirectoryW, SetFileAttributesA, SetFileAttributesW, GetLastError, GetModuleFileNameA, GetModuleFileNameW, CopyFileA, CopyFileW, MoveFileA, MoveFileW, lstrcmpA, MultiByteToWideChar, WideCharToMultiByte, GetCommandLineA, GetCommandLineW, ExpandEnvironmentStringsA, ExpandEnvironmentStringsW, CreateProcessA, CreateProcessW, LoadLibraryW, FormatMessageA, WaitForSingleObject, CreateThread, FindClose, GetFileSize, SetFilePointer, HeapAlloc, HeapReAlloc, HeapFree, GetProcessHeap, SetEvent, CreateEventA, OpenEventA, Sleep, TerminateProcess, GetExitCodeProcess, MapViewOfFile, FlushViewOfFile, UnmapViewOfFile, GetModuleHandleA, CreateFileMappingA, IsBadReadPtr, LoadLibraryA, GetProcAddress, FreeLibrary, GetVersionExA, GetCurrentProcessId, GetCurrentProcess, SetLastError, DuplicateHandle, GetVersion, CloseHandle
USER32.dll	MessageBoxA, MsgWaitForMultipleObjects, ShowWindow, RegisterClassA, DefWindowProcA, PeekMessageA, DispatchMessageA, CreateWindowExA
SHELL32.dll	ShellExecuteExA
ADVAPI32.dll	OpenProcessToken, AllocateAndInitializeSid, EqualSid, FreeSid, GetTokenInformation, RegCloseKey, RegOpenKeyExA, RegQueryValueExW

Possible Origin

Language of compilation system	Country where language is spoken	Map
Slovenian	Slovenia

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 05:38:45.381304026 CEST	49731	7615	192.168.2.4	195.201.59.111
Oct 1, 2024 05:38:45.386195898 CEST	7615	49731	195.201.59.111	192.168.2.4
Oct 1, 2024 05:38:45.386285067 CEST	49731	7615	192.168.2.4	195.201.59.111
Oct 1, 2024 05:38:45.387685061 CEST	49731	7615	192.168.2.4	195.201.59.111
Oct 1, 2024 05:38:45.392442942 CEST	7615	49731	195.201.59.111	192.168.2.4
Oct 1, 2024 05:38:46.026658058 CEST	7615	49731	195.201.59.111	192.168.2.4
Oct 1, 2024 05:38:46.026673079 CEST	7615	49731	195.201.59.111	192.168.2.4
Oct 1, 2024 05:38:46.026698112 CEST	7615	49731	195.201.59.111	192.168.2.4
Oct 1, 2024 05:38:46.026706934 CEST	7615	49731	195.201.59.111	192.168.2.4
Oct 1, 2024 05:38:46.026787043 CEST	49731	7615	192.168.2.4	195.201.59.111
Oct 1, 2024 05:38:46.026865959 CEST	49731	7615	192.168.2.4	195.201.59.111
Oct 1, 2024 05:38:46.091872931 CEST	49731	7615	192.168.2.4	195.201.59.111
Oct 1, 2024 05:38:46.097264051 CEST	7615	49731	195.201.59.111	192.168.2.4
Oct 1, 2024 05:38:46.097321987 CEST	49731	7615	192.168.2.4	195.201.59.111
Oct 1, 2024 05:38:46.129689932 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.134639025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.134749889 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.136859894 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.141648054 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.624284029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.624295950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.624313116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.624322891 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.624365091 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.624424934 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.626620054 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.631401062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.631464005 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.636248112 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.742263079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.747939110 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.752692938 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.844578981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.845088959 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.849905968 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.942049026 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:46.947282076 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:46.952167034 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.011924028 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.017091990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.017152071 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.021984100 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.174561024 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.174571991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.174591064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.174601078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.174617052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.174631119 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.174681902 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.176695108 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.176712990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.176733971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.176754951 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.176788092 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.176791906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.176803112 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.176820040 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.176827908 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.176839113 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.176877022 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.177422047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.177490950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.177501917 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.177527905 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.177575111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.177584887 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.177627087 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.270241976 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270252943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270257950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270262003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270267010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270272017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270427942 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.270595074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270606041 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270627975 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270648956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270653009 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.270659924 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270678997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.270714045 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.270746946 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.271562099 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.271572113 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.271589994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.271625042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.271625042 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.271635056 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.271655083 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.271694899 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.271718979 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.272546053 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.272557020 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.272574902 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.272599936 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.272624969 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.272634983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.272654057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.272677898 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.272715092 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.273595095 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.273606062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.273622990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.273643970 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.273653030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.273655891 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.273673058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.273694992 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.273720026 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.357906103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.357916117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.357923031 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358010054 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.358026028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358037949 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358045101 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358051062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358108997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358114958 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358124018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358130932 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358144045 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358150005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358177900 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.358215094 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.358944893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358957052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358975887 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.358997107 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.359018087 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359021902 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.359030008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359049082 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359070063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359078884 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.359082937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359103918 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359123945 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.359152079 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.359843016 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359853983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359879971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359899044 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.359903097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359915018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359940052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359950066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359950066 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.359977961 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.359982967 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.359993935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360023975 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.360745907 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360758066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360778093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360791922 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.360800028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360821962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360825062 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.360833883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360852957 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360863924 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360867977 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.360884905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.360899925 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.360927105 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.361625910 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.361638069 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.361656904 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.361677885 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.361687899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.361699104 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.361706018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.361726046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.361738920 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.361767054 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.446382046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446391106 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446408033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446418047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446434021 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446443081 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446456909 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446492910 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.446499109 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446532965 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.446574926 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.446705103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446715117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446732998 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446743011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446760893 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.446799994 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.446942091 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446953058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446969032 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.446993113 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.447000027 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447010994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447032928 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447046041 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.447048903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447066069 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447074890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447081089 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.447118044 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.447496891 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447508097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447529078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447550058 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.447552919 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447567940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447571993 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.447588921 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447613955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447617054 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.447624922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447643042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447652102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.447674990 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.447716951 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.448112011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448123932 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448142052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448164940 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.448184967 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.448199987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448210955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448219061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448239088 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448251009 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.448285103 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.448323965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448334932 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448355913 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448365927 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448383093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448391914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448395967 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.448411942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448426008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.448435068 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.448482990 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.449028015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449057102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449070930 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449098110 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.449117899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449129105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449146032 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449156046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449162006 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.449203968 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.449227095 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449237108 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449254036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449264050 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449279070 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.449285030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449294090 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.449309111 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.449336052 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.451370955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451380968 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451410055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451416969 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.451443911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451453924 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451457024 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.451499939 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.451667070 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451677084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451697111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451705933 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451715946 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.451725960 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451735020 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451751947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451761007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451765060 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.451783895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451796055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.451807976 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.451834917 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.452140093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452227116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452239990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452250957 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452263117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452267885 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.452291965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452296019 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.452302933 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452323914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452333927 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452342033 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.452353954 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452363968 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452379942 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.452405930 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.452817917 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452836037 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.452867031 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.491205931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.491215944 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.491236925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.491290092 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.491342068 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.534970045 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.534991980 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535007954 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535022974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535032034 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535048008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535062075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535072088 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535079002 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535096884 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535105944 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535119057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535130024 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535135984 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535151005 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535159111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535170078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535182953 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535187006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535207033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535209894 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535218000 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535237074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535245895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535263062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535273075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535283089 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535293102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535303116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535316944 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535325050 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535345078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535348892 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535356998 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535373926 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535373926 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535394907 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535418987 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535424948 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535438061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535451889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535463095 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535474062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535485029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535497904 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535507917 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535517931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535535097 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535567045 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535569906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535582066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535602093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535618067 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535639048 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535649061 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535649061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535676003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535685062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535687923 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535706043 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535713911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535727978 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535731077 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535761118 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535767078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535777092 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535815954 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535825014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535840034 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535857916 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535870075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535878897 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535890102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535900116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.535906076 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.535954952 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536056042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536066055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536083937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536103964 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536108017 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536115885 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536134005 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536175013 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536189079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536201000 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536217928 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536230087 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536237955 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536247015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536263943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536293030 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536320925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536329031 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536335945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536353111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536381006 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536386967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536396980 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536416054 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536426067 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536429882 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536458015 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536516905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536560059 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536634922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536644936 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536668062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536678076 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536685944 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536694050 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536711931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536720991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536724091 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536739111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536748886 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536755085 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536770105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536780119 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536781073 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536799908 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536807060 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536813974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536859989 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536890984 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536900043 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536916018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536937952 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536947966 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536957979 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.536966085 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.536977053 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537005901 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.537022114 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537035942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537054062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537075043 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.537079096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537089109 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537107944 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537111998 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.537121058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537139893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537158012 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.537179947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537199020 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.537226915 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.537785053 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537909031 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537916899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537933111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537945986 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537961006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537961960 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.537978888 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.537988901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.538003922 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.538033009 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.580631018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.580678940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.580688000 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.580740929 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.580745935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.580750942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.580756903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.580897093 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.623595953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623604059 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623609066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623615980 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623620987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623626947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623631954 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623680115 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623686075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623697042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623701096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623784065 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.623841047 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.623847008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623872995 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623882055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623924017 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.623959064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623969078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623974085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.623991966 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624001980 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624011993 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624043941 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624116898 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624128103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624145985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624154091 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624167919 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624171019 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624182940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624195099 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624202967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624222994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624232054 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624233007 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624250889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624260902 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624275923 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624284983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624296904 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624300957 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624314070 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624322891 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624324083 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624346018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624355078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624365091 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624372005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624398947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624403000 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624409914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624423981 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624429941 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624449015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624458075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624460936 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624475956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624496937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624500990 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624511957 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624528885 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624528885 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624542952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624569893 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624574900 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624584913 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624602079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624613047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624614954 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624656916 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624732971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624742985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624759912 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624779940 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624795914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624805927 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624823093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624833107 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624844074 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624883890 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624912977 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624922991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624959946 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.624983072 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.624993086 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625009060 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625030041 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625051975 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625061035 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625072002 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625088930 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625099897 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625111103 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625118017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625128031 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625147104 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625148058 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625159025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625175953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625178099 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625190973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625200033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625206947 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625236988 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625731945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625740051 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625766993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625778913 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625808954 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625833035 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625843048 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625857115 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625869989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625885963 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625904083 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625919104 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625929117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625942945 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625946045 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625957966 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625971079 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.625983000 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.625994921 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626003027 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.626013994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626024008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626025915 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.626068115 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.626653910 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626704931 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.626734018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626743078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626785994 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.626785994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626801014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626816988 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626832962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626847029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626857042 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.626873016 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626895905 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.626895905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.626919985 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.627018929 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627029896 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627047062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627065897 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627068996 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.627078056 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627094984 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627106905 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.627134085 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.627732992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627743006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627758980 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627768993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627791882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627804995 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627806902 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.627819061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627830029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.627837896 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.627861977 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.668235064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.668242931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.668252945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.668301105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.668311119 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.668320894 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.668329954 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.668343067 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.668349981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.668406963 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712184906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712194920 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712213039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712261915 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712266922 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712275028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712295055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712306023 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712321997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712327003 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712332010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712348938 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712351084 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712359905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712388039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712393045 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712399006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712414026 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712434053 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712445021 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712450981 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712511063 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712515116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712526083 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712563992 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712646008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712666035 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712675095 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712688923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712712049 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712719917 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712738037 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712744951 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712748051 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712762117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712769985 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712788105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712798119 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712802887 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712821007 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712821007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712836981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712855101 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712862015 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712863922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712884903 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712888956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712907076 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712919950 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712927103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712938070 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712953091 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712963104 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.712971926 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.712984085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713018894 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713043928 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713054895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713072062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713097095 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713138103 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713622093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713630915 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713648081 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713665962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713676929 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713680029 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713694096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713706017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713718891 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713728905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713738918 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713741064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713758945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713778019 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713788033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713805914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713805914 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713819981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713850975 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713854074 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713861942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713876009 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713879108 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713892937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713903904 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713917971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.713924885 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713954926 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.713999033 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714013100 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714027882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714046001 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714055061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714071035 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714080095 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714081049 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714098930 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714101076 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714112997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714127064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714145899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714157104 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714162111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714171886 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714176893 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714189053 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714209080 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714211941 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714235067 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714270115 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714346886 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714385986 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714396954 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714411974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714432001 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714433908 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714443922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714454889 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714463949 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714498997 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.714899063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.714966059 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.715012074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715020895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715025902 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715039968 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715049982 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715069056 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715075970 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.715078115 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715116978 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.715689898 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715739012 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715744972 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.715760946 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715770960 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715822935 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.715859890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715869904 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715894938 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715908051 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715912104 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.715924978 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715934038 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.715948105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715958118 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715975046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.715984106 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.715986013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716002941 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716012955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716033936 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.716087103 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.716703892 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716715097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716732025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716753006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716763020 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716773987 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.716779947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716794014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716803074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.716810942 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.716850042 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.756783962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.756795883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.756817102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.756844997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.756845951 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.756855011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.756877899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.756887913 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.756890059 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.756911039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.756942987 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.756978989 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.800707102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800717115 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800721884 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800745010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800754070 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800772905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800790071 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800791979 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.800806999 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800817013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800831079 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.800883055 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.800905943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800916910 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800926924 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800950050 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800950050 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.800961971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800976992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800987959 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.800997019 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801009893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801040888 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801042080 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801057100 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801071882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801085949 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801100016 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801115990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801126003 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801153898 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801177025 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801215887 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801225901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801273108 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801310062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801321030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801338911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801350117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801366091 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801369905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801398993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801399946 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801410913 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801434994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801436901 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801445961 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801471949 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801474094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801484108 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801503897 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801506996 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801513910 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801532030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801539898 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801543951 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801558971 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801561117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801583052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801594973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801604033 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801615953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801635981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801646948 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801651001 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801666975 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801696062 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801736116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801747084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801764965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801774025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801789045 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801793098 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801804066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801831007 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801837921 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801847935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801865101 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801867008 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801879883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801889896 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801898956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801918983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801935911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.801937103 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.801971912 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802000046 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802365065 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802457094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802464962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802481890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802490950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802509069 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802515030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802535057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802546024 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802551031 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802562952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802568913 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802576065 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802598953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802608013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802618027 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802625895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802638054 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802655935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802658081 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802690983 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802855015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802875996 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802886009 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802910089 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802934885 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802936077 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802947044 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802967072 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802977085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.802990913 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.802994013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803020000 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.803445101 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803455114 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803472996 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803503990 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.803544044 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803551912 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.803555012 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803575993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803586006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803597927 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.803606033 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.803642035 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.804774046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804783106 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804788113 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804830074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804841042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804842949 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.804861069 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804871082 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804908037 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.804915905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804929018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804944038 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.804948092 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804956913 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804976940 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.804981947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.804996967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805011034 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805028915 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805031061 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.805039883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805056095 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.805075884 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.805248022 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805269957 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805279970 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805304050 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.805326939 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.805332899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805344105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805366993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805375099 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805387974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.805406094 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.805430889 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.845330954 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.845346928 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.845364094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.845372915 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.845377922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.845386028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.845392942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.845582962 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.845668077 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889157057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889192104 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889194965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889286041 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889301062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889350891 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889370918 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889379978 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889389038 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889398098 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889417887 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889424086 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889430046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889447927 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889456987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889472008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889481068 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889487982 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889499903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889508963 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889528036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889537096 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889571905 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889601946 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889605045 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889636040 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889645100 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889672041 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889682055 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889684916 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889714956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889723063 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889724970 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889745951 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889761925 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889807940 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889863968 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889874935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889890909 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889913082 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.889975071 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889986038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.889991045 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890005112 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890016079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890031099 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890033007 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890043974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890064001 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890069008 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890074015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890094042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890100002 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890108109 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890122890 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890162945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890176058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890180111 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890191078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890209913 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890218973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890223026 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890238047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890265942 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890296936 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890310049 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890321016 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890340090 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890366077 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890369892 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890381098 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890402079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890419960 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890430927 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890434027 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890450954 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890475988 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890517950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890527010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890546083 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890577078 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890602112 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890604973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890616894 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890631914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890647888 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890674114 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890710115 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.890919924 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890928984 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890948057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.890976906 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.891073942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891083956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891108036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891119003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891133070 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.891139030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891149998 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891168118 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891170979 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.891177893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891191959 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.891200066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891210079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891215086 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.891227961 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891237020 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.891244888 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.891278028 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892086029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892139912 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892165899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892174006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892196894 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892211914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892221928 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892220974 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892241955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892251015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892255068 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892290115 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892306089 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892343998 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892400026 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892407894 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892426014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892436028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892450094 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892452002 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892472982 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892481089 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892489910 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892509937 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892849922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892859936 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892901897 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.892972946 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.892983913 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893002033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893009901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893024921 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893032074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893045902 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893052101 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893088102 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893125057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893136024 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893156052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893173933 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893198013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893208981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893212080 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893224955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893234015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893246889 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893250942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893270969 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893790007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893843889 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893923044 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893930912 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893937111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893954039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893961906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893980980 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.893985033 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.893990040 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.894021034 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.933849096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.933860064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.933864117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.933871984 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.933876038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.933880091 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.933886051 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.933891058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.934042931 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.978724003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.978815079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.978826046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.978844881 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.978853941 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.978878975 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.978931904 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.978972912 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.978985071 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979001999 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979012012 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979021072 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979028940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979043007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979065895 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979101896 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979110003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979121923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979139090 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979149103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979171991 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979204893 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979293108 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979302883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979321957 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979331017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979348898 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979350090 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979367018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979371071 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979393959 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979419947 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979437113 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979443073 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979450941 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979469061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979479074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979496002 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979516983 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979582071 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979593039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979651928 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979723930 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979734898 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979749918 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979779959 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979868889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979880095 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979897976 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979907036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979924917 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979928017 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979935884 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979954958 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.979962111 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.979984999 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980029106 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980036974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980046034 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980051994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980070114 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980078936 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980088949 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980098963 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980113029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980129957 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980146885 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980178118 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980187893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980225086 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980340004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980350971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980367899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980377913 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980396032 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980397940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980437994 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980468035 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980499983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980520010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980530024 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980545998 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980555058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980566025 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980573893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980583906 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980623960 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980659008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980669022 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980681896 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980745077 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980848074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980859041 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980880022 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980889082 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980902910 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980917931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980928898 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980930090 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980948925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980957031 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.980969906 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.980993032 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.981414080 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.981425047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.981443882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.981453896 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.981473923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.981475115 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.981487989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.981511116 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.981539011 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.981559038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.981568098 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.981606960 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.982465029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.982475996 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.982494116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.982527971 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.982556105 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.982593060 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.982603073 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.982651949 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.982729912 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.982745886 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.982753992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.982810974 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.983171940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983181953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983200073 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983208895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983225107 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983227968 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.983263969 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.983309984 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.983344078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983354092 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983371973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983397961 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983409882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983427048 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983428955 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.983437061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983452082 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.983469009 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983474970 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.983484983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983494997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.983510017 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.984093904 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984124899 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.984236956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984246969 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984251022 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984268904 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984278917 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984297037 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984299898 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.984309912 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984334946 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.984364986 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.984370947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984385967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984400034 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984412909 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984428883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984437943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984446049 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.984487057 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:47.984508038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984528065 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:47.984580040 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.026549101 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.026559114 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.026568890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.026602030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.026612997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.026629925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.026639938 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.026668072 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.026725054 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067028999 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067038059 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067054987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067094088 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067099094 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067110062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067126036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067126989 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067143917 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067166090 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067169905 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067177057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067189932 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067198038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067209005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067212105 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067234039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067244053 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067260027 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067260981 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067280054 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067671061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067687988 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067722082 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067785025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067795992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067814112 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067831039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067837000 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067842960 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067858934 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067883968 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067890882 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067895889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067914963 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067939997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067949057 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067950010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067969084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067979097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.067990065 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.067996979 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068011045 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068025112 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068046093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068048000 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068058014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068075895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068089962 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068113089 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068155050 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068166018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068183899 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068192005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068212032 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068243027 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068707943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068768024 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068774939 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068803072 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068806887 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068814039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068839073 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068844080 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068854094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068870068 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068877935 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068912983 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.068927050 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068936110 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068952084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.068979025 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.069015026 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.069025993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.069044113 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.069053888 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.069056988 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.069072962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.069081068 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.069118977 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.070353985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070373058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070382118 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070410013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070415974 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.070421934 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070444107 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070453882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070457935 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.070466042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070482969 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.070493937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070504904 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.070513964 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070522070 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070538998 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070549011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070558071 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.070570946 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070578098 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.070581913 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070602894 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070611954 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.070617914 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.070640087 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.071146011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071182966 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071196079 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.071228981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071274042 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.071285963 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071299076 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071316957 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071326017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071342945 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.071362019 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071363926 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.071382046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071412086 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071430922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071438074 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.071441889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071466923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071475983 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.071484089 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071494102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071499109 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.071512938 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.071537018 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072225094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072276115 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072315931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072324991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072329998 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072356939 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072366953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072369099 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072385073 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072395086 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072412014 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072429895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072434902 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072443962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072460890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072474003 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072479010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072495937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072506905 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072520018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072530985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072535992 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072551012 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072570086 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072592974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072602034 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072618961 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072635889 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072664022 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072676897 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072686911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072702885 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072711945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072726965 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072731018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072746992 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.072973013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.072993040 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.073002100 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.073020935 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.073049068 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.073059082 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.073069096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.073086023 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.073106050 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.073115110 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.073117018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.073144913 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.115112066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.115133047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.115142107 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.115158081 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.115166903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.115184069 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.115194082 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.115195036 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.115214109 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.115216017 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.115253925 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.158122063 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.160780907 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160789967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160805941 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160836935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160842896 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.160859108 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160870075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160876989 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.160888910 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160898924 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160917044 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160918951 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.160934925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160939932 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.160955906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160965919 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160984993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.160986900 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.160995007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161007881 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161015987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161025047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161043882 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161047935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161057949 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161078930 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161091089 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161101103 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161108017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161127090 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161139965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161158085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161163092 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161169052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161187887 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161195040 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161205053 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161228895 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161231041 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161247015 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161251068 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161262989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161283970 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161293983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161307096 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161322117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161333084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161341906 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161356926 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161365986 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161367893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161389112 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161405087 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161406040 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161422968 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161436081 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161442995 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161462069 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161467075 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161474943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161498070 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161505938 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161514997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161535978 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161545992 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161552906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161572933 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161595106 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161581039 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161609888 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161621094 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161627054 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161643028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161660910 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161665916 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161684990 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161689997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161703110 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161708117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161726952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161740065 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161758900 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161771059 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161770105 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161794901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161796093 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161812067 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161814928 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161830902 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161843061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161854029 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161865950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161875963 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161890984 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161895037 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161907911 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161911011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161937952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161947966 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161958933 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.161974907 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161986113 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.161994934 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162009001 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162020922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162031889 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162040949 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162064075 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162071943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162084103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162098885 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162112951 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162120104 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162128925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162141085 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162148952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162162066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162177086 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162183046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162195921 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162214041 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162219048 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162235022 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162241936 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162254095 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162280083 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162288904 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162302017 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162307978 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162323952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162333965 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162347078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162353992 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162364006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162384033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162394047 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162395000 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162420034 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162432909 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162435055 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162455082 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162463903 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162472010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162497997 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162499905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162513018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162528992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162539005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162554026 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162561893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162575006 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162579060 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162590027 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162610054 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162612915 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162633896 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162636995 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162653923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162669897 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162679911 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162688971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162704945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162717104 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162741899 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162805080 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162818909 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162837029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162847042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162866116 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162870884 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162887096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162888050 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162906885 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162918091 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.162928104 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.162955999 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.203994036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.204015017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.204022884 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.204030991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.204039097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.204046011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.204055071 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.204133987 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244214058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244229078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244265079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244286060 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244292021 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244304895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244316101 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244335890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244357109 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244368076 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244383097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244416952 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244425058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244446039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244467020 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244472027 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244498014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244507074 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244522095 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244544029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244561911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244565964 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244595051 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244612932 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.244941950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244972944 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244990110 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.244996071 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245024920 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245033979 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245044947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245088100 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245131016 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245146990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245183945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245197058 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245213985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245234966 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245250940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245261908 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245277882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245285034 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245300055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245321989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245342970 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245351076 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245379925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245393991 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245409012 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245428085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245445013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245450020 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245470047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245488882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245488882 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245512962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245529890 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245532036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245558977 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245574951 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245579004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.245615959 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.245974064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246064901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246078014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246104002 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246115923 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.246124029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246149063 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.246150017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246181011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246191978 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.246201038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246226072 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246243954 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.246253967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246275902 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246295929 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246298075 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.246320009 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246336937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246337891 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.246361971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.246381044 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.247611046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247626066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247659922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247663021 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.247683048 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247701883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247705936 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.247735023 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247741938 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.247756004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247790098 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247796059 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.247814894 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247833967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247859955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247859955 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.247891903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247901917 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.247911930 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247939110 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.247953892 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.248629093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248682022 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.248723984 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248737097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248763084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248785973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248785973 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.248816967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248826981 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.248836994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248862028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248879910 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248893976 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.248903990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248917103 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.248929024 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248948097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248975039 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.248975992 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.248996973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.249016047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.249021053 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.249057055 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.250847101 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.250891924 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.250936031 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.250989914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251013994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251044989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251055956 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251075983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251095057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251125097 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251127958 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251147985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251172066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251178026 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251203060 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251218081 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251241922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251262903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251290083 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251290083 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251311064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251339912 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251343012 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251362085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251415014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251430035 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251430988 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251460075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251466990 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251480103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251502991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251507998 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251524925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251548052 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251549006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251560926 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251590014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251591921 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251610041 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251632929 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251635075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251656055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251677990 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.251678944 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.251769066 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.292205095 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.292313099 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.292319059 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.292327881 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.292342901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.292357922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.292383909 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.292390108 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.292402029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.292421103 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.292460918 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494508028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494538069 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494546890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494563103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494573116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494590998 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494595051 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494601011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494616032 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494637966 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494637966 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494682074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494690895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494708061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494718075 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494719028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494735956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494745970 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494750977 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494766951 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494772911 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494779110 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494797945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494797945 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494807959 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494827032 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494829893 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494837046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494853020 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494858980 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494869947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494887114 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494889021 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494906902 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494916916 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494923115 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494935036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494944096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494952917 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494961023 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494971037 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.494982004 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.494993925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495002031 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495007038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495022058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495035887 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495035887 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495049953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495060921 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495075941 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495076895 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495091915 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495093107 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495107889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495114088 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495124102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495137930 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495151043 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495157003 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495166063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495178938 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495201111 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495208025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495220900 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495222092 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495234013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495245934 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495253086 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495265007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495281935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495290041 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495300055 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495300055 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495306969 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495317936 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495325089 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495333910 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495352983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495367050 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495388985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495407104 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495419979 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495433092 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495431900 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495449066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495455027 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495464087 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495482922 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495482922 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495495081 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495510101 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495513916 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495527983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495548964 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495553017 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495562077 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495572090 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495579004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495589972 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495605946 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495608091 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495629072 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495636940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495641947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495644093 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495656967 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495666981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495672941 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495681047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495690107 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495703936 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495713949 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495728970 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495732069 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495742083 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495759964 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495765924 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495765924 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495770931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495786905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495803118 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495806932 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495816946 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495831013 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495837927 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495847940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495867014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495874882 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495874882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495898008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495898008 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495908022 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495914936 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495929003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495937109 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495954037 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495959997 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495965004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495978117 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.495980024 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.495997906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496006966 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496011972 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496027946 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496037006 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496047974 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496053934 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496078014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496081114 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496098042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496105909 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496109962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496124983 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496135950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496145010 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496154070 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496170044 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496184111 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496185064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496200085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496211052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496213913 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496233940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496243000 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496244907 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496260881 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496277094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496280909 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496289015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496300936 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496308088 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496324062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496335983 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496339083 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496354103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496365070 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496371031 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496387005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496395111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496398926 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496408939 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496418953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496438026 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496448040 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496443033 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496465921 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496468067 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496478081 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496480942 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496495962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496506929 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496517897 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496531010 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496536970 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496550083 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496558905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496571064 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496577978 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496587992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496597052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496614933 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496618986 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496623993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496640921 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496644974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496654987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496663094 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496674061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496684074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496691942 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496701956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496711969 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496732950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496733904 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496742010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496761084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496762037 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496771097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496779919 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496792078 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496800900 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496819973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496820927 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496829033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496841908 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496848106 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496861935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496865988 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496876001 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496895075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496902943 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496903896 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496923923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496932030 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496933937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496953011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496961117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496965885 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496965885 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.496969938 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496989965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.496999979 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497014999 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497016907 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497026920 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497037888 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497041941 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497056007 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497060061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497076035 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497091055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497095108 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497101068 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497114897 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497122049 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497132063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497148991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497154951 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497159004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497175932 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497179985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497191906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497211933 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497210979 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497220993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497235060 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497240067 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497252941 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497267008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497267962 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497277021 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497292042 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497296095 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497306108 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497308969 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497323036 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497332096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497349977 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497349977 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497360945 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497379065 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497379065 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497407913 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497435093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497446060 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497447968 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497459888 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497478008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497488022 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497488022 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497505903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497508049 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497518063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497530937 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497539043 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497549057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497566938 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497571945 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497576952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497590065 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497596025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497617960 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497618914 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497628927 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497642994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497662067 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497664928 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497673988 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497684956 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497695923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497705936 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497723103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497724056 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497733116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497745991 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497752905 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497764111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497777939 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497782946 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497797012 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497802019 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497812986 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497829914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497838974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497845888 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497857094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497865915 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497868061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497886896 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497895956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497900009 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497915030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497925997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497925997 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497942924 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497948885 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497961044 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497971058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497988939 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497997999 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.497997999 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.497997999 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498016119 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498022079 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498027086 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498045921 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498049974 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498060942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498064995 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498078108 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498089075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498106956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498112917 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498126030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498135090 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498142004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498158932 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498167992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498177052 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498184919 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.498198986 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498228073 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.498275995 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.499483109 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.499491930 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.499516010 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.499526978 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.499541044 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.499547005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.499557972 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.499566078 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.499665976 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.509867907 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.509877920 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.509897947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.509947062 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.509952068 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.509963989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.509983063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510001898 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510003090 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510015965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510029078 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510035992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510051012 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510057926 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510070086 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510088921 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510099888 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510102987 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510122061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510130882 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510132074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510153055 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510164976 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510194063 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510581970 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510593891 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510617018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510632038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510633945 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510646105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510664940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510679007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510679960 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510696888 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510713100 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510737896 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510838985 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510849953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510869026 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510890961 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510937929 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510947943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510967016 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510977030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.510991096 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.510998011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511012077 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511013031 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511034012 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511039972 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511055946 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511065960 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511079073 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511085987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511100054 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511101961 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511121988 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511132956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511149883 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511152983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511173010 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511709929 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511761904 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511816978 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511826992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511852026 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511862993 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511868954 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511881113 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511892080 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511909962 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511910915 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511921883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.511931896 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511976004 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.511986017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.512087107 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.512095928 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.512115955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.512125969 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.512135029 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.512149096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.512160063 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.512160063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.512188911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.512192011 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.512232065 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.513453960 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513464928 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513484955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513508081 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.513540030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513550043 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513569117 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513585091 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.513592005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513607025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513608932 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.513623953 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513644934 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513648033 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.513660908 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513678074 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513689995 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513689995 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.513710022 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513719082 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.513727903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513744116 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.513753891 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.513787985 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.514966965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.514976025 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515000105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515013933 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515021086 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.515032053 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515044928 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515065908 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.515095949 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.515109062 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515130043 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515146971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515161991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515173912 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.515182018 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515192986 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515206099 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.515213966 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515225887 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515239000 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.515245914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515261889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.515264034 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.515305042 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517319918 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517329931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517352104 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517366886 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517376900 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517393112 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517395973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517407894 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517419100 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517427921 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517438889 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517477989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517477989 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517580032 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517597914 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517621994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517626047 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517632961 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517659903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517667055 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517669916 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517689943 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517700911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517704010 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517724991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517726898 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517738104 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517756939 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517767906 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517770052 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517792940 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517798901 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.517805099 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.517832041 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.518016100 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.518027067 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.518050909 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.518064022 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.518070936 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.518080950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.518091917 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.518099070 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.518120050 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.518129110 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.518129110 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.518177032 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.558212042 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.558239937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.558252096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.558307886 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.558346987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.558357000 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.558374882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.558383942 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.558399916 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.558403015 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.558439970 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.598557949 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598598003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598648071 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598659992 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598674059 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598731995 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598742008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598742008 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.598762989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598773003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598789930 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.598803043 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598813057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598823071 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598840952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598843098 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.598843098 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.598851919 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598869085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.598890066 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.598917961 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599204063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599294901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599303007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599319935 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599328995 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599342108 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599348068 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599359035 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599375010 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599379063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599406958 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599416971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599420071 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599420071 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599442005 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599452019 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599476099 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599478960 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599493027 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599495888 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599505901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599538088 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599579096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599625111 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599639893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599649906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599669933 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599689007 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599690914 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599699020 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599718094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599734068 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.599769115 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.599770069 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.600332975 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600382090 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.600395918 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600404978 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600420952 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600433111 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600449085 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.600454092 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600464106 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600472927 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.600481987 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600506067 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.600598097 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600646973 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600649118 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.600656033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600697994 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.600739956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600750923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600769997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600779057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600792885 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.600799084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.600822926 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.602026939 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602034092 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602054119 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602075100 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.602107048 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.602169991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602181911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602197886 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602209091 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602221012 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.602232933 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602242947 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602260113 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602267981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602276087 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.602276087 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.602292061 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602300882 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602319956 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602327108 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.602329016 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602349997 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.602350950 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.602385044 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.603485107 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603496075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603508949 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603539944 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.603547096 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603559017 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603560925 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.603579044 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603589058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603602886 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.603607893 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603626013 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.603662014 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603672028 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603688955 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603698969 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603713036 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.603717089 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603727102 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603729963 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.603760004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.603765965 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.603802919 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.605948925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.605967045 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.605976105 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.605992079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606002092 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606010914 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606019020 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606029987 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606039047 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606060982 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606101990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606112003 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606153011 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606189013 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606204033 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606213093 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606234074 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606235027 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606249094 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606256008 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606266975 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606276989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606290102 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606297016 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606312037 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606317997 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606328964 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606345892 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606355906 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606363058 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606373072 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606384039 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606417894 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606533051 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606630087 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606652021 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606662035 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606676102 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606679916 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606694937 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606702089 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606709957 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606725931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.606734037 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.606767893 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.646792889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.646802902 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.646820068 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.646828890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.646850109 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.646859884 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.646862030 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.646862030 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.646919012 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.646922112 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.646929026 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.646971941 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687292099 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687319994 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687328100 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687361956 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687371016 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687381983 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687422991 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687433004 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687437057 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687438011 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687457085 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687467098 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687474966 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687496901 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687506914 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687514067 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687531948 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687541008 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687555075 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687558889 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687568903 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687572956 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687609911 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687731981 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687766075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687776089 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687794924 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687803984 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687808990 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687834024 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687874079 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687884092 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687900066 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687923908 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687953949 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.687969923 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687980890 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.687995911 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688004971 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688024044 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688026905 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.688034058 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688050032 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.688056946 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688066959 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688080072 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.688097000 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.688285112 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688344002 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688359976 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688369989 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688389063 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688397884 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.688400030 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688417912 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688422918 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.688431978 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688438892 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.688472033 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.688882113 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688958883 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688966990 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688985109 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.688993931 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689007998 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.689013958 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689024925 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689029932 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.689042091 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689053059 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.689079046 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689085007 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.689162970 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689172029 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689191103 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689212084 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689213037 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.689229965 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689239979 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689249039 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.689260960 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.689281940 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.689305067 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.690551996 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690618038 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690644979 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690661907 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.690700054 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690710068 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690726995 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690756083 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690752983 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.690772057 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690778971 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.690787077 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690807104 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.690845966 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690887928 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.690896988 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690920115 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.690962076 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.912735939 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:48.917787075 CEST	7615	49732	170.187.160.42	192.168.2.4
Oct 1, 2024 05:38:48.917836905 CEST	49732	7615	192.168.2.4	170.187.160.42
Oct 1, 2024 05:38:51.253302097 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:51.258117914 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.258196115 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:51.259083033 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:51.263811111 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.738871098 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.738886118 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.738907099 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.738941908 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:51.743577957 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:51.748363972 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.748511076 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:51.753266096 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.885313034 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.891813993 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:51.896617889 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.986690998 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:51.987076044 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:51.991861105 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:52.083678961 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:52.084213018 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:52.088977098 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:52.089037895 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:52.093792915 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:52.222735882 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:52.223051071 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:52.227843046 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:52.318264008 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:52.323079109 CEST	49733	7615	192.168.2.4	139.144.234.209
Oct 1, 2024 05:38:52.328491926 CEST	7615	49733	139.144.234.209	192.168.2.4
Oct 1, 2024 05:38:52.328538895 CEST	49733	7615	192.168.2.4	139.144.234.209

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 05:38:45.352632046 CEST	62452	53	192.168.2.4	1.1.1.1
Oct 1, 2024 05:38:45.378314018 CEST	53	62452	1.1.1.1	192.168.2.4
Oct 1, 2024 05:38:46.098094940 CEST	58081	53	192.168.2.4	1.1.1.1
Oct 1, 2024 05:38:46.112211943 CEST	53	58081	1.1.1.1	192.168.2.4
Oct 1, 2024 05:38:51.226778984 CEST	63833	53	192.168.2.4	1.1.1.1
Oct 1, 2024 05:38:51.250483036 CEST	53	63833	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 1, 2024 05:38:45.352632046 CEST	192.168.2.4	1.1.1.1	0x84da	Standard query (0)	networkstart-ivfqcxy.islonline.net	A (IP address)	IN (0x0001)	false
Oct 1, 2024 05:38:46.098094940 CEST	192.168.2.4	1.1.1.1	0x6eaf	Standard query (0)	networkstart-myipaicohlcbpwnb.islonline.net	A (IP address)	IN (0x0001)	false
Oct 1, 2024 05:38:51.226778984 CEST	192.168.2.4	1.1.1.1	0x7afa	Standard query (0)	isllight-myipaicohlcbrbhl.islonline.net	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Oct 1, 2024 05:38:45.378314018 CEST	1.1.1.1	192.168.2.4	0x84da	No error (0)	networkstart-ivfqcxy.islonline.net	195.201.59.111	A (IP address)	IN (0x0001)	false
Oct 1, 2024 05:38:46.112211943 CEST	1.1.1.1	192.168.2.4	0x6eaf	No error (0)	networkstart-myipaicohlcbpwnb.islonline.net	170.187.160.42	A (IP address)	IN (0x0001)	false
Oct 1, 2024 05:38:51.250483036 CEST	1.1.1.1	192.168.2.4	0x7afa	No error (0)	isllight-myipaicohlcbrbhl.islonline.net	139.144.234.209	A (IP address)	IN (0x0001)	false

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	195.201.59.111	7615	7564	C:\Users\user\Desktop\$RMH4FA8.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 05:38:46.026658058 CEST	1236	IN	HTTP/1.0 200 OK Connection-Data: Y3BfcHJvdG9jb2wLATEtMzUEAWdyaWRfaWQHATQ0MGNjYzE1Nzk1MzE4Y2UyYTJhYzE4MWI1ZmU0OWU3NWU1MDViMTZmYjcwMjZlZDVmMGQzNmUwZGFhZjliNThlZGFlYmNhOGUyMTIwNmM3YWFkNGQ4MzkxNjY4MjU3NTVjNjE1MTNlYjAyOTMxZGY5NjlhMDZjNGQzN2YzMjgzgAFncmlkX25hbWUJAUlTTCBPbmxpbmUgTmV0d29yaxIBa2V5X2NzBgEtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0NCk1JSUJqakNCK0FJSkFOaXdqU3VKdnZKak1BMEdDU3FHU0liM0RRRUJCUVVBTUF3eENqQUlCZ05WQkFNVEFURXcNCkhoY05NRGt3TVRJek1EZzBPVFExV2hjTk16WXdOakE1TURnME9UUTFXakFNTVFvd0NBWURWUVFERXdFeE1JR2YNCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FES2VYT1BtLzAvcFU3M2dsNWd5b24rek9DdlVUdVANCktyWVRVOTRHMU16QjVTbFZVandhS0ZIZkNiZWZnK0prZUNmbzhOTHQrc3JpTzFMQXBwQ0ttTGhMZWNmMEtOUU4NCm8zeHJ6MUhFamFDYXFrY1hhZ3dKZWhxN0tFUUltNzNxOEJnbnFIbk55QVVDcFdnMkpvdkVNQWNYRFFZK09FZG4NCkdaRjFJd001VEVSMWx3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUJmd0ZnZHNuaTNVb295VTZTWjQNCjBDSmhXZHUzZUEvaEM4WFl1SUdhUmRrMU5KbG5JdUttMzNFcG16MG5FKzY0V1N0K3d6MURLODlQS1FXWFVlUlUNCnVTeks1UlFtSHFON2ZBenpYSmhYT0gvT0RIVlpzcVRUL0RweXBqSGVvVUVhRDJFM2pHcnFhSDZNOENPdGJ2ckMNCkY [TRUNCATED] Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49732	170.187.160.42	7615	7564	C:\Users\user\Desktop\$RMH4FA8.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 05:38:46.624284029 CEST	1236	IN	HTTP/1.0 200 OK Connection-Data: Y3BfcHJvdG9jb2wLATEtMzUEAWdyaWRfaWQHATQ0MGNjYzE1Nzk1MzE4Y2UyYTJhYzE4MWI1ZmU0OWU3NWU1MDViMTZmYjcwMjZlZDVmMGQzNmUwZGFhZjliNThlZGFlYmNhOGUyMTIwNmM3YWFkNGQ4MzkxNjY4MjU3NTVjNjE1MTNlYjAyOTMxZGY5NjlhMDZjNGQzN2YzMjgzgAFncmlkX25hbWUJAUlTTCBPbmxpbmUgTmV0d29yaxIBa2V5X2NzBgEtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0NCk1JSUJqakNCK0FJSkFOaXdqU3VKdnZKak1BMEdDU3FHU0liM0RRRUJCUVVBTUF3eENqQUlCZ05WQkFNVEFURXcNCkhoY05NRGt3TVRJek1EZzBPVFExV2hjTk16WXdOakE1TURnME9UUTFXakFNTVFvd0NBWURWUVFERXdFeE1JR2YNCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FES2VYT1BtLzAvcFU3M2dsNWd5b24rek9DdlVUdVANCktyWVRVOTRHMU16QjVTbFZVandhS0ZIZkNiZWZnK0prZUNmbzhOTHQrc3JpTzFMQXBwQ0ttTGhMZWNmMEtOUU4NCm8zeHJ6MUhFamFDYXFrY1hhZ3dKZWhxN0tFUUltNzNxOEJnbnFIbk55QVVDcFdnMkpvdkVNQWNYRFFZK09FZG4NCkdaRjFJd001VEVSMWx3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUJmd0ZnZHNuaTNVb295VTZTWjQNCjBDSmhXZHUzZUEvaEM4WFl1SUdhUmRrMU5KbG5JdUttMzNFcG16MG5FKzY0V1N0K3d6MURLODlQS1FXWFVlUlUNCnVTeks1UlFtSHFON2ZBenpYSmhYT0gvT0RIVlpzcVRUL0RweXBqSGVvVUVhRDJFM2pHcnFhSDZNOENPdGJ2ckMNCkY [TRUNCATED] Data Raw: Data Ascii:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49733	139.144.234.209	7615	7664	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 05:38:51.738871098 CEST	1236	IN	HTTP/1.0 200 OK Connection-Data: Y3BfcHJvdG9jb2wLATEtMzUEAWdyaWRfaWQHATQ0MGNjYzE1Nzk1MzE4Y2UyYTJhYzE4MWI1ZmU0OWU3NWU1MDViMTZmYjcwMjZlZDVmMGQzNmUwZGFhZjliNThlZGFlYmNhOGUyMTIwNmM3YWFkNGQ4MzkxNjY4MjU3NTVjNjE1MTNlYjAyOTMxZGY5NjlhMDZjNGQzN2YzMjgzgAFncmlkX25hbWUJAUlTTCBPbmxpbmUgTmV0d29yaxIBa2V5X2NzBgEtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0NCk1JSUJqakNCK0FJSkFOaXdqU3VKdnZKak1BMEdDU3FHU0liM0RRRUJCUVVBTUF3eENqQUlCZ05WQkFNVEFURXcNCkhoY05NRGt3TVRJek1EZzBPVFExV2hjTk16WXdOakE1TURnME9UUTFXakFNTVFvd0NBWURWUVFERXdFeE1JR2YNCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FES2VYT1BtLzAvcFU3M2dsNWd5b24rek9DdlVUdVANCktyWVRVOTRHMU16QjVTbFZVandhS0ZIZkNiZWZnK0prZUNmbzhOTHQrc3JpTzFMQXBwQ0ttTGhMZWNmMEtOUU4NCm8zeHJ6MUhFamFDYXFrY1hhZ3dKZWhxN0tFUUltNzNxOEJnbnFIbk55QVVDcFdnMkpvdkVNQWNYRFFZK09FZG4NCkdaRjFJd001VEVSMWx3SURBUUFCTUEwR0NTcUdTSWIzRFFFQkJRVUFBNEdCQUJmd0ZnZHNuaTNVb295VTZTWjQNCjBDSmhXZHUzZUEvaEM4WFl1SUdhUmRrMU5KbG5JdUttMzNFcG16MG5FKzY0V1N0K3d6MURLODlQS1FXWFVlUlUNCnVTeks1UlFtSHFON2ZBenpYSmhYT0gvT0RIVlpzcVRUL0RweXBqSGVvVUVhRDJFM2pHcnFhSDZNOENPdGJ2ckMNCkY [TRUNCATED] Data Raw: Data Ascii:

Target ID:	0
Start time:	23:38:43
Start date:	30/09/2024
Path:	C:\Users\user\Desktop\$RMH4FA8.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\$RMH4FA8.exe"
Imagebase:	0x470000
File size:	594'944 bytes
MD5 hash:	BE23DC8179B9AA8DDCFE08BE342C27CB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	23:38:48
Start date:	30/09/2024
Path:	C:\Users\user\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1727760940_7564_7596_541766985\ISL_Light_Client_4_4_2332_44 49919761.exe
Wow64 process (32bit):	true
Commandline:	ISL_Light_Client_4_4_2332_44_49919761.exe
Imagebase:	0xc40000
File size:	1'974'240 bytes
MD5 hash:	D84CB294555A00A98C35FE808177007E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 1%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Function 02707064 Relevance: 9.7, Strings: 6, Instructions: 2198COMMON

Download Yara Rule

Strings

, xrefs: 027079D1, 02707A46, 02707AE3, 02707B4C, 02707BAE, 02707C2A, 02707C68, 02707D6F, 02707E3A, 02707E57, 02707F35, 02707FF4, 02708050, 027080AA, 0270813C, 02708187, 027081EE, 02708280, 027082D7, 0270832F, 027083AB, 027083FC, 0270841E, 0270852A, 02708589, 027085E9, 02708615, 02708667, 02708766, 027087BF, 0270882C, 0270883A, 0270889F, 0270892B, 02708946, 0270899F, 027089EB, 02708A85, 02708ACA
, xrefs: 02707982, 02707A19, 02707A3E, 02707AAD, 02707B05, 02707D00, 02707D82, 02707DBB, 02707E47, 02707ECA, 02707F25, 02707F7F, 02707FD4, 0270805F, 027080C1, 02708116, 0270818F, 02708205, 0270825A, 027082DF, 02708343, 02708392, 027084A8, 02708519, 0270856D, 02708685, 027086ED, 02708749, 02708925, 0270898A, 027089DA, 02708A4C, 02708E23, 02708EBE, 02708F60
, xrefs: 027074B0, 02707507, 02707540, 02707573, 027075AF, 027075EB, 02707642, 0270767B, 027076AE, 027076EA, 02707735, 027077DE, 0270783A, 027079A2, 027079F4, 02707A58, 02707B43, 02707BBB, 02707BF6, 02707C0E, 02707CB9, 02707CF4, 027083DA, 02708419, 0270847F, 02708778, 0270879F, 02708802, 0270887B, 0270890B, 02708951, 02708A5A, 02708AAB, 02708B05, 02708B60, 02708B9A, 02708BC2, 02708C01, 02708C40, 02708C9C, 02708CD0, 02708CFD, 02708D3C, 02708D8C, 02708DE2, 02708E2B, 02708E3E, 02708E9D, 02708ECE, 02708F47
, xrefs: 02707A87, 02707AB3, 02707B17, 02707B6B, 02707C08, 02707C82, 02707CCC, 02707D77, 02707DA5, 02707E15, 02707E93, 02707EF3, 02707FC4, 02708015, 02708074, 02708106, 0270815D, 027081B8, 0270824A, 027082A7, 0270830C, 0270845B, 02708471, 027084ED, 0270854C, 027085EF, 02708690, 027086B6, 0270872C, 02708782, 02708818, 0270886B, 027088E6, 0270893B, 027089D1, 02708A0E, 027078E1
, xrefs: 02707546, 0270757F, 027075B2, 027075EE, 0270762D, 02707685, 027076BA, 027076ED, 02707746, 027077B6, 0270784B, 0270789C, 02707BE6, 02707C17, 02707CB1, 02707D2D, 02707D5A, 027089A7, 027089AA, 027089F8, 02708A69, 02708AEC, 02708B17, 02708B4A, 02708B8B, 02708BC5, 02708C19, 02708C52, 02708C8A, 02708CC1, 02708D00, 02708D58, 02708DB0, 02708DCD, 02708DF4, 02708E43, 02708EE0, 02708EF4, 02708F6C, 027074F2
, xrefs: 02707D52, 02707E00, 02707E2B, 02707EEB, 02707F4C, 02707F9E, 0270801D, 0270808B, 027080E0, 0270816C, 027081CF, 02708224, 027082B6, 027082FE, 0270835F, 02708432, 027084B4, 0270850A, 0270860F, 0270865F, 027086D8, 02708832, 02708897, 02708900, 02708AD5, 02708ADD, 02708E5A, 02708F37, 02708F72

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: $$$$$
API String ID: 0-2186515198
Opcode ID: 998ce090724a1b0c3028082641c0c67dc46fc03f78ea0fa84297bce657517db8
Instruction ID: 7ef86bf3ad6f5c5575423cec7ad5007e3b45e90463f74222122319b322077b50
Opcode Fuzzy Hash: 998ce090724a1b0c3028082641c0c67dc46fc03f78ea0fa84297bce657517db8
Instruction Fuzzy Hash: 0923DDB2E106288FDB64CF69CC91BDCB7F1BF48214F198199D44DE7202DB38AA958F54

Function 06BA4064 Relevance: 9.7, Strings: 6, Instructions: 2198COMMON

Download Yara Rule

Strings

, xrefs: 06BA4546, 06BA457F, 06BA45B2, 06BA45EE, 06BA462D, 06BA4685, 06BA46BA, 06BA46ED, 06BA4746, 06BA47B6, 06BA484B, 06BA489C, 06BA4BE6, 06BA4C17, 06BA4CB1, 06BA4D2D, 06BA4D5A, 06BA59A7, 06BA59AA, 06BA59F8, 06BA5A69, 06BA5AEC, 06BA5B17, 06BA5B4A, 06BA5B8B, 06BA5BC5, 06BA5C19, 06BA5C52, 06BA5C8A, 06BA5CC1, 06BA5D00, 06BA5D58, 06BA5DB0, 06BA5DCD, 06BA5DF4, 06BA5E43, 06BA5EE0, 06BA5EF4, 06BA5F6C, 06BA44F2
, xrefs: 06BA4982, 06BA4A19, 06BA4A3E, 06BA4AAD, 06BA4B05, 06BA4D00, 06BA4D82, 06BA4DBB, 06BA4E47, 06BA4ECA, 06BA4F25, 06BA4F7F, 06BA4FD4, 06BA505F, 06BA50C1, 06BA5116, 06BA518F, 06BA5205, 06BA525A, 06BA52DF, 06BA5343, 06BA5392, 06BA54A8, 06BA5519, 06BA556D, 06BA5685, 06BA56ED, 06BA5749, 06BA5925, 06BA598A, 06BA59DA, 06BA5A4C, 06BA5E23, 06BA5EBE, 06BA5F60
, xrefs: 06BA4D52, 06BA4E00, 06BA4E2B, 06BA4EEB, 06BA4F4C, 06BA4F9E, 06BA501D, 06BA508B, 06BA50E0, 06BA516C, 06BA51CF, 06BA5224, 06BA52B6, 06BA52FE, 06BA535F, 06BA5432, 06BA54B4, 06BA550A, 06BA560F, 06BA565F, 06BA56D8, 06BA5832, 06BA5897, 06BA5900, 06BA5AD5, 06BA5ADD, 06BA5E5A, 06BA5F37, 06BA5F72
, xrefs: 06BA49D1, 06BA4A46, 06BA4AE3, 06BA4B4C, 06BA4BAE, 06BA4C2A, 06BA4C68, 06BA4D6F, 06BA4E3A, 06BA4E57, 06BA4F35, 06BA4FF4, 06BA5050, 06BA50AA, 06BA513C, 06BA5187, 06BA51EE, 06BA5280, 06BA52D7, 06BA532F, 06BA53AB, 06BA53FC, 06BA541E, 06BA552A, 06BA5589, 06BA55E9, 06BA5615, 06BA5667, 06BA5766, 06BA57BF, 06BA582C, 06BA583A, 06BA589F, 06BA592B, 06BA5946, 06BA599F, 06BA59EB, 06BA5A85, 06BA5ACA
, xrefs: 06BA44B0, 06BA4507, 06BA4540, 06BA4573, 06BA45AF, 06BA45EB, 06BA4642, 06BA467B, 06BA46AE, 06BA46EA, 06BA4735, 06BA47DE, 06BA483A, 06BA49A2, 06BA49F4, 06BA4A58, 06BA4B43, 06BA4BBB, 06BA4BF6, 06BA4C0E, 06BA4CB9, 06BA4CF4, 06BA53DA, 06BA5419, 06BA547F, 06BA5778, 06BA579F, 06BA5802, 06BA587B, 06BA590B, 06BA5951, 06BA5A5A, 06BA5AAB, 06BA5B05, 06BA5B60, 06BA5B9A, 06BA5BC2, 06BA5C01, 06BA5C40, 06BA5C9C, 06BA5CD0, 06BA5CFD, 06BA5D3C, 06BA5D8C, 06BA5DE2, 06BA5E2B, 06BA5E3E, 06BA5E9D, 06BA5ECE, 06BA5F47
, xrefs: 06BA4A87, 06BA4AB3, 06BA4B17, 06BA4B6B, 06BA4C08, 06BA4C82, 06BA4CCC, 06BA4D77, 06BA4DA5, 06BA4E15, 06BA4E93, 06BA4EF3, 06BA4FC4, 06BA5015, 06BA5074, 06BA5106, 06BA515D, 06BA51B8, 06BA524A, 06BA52A7, 06BA530C, 06BA545B, 06BA5471, 06BA54ED, 06BA554C, 06BA55EF, 06BA5690, 06BA56B6, 06BA572C, 06BA5782, 06BA5818, 06BA586B, 06BA58E6, 06BA593B, 06BA59D1, 06BA5A0E, 06BA48E1

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: $$$$$
API String ID: 0-2186515198
Opcode ID: ff5d8c397b2ef9bf449823ebf66624229cb88081d8cfbffcad2d175b59bebeae
Instruction ID: bf23dccaf4fd707245f98c313c1bac20d6c6fcc5757db321ec5b0a190501355b
Opcode Fuzzy Hash: ff5d8c397b2ef9bf449823ebf66624229cb88081d8cfbffcad2d175b59bebeae
Instruction Fuzzy Hash: 9423DEB2E106288FDB64CF69CC91BDCB7F1BF48214F198199D44DE7202DB38AA958F54

Function 02704324 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 489COMMON

Download Yara Rule

APIs

_strstr.LIBCMT ref: 02704375
_strstr.LIBCMT ref: 0270438B

Strings

, xrefs: 027043B6
!, xrefs: 027044DE

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: _strstr
String ID: $!
API String ID: 2882301372-2056089098
Opcode ID: 76b6ba3dfe2ee41053007f178c17b95752c0e275121cad342d93b5ca6f058888
Instruction ID: 9fc870e6db3cde69777755ed33b9b6295ea1406619816eff0aae9d1a65fcd3da
Opcode Fuzzy Hash: 76b6ba3dfe2ee41053007f178c17b95752c0e275121cad342d93b5ca6f058888
Instruction Fuzzy Hash: 68F10672B00115DBDF11CEA8D8D47BEB7F6EF46314F5001AAEA06AB280E7359D49CB91

Function 06BA1324 Relevance: 7.5, APIs: 2, Strings: 2, Instructions: 489COMMON

Download Yara Rule

APIs

_strstr.LIBCMT ref: 06BA1375
_strstr.LIBCMT ref: 06BA138B

Strings

, xrefs: 06BA13B6
!, xrefs: 06BA14DE

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: _strstr
String ID: $!
API String ID: 2882301372-2056089098
Opcode ID: e8f8968a96ffba937362c2e52cb6c5d510ea4e12e21afcbb7690a5e2ca407639
Instruction ID: f9dfb8e9d248188cfc65877214dea123a488cd4b2a84a413ea89398c1c870618
Opcode Fuzzy Hash: e8f8968a96ffba937362c2e52cb6c5d510ea4e12e21afcbb7690a5e2ca407639
Instruction Fuzzy Hash: CCF1D4B2F042099BDFD1DEACDC406BDB7A6EF45224F5401EAE906AB240E7329981C791

Function 0272F734 Relevance: 3.5, APIs: 2, Instructions: 469COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5e8d3ee927ead6087cf0f2afb98276be511b9b1d88de169561e3c3da13cb543
Instruction ID: af484ef2317a91ff18b935b678950db9481188314ed17c13d0f56df3863e0a08
Opcode Fuzzy Hash: f5e8d3ee927ead6087cf0f2afb98276be511b9b1d88de169561e3c3da13cb543
Instruction Fuzzy Hash: BF024A71E002299FDF14CFA9C8906ADFBF1EF48314F25826AD819E7784D730AA45CB95

Function 06BCC734 Relevance: 3.5, APIs: 2, Instructions: 469COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063ff1b71cd63471a4d2f52ee5ad51b645e3a2134ba6b61f84b8004d8b135f5e
Instruction ID: 98dc23d2d296fba20bda76fa6ded12b8d834e7a1f312f7e0b6f09621ac4fcd46
Opcode Fuzzy Hash: 063ff1b71cd63471a4d2f52ee5ad51b645e3a2134ba6b61f84b8004d8b135f5e
Instruction Fuzzy Hash: DC023EB1E002199FDF54CFA9C8806ADBBF1EF98324F1541ADD919E7344D731AA41CB94

Function 026EE764 Relevance: 2.4, Strings: 1, Instructions: 1198COMMON

Download Yara Rule

Strings

@, xrefs: 026EE89E

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: efa0298198112e1622fb7e8008639afc62e999223bd18876ccbb9b5903d01f30
Instruction ID: c01ed282593cca97da3bbe453cdc162fad0801219c0c4670dd4580cfbf611d73
Opcode Fuzzy Hash: efa0298198112e1622fb7e8008639afc62e999223bd18876ccbb9b5903d01f30
Instruction Fuzzy Hash: C2C2C972E012298FDB68CF69C89579DF7F6AB88300F1582FAD419B7251DA705E81CF84

Function 06B8B764 Relevance: 2.4, Strings: 1, Instructions: 1198COMMON

Download Yara Rule

Strings

@, xrefs: 06B8B89E

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a3ad76d30a1f294376f9f86afb1b1388b20b1f6971645adec8eee0531b270259
Instruction ID: 495d3bfc18098e4db48616561a4323179e390af6dd97682ebfd9119c6e92c7f4
Opcode Fuzzy Hash: a3ad76d30a1f294376f9f86afb1b1388b20b1f6971645adec8eee0531b270259
Instruction Fuzzy Hash: 86C2C972E012298FDB68CF69C89579DF7F6AB88300F1582FAD419B7251DA705E81CF84

Function 0271B544 Relevance: 1.6, Strings: 1, Instructions: 341COMMON

Download Yara Rule

Strings

$, xrefs: 0271B7B3

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: beacbb4a4d1f017f9412913396b773e9ab23728858e25bc97c92cb3d69f35174
Instruction ID: f6e9ebc49dc7be43633f81f11c570ff55de38e3aeba5b1a149d8177cf88743bc
Opcode Fuzzy Hash: beacbb4a4d1f017f9412913396b773e9ab23728858e25bc97c92cb3d69f35174
Instruction Fuzzy Hash: 0EA13C72B001089FDF25DFACDC86BAEB7FAEF54308F14016AE906DB290E7259915CB51

Function 06BB8544 Relevance: 1.6, Strings: 1, Instructions: 341COMMON

Download Yara Rule

Strings

$, xrefs: 06BB87B3

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: $
API String ID: 0-3993045852
Opcode ID: beacbb4a4d1f017f9412913396b773e9ab23728858e25bc97c92cb3d69f35174
Instruction ID: 5ea780b1025ef730dc80c90ad73e183387c814a22ef7e204944758acd21ebcff
Opcode Fuzzy Hash: beacbb4a4d1f017f9412913396b773e9ab23728858e25bc97c92cb3d69f35174
Instruction Fuzzy Hash: C0A117F2E101089BDFA4DFA8DC81BFE73BDEF84310F1410AAE91ADA250E7A19945C755

Function 02728A28 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

0, xrefs: 02728B98

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 3300d6bbddcb085f6f0b6dbfdd253a95cddc58481347262602f446eca73ffff3
Instruction ID: de5afcb66e7bb9f8b086d730892ea40c0e4d31781235e8c98da8383a692094e3
Opcode Fuzzy Hash: 3300d6bbddcb085f6f0b6dbfdd253a95cddc58481347262602f446eca73ffff3
Instruction Fuzzy Hash: 2B518BA160177467DF398A6889697BF23EA9B02304F0C091ED942DB281CF17E54DC77B

Function 02728C58 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

0, xrefs: 02728DC8

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c3fcaa2e72731fe3611f61136aff85bfd69727afcfae8666ff5cf7a7b27307e0
Instruction ID: c28aade0d586e2cc661e5c47bc000f20eb034aa190be66e1a9f0074489ea2db7
Opcode Fuzzy Hash: c3fcaa2e72731fe3611f61136aff85bfd69727afcfae8666ff5cf7a7b27307e0
Instruction Fuzzy Hash: 0751A961603674A7DB39897989587BF239ADF2A308F081E49D542DF281C713EA8DC773

Function 06BC5C58 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

0, xrefs: 06BC5DC8

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: c3fcaa2e72731fe3611f61136aff85bfd69727afcfae8666ff5cf7a7b27307e0
Instruction ID: 04884d212c0a3e503aba7c9e12f7f611acf2efed7ecb8d7e4b768e2982cc0151
Opcode Fuzzy Hash: c3fcaa2e72731fe3611f61136aff85bfd69727afcfae8666ff5cf7a7b27307e0
Instruction Fuzzy Hash: DE513AF3A507055BEBF88A388858FBF2799DB42230F0829DDD493CB281D615B765C3A1

Function 06BC5A28 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

0, xrefs: 06BC5B98

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 3300d6bbddcb085f6f0b6dbfdd253a95cddc58481347262602f446eca73ffff3
Instruction ID: 34a536e85042112957d2cb7dd4e0338dcede968c1bda5ab0683019a1bd458faa
Opcode Fuzzy Hash: 3300d6bbddcb085f6f0b6dbfdd253a95cddc58481347262602f446eca73ffff3
Instruction Fuzzy Hash: F95148F3A006045BEBF88E798894BBF27D9DB85270F0829DDE4528B281D605B771C3B5

Function 06C124F5 Relevance: 1.4, Strings: 1, Instructions: 193COMMON

Download Yara Rule

Strings

UUUU, xrefs: 06C12579

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: UUUU
API String ID: 0-1798160573
Opcode ID: 68d484cd3b9579349c4753d8a8328e3f55ad25aed2f5a60ab2ee91546638fdc3
Instruction ID: 4e72aefb040974b94935d3d41f176011f5f5a3ed8b091a23b4b70f099b753a7e
Opcode Fuzzy Hash: 68d484cd3b9579349c4753d8a8328e3f55ad25aed2f5a60ab2ee91546638fdc3
Instruction Fuzzy Hash: F151C723B109250BE74CC97D8CA236D7AD2D7C4341B89827DE6A6D73C5D8BCDA12E390

Function 0270E414 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

@, xrefs: 0270E509

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 312dd61bfc3187a6110144a42e333528a9572a2e29dc9183e965b70ea8e4fdfc
Instruction ID: af39e67a087c30942dffec5999557284c6e608206fd941df7da73fef70885b9d
Opcode Fuzzy Hash: 312dd61bfc3187a6110144a42e333528a9572a2e29dc9183e965b70ea8e4fdfc
Instruction Fuzzy Hash: 87519E715056969FCB05CF3984E45AEFFF0FF4A200B19859DE8995B342C630AA19CF60

Function 06BAB414 Relevance: 1.4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

Strings

@, xrefs: 06BAB509

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 312dd61bfc3187a6110144a42e333528a9572a2e29dc9183e965b70ea8e4fdfc
Instruction ID: 50b36237debbe15e016d26982f9178e0a89ffff7a5ab5fd4c3cf89657afdc341
Opcode Fuzzy Hash: 312dd61bfc3187a6110144a42e333528a9572a2e29dc9183e965b70ea8e4fdfc
Instruction Fuzzy Hash: 61517CB19097969FCB05CF39C4A44BAFFF0FF4A200B1986DDD8A55B202C634AA55CB60

Function 027118F4 Relevance: .9, Instructions: 893COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d2a12c45c9bfe046ad36ac178fe38851da3ecaca8f653bf4d78821241a8f72
Instruction ID: dfe24ea6ace5658762c2247c4fec039e7e30128770a56eaa66afcb379a0a16b0
Opcode Fuzzy Hash: c1d2a12c45c9bfe046ad36ac178fe38851da3ecaca8f653bf4d78821241a8f72
Instruction Fuzzy Hash: 1F824D70E0426D8FDB6CCFAC84A46EDBBF1AB49200F5441AED49AE7342D7349A45CF60

Function 06BAE8F4 Relevance: .9, Instructions: 893COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d2a12c45c9bfe046ad36ac178fe38851da3ecaca8f653bf4d78821241a8f72
Instruction ID: e9209ed411a4d796671efbf4de4aea1279b0b3f046f4513f14be81b33ced8ea1
Opcode Fuzzy Hash: c1d2a12c45c9bfe046ad36ac178fe38851da3ecaca8f653bf4d78821241a8f72
Instruction Fuzzy Hash: 91823F74E0425D8FDB68CFACC4A46EDBBF1EB49200F5441AED49AE7342D6349A46CF60

Function 026F2434 Relevance: .8, Instructions: 850COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6929892dba4fc304f877ee53abe97aed17be31103682478172c81f08cc5f6e21
Instruction ID: d4ab7f1adc6da5b67372fe07f2ee87632ada0d68c39a3a9d019d451d7d7870c0
Opcode Fuzzy Hash: 6929892dba4fc304f877ee53abe97aed17be31103682478172c81f08cc5f6e21
Instruction Fuzzy Hash: 2A72FF72E002288BCF5CCE99D8555EEB7F2BBC8314F1A817ED81AE7340CA756D518E94

Function 06B8F434 Relevance: .8, Instructions: 850COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc7626d7d2f5e627b0cc38eec714aef7dd1d04597e1fc2a6fdf09050270260a5
Instruction ID: bed421cf054e87ddb9302ad288d1411a9158131b834bd32cbcb49b8b8b7e39ed
Opcode Fuzzy Hash: fc7626d7d2f5e627b0cc38eec714aef7dd1d04597e1fc2a6fdf09050270260a5
Instruction Fuzzy Hash: B672FF72E002188BCB5CCE99D8515EEB7F2BBC8314F1A817ED81AE7340CA356D51CE94

Function 026EDAF4 Relevance: .8, Instructions: 792COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6bfdac53d7301d8c985c268475f636439708f5f51b16f1b0d4cce66c6302b723
Instruction ID: 871753ed5b59a074074f9d8614bae984bbe5da8d8f5293ecbdfe68164ca2d2d0
Opcode Fuzzy Hash: 6bfdac53d7301d8c985c268475f636439708f5f51b16f1b0d4cce66c6302b723
Instruction Fuzzy Hash: F942D2B3F105240BD768CA7ECC91399BAE3AFD4219B1EC179E498D7706E63DC9028B54

Function 06B8AAF4 Relevance: .8, Instructions: 792COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dafe6d1444bf7fa83bacda055468a91a671ca0f9caca9358a62d7373cb30273c
Instruction ID: 2a6e9d7933bdf466706c0f86dec18c62eec79a3fd5c854288e3df7f02040fc52
Opcode Fuzzy Hash: dafe6d1444bf7fa83bacda055468a91a671ca0f9caca9358a62d7373cb30273c
Instruction Fuzzy Hash: 7A42D2B3F105240BD768CA7ECC91399BAE3AFD4219B1EC179E498D7706E63DC9028B54

Function 0270C024 Relevance: .7, Instructions: 685COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4f73fce1a19ae8c3d7e0515858d4e094fd9c80017c26eaafc8e3e7e71cc4f2
Instruction ID: 2d58a03d13b3e6adb6341fb09842d3ee85166423b0a490e3c6faff420f47ec21
Opcode Fuzzy Hash: 6c4f73fce1a19ae8c3d7e0515858d4e094fd9c80017c26eaafc8e3e7e71cc4f2
Instruction Fuzzy Hash: 06424D72B30A614BE31CDE29DCA15267353A7DE20034D892EED43DB395ED35AA23D760

Function 06BA9024 Relevance: .7, Instructions: 685COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c4f73fce1a19ae8c3d7e0515858d4e094fd9c80017c26eaafc8e3e7e71cc4f2
Instruction ID: 2d58a03d13b3e6adb6341fb09842d3ee85166423b0a490e3c6faff420f47ec21
Opcode Fuzzy Hash: 6c4f73fce1a19ae8c3d7e0515858d4e094fd9c80017c26eaafc8e3e7e71cc4f2
Instruction Fuzzy Hash: 06424D72B30A614BE31CDE29DCA15267353A7DE20034D892EED43DB395ED35AA23D760

Function 026ED104 Relevance: .6, Instructions: 650COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8359e1d9aefb5178fde3e9373cbdbcec05022a284007d157ec6fccc1b1ac79fe
Instruction ID: 912c910f6dabb85ca09379241fbed663d1edbcae6c19de486d99a16ea1e11559
Opcode Fuzzy Hash: 8359e1d9aefb5178fde3e9373cbdbcec05022a284007d157ec6fccc1b1ac79fe
Instruction Fuzzy Hash: 8B32B372F005644FDB98CB6ECC912A8BBE3AFC8215B1CC1BED499D7306E63D95069B50

Function 06B8A104 Relevance: .6, Instructions: 650COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3eef9c462cad62205f0ee69e0098c947e570ff362a48c96b157659616459eb
Instruction ID: 7b5c7141d15766e2cf81e2cf97d324d94f66dad8b82f85b08fb3826db6e25f31
Opcode Fuzzy Hash: 7f3eef9c462cad62205f0ee69e0098c947e570ff362a48c96b157659616459eb
Instruction Fuzzy Hash: 7C32B372F005644FDB98CB6ECC912A8BBE3AFC8215B1CC1BED499D7306E63D85069B50

Function 02717454 Relevance: .5, Instructions: 472COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f030997fc7cc7f8c763712ebd421859704c03949cf10e369be51e7f61a18fcc
Instruction ID: 21c349d22ac79bea03533da3648b8b6b5c6862711db05097639f8dedf6198d34
Opcode Fuzzy Hash: 2f030997fc7cc7f8c763712ebd421859704c03949cf10e369be51e7f61a18fcc
Instruction Fuzzy Hash: 0E025D71A006199FDB24DFA8C981AAEF7FAFF08204F20856EE559D7201E731E955CF50

Function 06BB4454 Relevance: .5, Instructions: 472COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d33566df8f98b7f9b2031b964f6553bc5a5f04018e47bb89a853390b92d67406
Instruction ID: 66e3c128faa1b595044ef0caddf94d88e508f03501612772aa24e5d25f92233a
Opcode Fuzzy Hash: d33566df8f98b7f9b2031b964f6553bc5a5f04018e47bb89a853390b92d67406
Instruction Fuzzy Hash: 83026CB1A006099FCB64CFA8CD80AAEB3F9FF44204F2095AED559D3206E771E955CF50

Function 02700384 Relevance: .4, Instructions: 440COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cbc8351d8dff082eebe3a34696f62512a72cde985b81187cfb93e4e5c9595125
Instruction ID: f85b72a298e7e8f270b3ac0c79bde98bdeafb5cb67a4ffebcb39cc73fc890433
Opcode Fuzzy Hash: cbc8351d8dff082eebe3a34696f62512a72cde985b81187cfb93e4e5c9595125
Instruction Fuzzy Hash: 77127E709002A48FDB0CCF9AD8E04BDBBF2FB8D321B55865EE5966B756C2386505CF60

Function 026FFD84 Relevance: .4, Instructions: 440COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48ade743aefe2d0aeb882b792bff6048d3c12c18a6da10595e1626d4db1848a0
Instruction ID: 685e2409cc707273b99d167243d93b04cac4c96558f28fe953acb75476d30a10
Opcode Fuzzy Hash: 48ade743aefe2d0aeb882b792bff6048d3c12c18a6da10595e1626d4db1848a0
Instruction Fuzzy Hash: BE127D709002A48FDB0CCF9AD8E04BDBBF2FB8D321755C65EE5466B656C238A505DFA0

Function 06B9CD84 Relevance: .4, Instructions: 440COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5ae53574c5b4431d9b2bc311f579cf29da21f17d4a39da67687f74c6e491322
Instruction ID: 181d8e99b0b4b9f6aadfc9c0c9b8cf3e909904645f9a7307807bcd16fcd9df1c
Opcode Fuzzy Hash: e5ae53574c5b4431d9b2bc311f579cf29da21f17d4a39da67687f74c6e491322
Instruction Fuzzy Hash: 86127D709002A48FDB0CCF9AD8E04BDBBF2FB8D321755C65EE5466B656C238A505DFA0

Function 06B9D384 Relevance: .4, Instructions: 440COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78cec82634182645fa1447f9533fcf58e83f83342d93bc584789a2f24202cbeb
Instruction ID: 46a23b3d95cae3dc080a03210df870306ce191235808b9944f01b31d51ba9f18
Opcode Fuzzy Hash: 78cec82634182645fa1447f9533fcf58e83f83342d93bc584789a2f24202cbeb
Instruction Fuzzy Hash: C2127E709002A48FDB0CCF9AD8E04BDBBF2FB8D321B55865EE5966B756C2386501CF60

Function 026F8394 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb1511eb812cbdba9e4f48302421fa70ad2775c14a7c03d824542f322f6e2def
Instruction ID: 963ff8a3847958dce011cb93261c072a0750a63c5e5ff0522ae242b73ac42af2
Opcode Fuzzy Hash: fb1511eb812cbdba9e4f48302421fa70ad2775c14a7c03d824542f322f6e2def
Instruction Fuzzy Hash: D5E17EB2D002199BDFA1DE94C884BEFB7BAAF44314F144169DA15FB300E775DA49CBA0

Function 06B95394 Relevance: .4, Instructions: 439COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7c50eda406756f997f2372ba701a5f52b4bc61baa64f80b4fad0a23289bd3f83
Instruction ID: eb39d77c8282f256c7c15020ab5f4544e10fd26d3da2046fb75f5fa3a5ba6496
Opcode Fuzzy Hash: 7c50eda406756f997f2372ba701a5f52b4bc61baa64f80b4fad0a23289bd3f83
Instruction Fuzzy Hash: 22E15FF2D502199BDFA2CEA4CC80BEEB7B8EF44314F1441B9D915A7201E7799A45CBB0

Function 026FE404 Relevance: .4, Instructions: 433COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab63a2fcaeb3cb84300acff719c7f3dc3c7ad6cf38ddcd8fb42f638069a9454f
Instruction ID: 3dc8c3a9baffe4b637684b9739141003af948611dccd566faff7837e73da285d
Opcode Fuzzy Hash: ab63a2fcaeb3cb84300acff719c7f3dc3c7ad6cf38ddcd8fb42f638069a9454f
Instruction Fuzzy Hash: 11F1B471E00259CBDF11CFB8C8806EDFBB5FF55308F148269DA15AB255E732A94ACB90

Function 06B9B404 Relevance: .4, Instructions: 433COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab63a2fcaeb3cb84300acff719c7f3dc3c7ad6cf38ddcd8fb42f638069a9454f
Instruction ID: e6d5fc9e1549f300902078c40f3028fe51199e5b2e6d13dfe1c57841f624fd23
Opcode Fuzzy Hash: ab63a2fcaeb3cb84300acff719c7f3dc3c7ad6cf38ddcd8fb42f638069a9454f
Instruction Fuzzy Hash: CEF181B1D042598FDF54CFB8D8816EEF7B5EF49304F1482B9C915AB205E731A986CBA0

Function 0270C9A4 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d4aaccd3f1f9cfcbe06dbd5c4db9b8afd4dfce5896dfe45bcdf6087beeb14de
Instruction ID: c2c412cbc02bbe3b07e65b2b3b5944f1b2f3e5634befb115699eaec222e28cb7
Opcode Fuzzy Hash: 0d4aaccd3f1f9cfcbe06dbd5c4db9b8afd4dfce5896dfe45bcdf6087beeb14de
Instruction Fuzzy Hash: DBA18E73F2482007E75C856DDC623B856C397C9355B1E833DEAABDB7C5DCA98D528280

Function 0270FD94 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dfca3d618824563b81f751bc9432965d4eec8946ea11413ff650bd271cf696e
Instruction ID: 5415a6095627434f6d54b4bd1322ec35fc04fb460dc5a7dd22d50b2253ed5829
Opcode Fuzzy Hash: 5dfca3d618824563b81f751bc9432965d4eec8946ea11413ff650bd271cf696e
Instruction Fuzzy Hash: A4D1A431D042598FCB11CF6CC8849DEFBF5FF59204B18859AE899EB202D735EA55CBA0

Function 06BACD94 Relevance: .3, Instructions: 338COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dfca3d618824563b81f751bc9432965d4eec8946ea11413ff650bd271cf696e
Instruction ID: 9030694819e408bf8f7ea7267ea31c858dbaa6be112c932ca9c6d18da33c35cb
Opcode Fuzzy Hash: 5dfca3d618824563b81f751bc9432965d4eec8946ea11413ff650bd271cf696e
Instruction Fuzzy Hash: 01D19471D042598FCB01CF6CC8805DEFBF5EF59204B5885DAE899EB202D731EA55CBA0

Function 0270FDA4 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9de0b90bd5d192b5983ae2cad5b4995adc4f5214f1c3465e59c3d55779e3635
Instruction ID: 4e2614cd28b993b7e09be5c9a53ac842bc150a27b849bb594c3c7b8d16aa8cc7
Opcode Fuzzy Hash: a9de0b90bd5d192b5983ae2cad5b4995adc4f5214f1c3465e59c3d55779e3635
Instruction Fuzzy Hash: 1FB15D71D042599FCB15CFADC8805EEBFF5EF59200B58819AD898FB242D634DA05CBB0

Function 06BACDA4 Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9de0b90bd5d192b5983ae2cad5b4995adc4f5214f1c3465e59c3d55779e3635
Instruction ID: 45abb299ff6db5cdf0d55e498c95ff68d0976cb77d61481094b3bfcf597a02aa
Opcode Fuzzy Hash: a9de0b90bd5d192b5983ae2cad5b4995adc4f5214f1c3465e59c3d55779e3635
Instruction Fuzzy Hash: ECB15E71D042599FCB15CFADC8805EEBFF4EF59200B18819AE898EB242D634DA15CBB0

Function 0273CB4D Relevance: .3, Instructions: 269COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dc14280c590a6367a36ae1b6d605201d5537283c72bb08eddde8d24d0792e70
Instruction ID: cb475f58dd74d1b80e0a0e618177a577bb5ea1ed58dfe01b2c5cb9460047cc46
Opcode Fuzzy Hash: 9dc14280c590a6367a36ae1b6d605201d5537283c72bb08eddde8d24d0792e70
Instruction Fuzzy Hash: 80B15D311206089FD717CF28C48AB657BE0FF45368F29869DE899DF2A2C335E991CB40

Function 06C12AE0 Relevance: .3, Instructions: 263COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83de876ee0d7b8911778a00f298672dac1179f8bc98fb58d805906259a4a1396
Instruction ID: 2fc54d62f716f5b60c68a49e2d1766b0c70112d2fe764325c51c890761470332
Opcode Fuzzy Hash: 83de876ee0d7b8911778a00f298672dac1179f8bc98fb58d805906259a4a1396
Instruction Fuzzy Hash: 8E917A73B308344BD758DF3DDC925167391E7AD35034E8226E552DB391E939EA23E640

Function 026F3E84 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: faba2a1bb18737713dd9e594d62b974f557f66e676b2cc5c0f7912b77564f179
Instruction ID: 008f5533035006493113ec6843d100aef1d0a43c44ed4aea6f4fff9e70a6e323
Opcode Fuzzy Hash: faba2a1bb18737713dd9e594d62b974f557f66e676b2cc5c0f7912b77564f179
Instruction Fuzzy Hash: 10913EB1D001689BCF61DF68CC807EEB7B9AB45214F0401EADB0DE7241EB359E998F59

Function 06B90E84 Relevance: .3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0ba76812bbcfdee10c7fcdfa98069a830b585be900cccbdde2a05b9b84852a2
Instruction ID: 5d661cd02439e410209ee1422fde866749e70afee879511a4305ee1bd742c53d
Opcode Fuzzy Hash: a0ba76812bbcfdee10c7fcdfa98069a830b585be900cccbdde2a05b9b84852a2
Instruction Fuzzy Hash: 8D916EF1D005299BCFA1DF68CC407EDB7B9EF45214F0401EADA0DA7201E6359E859FA9

Function 0270FDB4 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 374d46c643f9da3ddd20e08309102ad20e529b4820cc673da7c7cbf4a2ddf7ba
Instruction ID: 6b5f26e86e2b7e9d49445fed041841c96be7ddad9cea65ac83406f22a6a04e62
Opcode Fuzzy Hash: 374d46c643f9da3ddd20e08309102ad20e529b4820cc673da7c7cbf4a2ddf7ba
Instruction Fuzzy Hash: 3BA1A671A046598FCB15CF6DC8809AFBFF5EF49200B44C56AE8A9E7341D734EA15CBA0

Function 06BACDB4 Relevance: .3, Instructions: 254COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 374d46c643f9da3ddd20e08309102ad20e529b4820cc673da7c7cbf4a2ddf7ba
Instruction ID: 5dc1230ad05dd62e5984f7d38926a91c2e31a2b999f85d1073af2def408cf0dc
Opcode Fuzzy Hash: 374d46c643f9da3ddd20e08309102ad20e529b4820cc673da7c7cbf4a2ddf7ba
Instruction Fuzzy Hash: A9A1A671D046598FDB54CF6DC8809EFBBF4EF49200B44C5AAE8A9E7341D634EA15CBA0

Function 026EF9E4 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d0db453e6c8880c6fbeff2165732b36db326b0146370fb9e56f7ccdbfa100a6
Instruction ID: e966c916f0990da6b034258e91fade50a8c76858e36dd01b6491d45da12345a4
Opcode Fuzzy Hash: 0d0db453e6c8880c6fbeff2165732b36db326b0146370fb9e56f7ccdbfa100a6
Instruction Fuzzy Hash: 9DC1FD5410EBD08DC3268B7944506B6BFF15F2B005B5C4ADEE8E68BB83C106E74ADB72

Function 06B8C9E4 Relevance: .3, Instructions: 253COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d0db453e6c8880c6fbeff2165732b36db326b0146370fb9e56f7ccdbfa100a6
Instruction ID: f9cfd5d36c23d93d453647320f04b6f8fcb7f57ba0a8539f499bd82a23221143
Opcode Fuzzy Hash: 0d0db453e6c8880c6fbeff2165732b36db326b0146370fb9e56f7ccdbfa100a6
Instruction Fuzzy Hash: 5EC1FD5410EBD08DC3668B7944506A6BFF05F2B005B5C4ADEE8E68BB83C116E74ADB72

Function 02710044 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d79524c5dcaad99f35cf0ab8b633e70a76f9933616a09e061d05a7745ffb64
Instruction ID: a533fe791dc2fba179af66996136385edfed547ab890e0273e1adecf0091ae82
Opcode Fuzzy Hash: 09d79524c5dcaad99f35cf0ab8b633e70a76f9933616a09e061d05a7745ffb64
Instruction Fuzzy Hash: B99142319082D99FCF15CF6884505EEFFF0EE5A200B1982DAD8959B343D234EA55DBA1

Function 06BAD044 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09d79524c5dcaad99f35cf0ab8b633e70a76f9933616a09e061d05a7745ffb64
Instruction ID: 0e5acf7ca0c4ab9c98efe0b0c83e231a67468a5e50b7d5e7eb18073692362ba9
Opcode Fuzzy Hash: 09d79524c5dcaad99f35cf0ab8b633e70a76f9933616a09e061d05a7745ffb64
Instruction Fuzzy Hash: D49151719083D99FCB15CF6884505FEFFF0EE5A200B0982DAD8D99B302D234EA45DBA1

Function 0270ED54 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2561c401ac1ea7b2a14cc6e14a3acbe00544e7359019bbfc112ca5356b936c7b
Instruction ID: 8b1500fa3b0bd23751f4c72292edf922742dad786d24bf22619f82cb404a3e1a
Opcode Fuzzy Hash: 2561c401ac1ea7b2a14cc6e14a3acbe00544e7359019bbfc112ca5356b936c7b
Instruction Fuzzy Hash: E591C335D0529A9FC705CFA9C4906FDFFB1AF59300F5881AED894AB382C635A615CBA0

Function 06BABD54 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2561c401ac1ea7b2a14cc6e14a3acbe00544e7359019bbfc112ca5356b936c7b
Instruction ID: ef09de727a1facfe388fb8f98cbac74d4f39f5f75dfb3f64b3cbee177e1bd99f
Opcode Fuzzy Hash: 2561c401ac1ea7b2a14cc6e14a3acbe00544e7359019bbfc112ca5356b936c7b
Instruction Fuzzy Hash: 4B91E371D0569A9FC705CFA9C4906FDFFB1AF19200F1881AED894AB383C635A615CBA0

Function 02705C34 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8895e37f769553c1a821ae089bceb11040e4db4bbbacacf3a4fb0f5e8e567c
Instruction ID: 8c4a933c97a3c570bf564375b439a71f68cdb3f16dd638ad387997e3481cc9bb
Opcode Fuzzy Hash: 5b8895e37f769553c1a821ae089bceb11040e4db4bbbacacf3a4fb0f5e8e567c
Instruction Fuzzy Hash: 9B61F331A106499FDB09CF39C8D51EE7BE1FB49304B90962EE956CB281EB34D694CB44

Function 06BA2C34 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b8895e37f769553c1a821ae089bceb11040e4db4bbbacacf3a4fb0f5e8e567c
Instruction ID: 2ee88ba5ea0b57de7454cacfe7c847a133e74faba762caa41e300c6f06795cde
Opcode Fuzzy Hash: 5b8895e37f769553c1a821ae089bceb11040e4db4bbbacacf3a4fb0f5e8e567c
Instruction Fuzzy Hash: 0D612171A142499FCB09CF39C8911EDBBE1EF49300B54966EE95ACB281EB34DA90CB40

Function 027115C4 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5124241d681c573e0a7ebaf98ab92ef426d44001f9946cb1c54c6392bb84c48
Instruction ID: 6589af69f71216be9667758ce66675ee45c254fd35a3a2400a80e99d73f055c1
Opcode Fuzzy Hash: f5124241d681c573e0a7ebaf98ab92ef426d44001f9946cb1c54c6392bb84c48
Instruction Fuzzy Hash: 5D7196719042989FC711CF6DCC8089EBFF4AF45205B58C5AEE8A9DB242D736D616CBA0

Function 06BAE5C4 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5124241d681c573e0a7ebaf98ab92ef426d44001f9946cb1c54c6392bb84c48
Instruction ID: da199b940b644418dd96ee27728ee7713127d105416991078ebc8b66e5f240db
Opcode Fuzzy Hash: f5124241d681c573e0a7ebaf98ab92ef426d44001f9946cb1c54c6392bb84c48
Instruction Fuzzy Hash: 317193719042989FC751CF6DCC804DEBFF4AF45205B58C5EEE8A8DB242D636E616CBA0

Function 026FDAE4 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1115352f6815123d4c4c633264ca1aa29642fb74dc09749aa37a3ad75e06d4
Instruction ID: 37e025df920cde42bd3066a81ec5ba8fc0e8b5b70136dad5c4512828e1eedb98
Opcode Fuzzy Hash: 0c1115352f6815123d4c4c633264ca1aa29642fb74dc09749aa37a3ad75e06d4
Instruction Fuzzy Hash: 2D5149B1A102348FD758CF29DCC02A577E1EB49315F0591BDE989D7282C63CEE898F90

Function 026FFBA4 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d8bf03e2abea68d8f33728573aa37520fc666443e7126a9fc8d3cb3eba79271
Instruction ID: 78ca7d462f3d5be655453c21caee58a3dfb101cab4efa43662cc3c28385f93f2
Opcode Fuzzy Hash: 0d8bf03e2abea68d8f33728573aa37520fc666443e7126a9fc8d3cb3eba79271
Instruction Fuzzy Hash: 4151D777E046A44AD765857D8880359FED28B89201F1EC6BDECFCD7382D8A9C906D7E0

Function 06B9AAE4 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1115352f6815123d4c4c633264ca1aa29642fb74dc09749aa37a3ad75e06d4
Instruction ID: c5c306b734e9f3a2f21f1624a632d60420ec2963622d5a93e35e7a2e845c5b7d
Opcode Fuzzy Hash: 0c1115352f6815123d4c4c633264ca1aa29642fb74dc09749aa37a3ad75e06d4
Instruction Fuzzy Hash: 395149B1A102348FD758CF29DCC02A577E1EB49315F5581BDE989DB282C63CDE898FA0

Function 06B9CBA4 Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d8bf03e2abea68d8f33728573aa37520fc666443e7126a9fc8d3cb3eba79271
Instruction ID: 78ca7d462f3d5be655453c21caee58a3dfb101cab4efa43662cc3c28385f93f2
Opcode Fuzzy Hash: 0d8bf03e2abea68d8f33728573aa37520fc666443e7126a9fc8d3cb3eba79271
Instruction Fuzzy Hash: 4151D777E046A44AD765857D8880359FED28B89201F1EC6BDECFCD7382D8A9C906D7E0

Function 0270EB24 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f13d3f15e9e4fe9a5c7710d06394b40ae492e288189b34675f1582009776661d
Instruction ID: 54feb8b5fb343d3ac67cb2ef0c25b8b59d623fcfd07220f8e6501ca6c520df04
Opcode Fuzzy Hash: f13d3f15e9e4fe9a5c7710d06394b40ae492e288189b34675f1582009776661d
Instruction Fuzzy Hash: B0716EB1D002698FDB18CFA9C4946BEFBF1BF48300F0541AAD959EB281D7749A45CFA0

Function 02706A74 Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92d71fba117460f7011140f272d93071f572f1d4b444e3e6860f0b7c760b0e7f
Instruction ID: e15fd9edd0a18484862374777dc93d3efc5872c6a2738f126804bb1e5a8f58a2
Opcode Fuzzy Hash: 92d71fba117460f7011140f272d93071f572f1d4b444e3e6860f0b7c760b0e7f
Instruction Fuzzy Hash: E5712F85C3EFD906F617263558133C1E6605FF70ADA24D323FDA578ABAE711B6CA6200

Function 0270DFE4 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5797fa65aa4aeb8cc8ed77e1f3854144917a9a67c3497381499b14b3cee865b
Instruction ID: b3907357fd1c13cd65e164262f88fda120cc3a0805cdbd2adc56a52bc7b78d4a
Opcode Fuzzy Hash: b5797fa65aa4aeb8cc8ed77e1f3854144917a9a67c3497381499b14b3cee865b
Instruction Fuzzy Hash: E08187B1A112078FD7C8CF29D584A51FBE0FF5C264796A6A9D048CE602E374EAD4CF94

Function 06BAAFE4 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5797fa65aa4aeb8cc8ed77e1f3854144917a9a67c3497381499b14b3cee865b
Instruction ID: b3907357fd1c13cd65e164262f88fda120cc3a0805cdbd2adc56a52bc7b78d4a
Opcode Fuzzy Hash: b5797fa65aa4aeb8cc8ed77e1f3854144917a9a67c3497381499b14b3cee865b
Instruction Fuzzy Hash: E08187B1A112078FD7C8CF29D584A51FBE0FF5C264796A6A9D048CE602E374EAD4CF94

Function 0270F3A4 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a917f7093cfed6f236596615f038bdfe35f4004703e2e88876daf05ab727358
Instruction ID: ad6cbc852f57ca779c927d6750261482b587b6e6c1f39b3943f69877dae112c7
Opcode Fuzzy Hash: 3a917f7093cfed6f236596615f038bdfe35f4004703e2e88876daf05ab727358
Instruction Fuzzy Hash: AE51F731A047898BCB26CF78D8807EFBBF1AF49300F14456DE889A7782D7359548CB91

Function 06BAC3A4 Relevance: .2, Instructions: 168COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a917f7093cfed6f236596615f038bdfe35f4004703e2e88876daf05ab727358
Instruction ID: 6ed8983d055436519b6bb8df702e6eeb53ed408076dc242bb8a6a6f61e219685
Opcode Fuzzy Hash: 3a917f7093cfed6f236596615f038bdfe35f4004703e2e88876daf05ab727358
Instruction Fuzzy Hash: 8D51C371E047898BCB66CF78D8407EFBFB1AF5A300F1445ADE899A7242D731A544CB91

Function 02706794 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d574df729169d7cec4690e490e0574d4b721c9f25fcaf9dac98a6c28a8f19c49
Instruction ID: 2a330735d00c2429fb1d7c4fac2bf6bbb2fdc6915a63c4249a1a5a3198bafdb6
Opcode Fuzzy Hash: d574df729169d7cec4690e490e0574d4b721c9f25fcaf9dac98a6c28a8f19c49
Instruction Fuzzy Hash: 33512295C1AF9847E713A7324807391E6249FB746C650D36BFCB93C9ABD712F6C66200

Function 06BA3794 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d574df729169d7cec4690e490e0574d4b721c9f25fcaf9dac98a6c28a8f19c49
Instruction ID: 2a330735d00c2429fb1d7c4fac2bf6bbb2fdc6915a63c4249a1a5a3198bafdb6
Opcode Fuzzy Hash: d574df729169d7cec4690e490e0574d4b721c9f25fcaf9dac98a6c28a8f19c49
Instruction Fuzzy Hash: 33512295C1AF9847E713A7324807391E6249FB746C650D36BFCB93C9ABD712F6C66200

Function 026FE924 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a923441d65302670a9b23aca935ee11a78ee8294862aa09f0cec89d0f321348a
Instruction ID: 869690961682d97ff2a7288af9286b1f58f8aa3fda1ab7f68684129fe85ac583
Opcode Fuzzy Hash: a923441d65302670a9b23aca935ee11a78ee8294862aa09f0cec89d0f321348a
Instruction Fuzzy Hash: D86197B44042E54ADB59CF26C8E0961BFF1EF4A320729C4DDE5990F267C239E652DF50

Function 0270F124 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5a0f37fceb44ba85985868860fd05f77b11f2199fc497f112d4dbe3fcbb9f7
Instruction ID: ea382c42c6d31234cc64833ab1ec249aec134ff01036910bffcf27e734531fb6
Opcode Fuzzy Hash: 8b5a0f37fceb44ba85985868860fd05f77b11f2199fc497f112d4dbe3fcbb9f7
Instruction Fuzzy Hash: F051A631A051889BCB05CFAD88906EEBFB1AF9A210F4C45EDD845EB343D6349605C7A1

Function 06BAC124 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b5a0f37fceb44ba85985868860fd05f77b11f2199fc497f112d4dbe3fcbb9f7
Instruction ID: 1751fd21f9ab20c074dd1bc04dce905c30491a4c08ce4b36314ca5ba2fe0b655
Opcode Fuzzy Hash: 8b5a0f37fceb44ba85985868860fd05f77b11f2199fc497f112d4dbe3fcbb9f7
Instruction Fuzzy Hash: A3519571F092889BCB05CFBD88506EEBFB19F9A210F4C45EDD845EB343C6249605C7A1

Function 02706564 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dca7bf559efa894ab180abddb706b706db596f8bbc686d45af0850aa61a9ef63
Instruction ID: ccb5213d38a1dbb4b408234b512f1d965f9c55823d2c0e42feb0a44455c74a17
Opcode Fuzzy Hash: dca7bf559efa894ab180abddb706b706db596f8bbc686d45af0850aa61a9ef63
Instruction Fuzzy Hash: 7051E685C2EFE906FA03763648132D1E2604FF70AD654D363FDB1795BAE711BACA6200

Function 06BA3564 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dca7bf559efa894ab180abddb706b706db596f8bbc686d45af0850aa61a9ef63
Instruction ID: ccb5213d38a1dbb4b408234b512f1d965f9c55823d2c0e42feb0a44455c74a17
Opcode Fuzzy Hash: dca7bf559efa894ab180abddb706b706db596f8bbc686d45af0850aa61a9ef63
Instruction Fuzzy Hash: 7051E685C2EFE906FA03763648132D1E2604FF70AD654D363FDB1795BAE711BACA6200

Function 0270A0E4 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0bc9aae92ee3bd444b6e37e405b4cfebf33569a0f95d409b0d085519f23725c
Instruction ID: 09824946e05893a7a6a43eaec48e3fa1c747fadc7a68a6ca1755574be70bacef
Opcode Fuzzy Hash: d0bc9aae92ee3bd444b6e37e405b4cfebf33569a0f95d409b0d085519f23725c
Instruction Fuzzy Hash: D851D6315087C69ECB11CF79C4905ABFFF0AE1E21070981DEE8E88B643D325E659DB61

Function 0270BEB4 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0bc9aae92ee3bd444b6e37e405b4cfebf33569a0f95d409b0d085519f23725c
Instruction ID: ac1adb8a0c8b5891865b94d81a17d6d0fcdf0d0b97fab5f1fd8d3423050a659b
Opcode Fuzzy Hash: d0bc9aae92ee3bd444b6e37e405b4cfebf33569a0f95d409b0d085519f23725c
Instruction Fuzzy Hash: 6551DA301087C69ECB12CF79C4505A6FFF0AE1A210709C1DEE8E88B643D325E615DB61

Function 06BA8EB4 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0bc9aae92ee3bd444b6e37e405b4cfebf33569a0f95d409b0d085519f23725c
Instruction ID: d025371d8065f1d2848746c9b16dee715d09cb7e6411363e89ef5722c3c73e7c
Opcode Fuzzy Hash: d0bc9aae92ee3bd444b6e37e405b4cfebf33569a0f95d409b0d085519f23725c
Instruction Fuzzy Hash: 4B51D4705087D6AECB12CF79C4505BAFFF0EE1A210709C1DEE8E88B643D225E615DBA1

Function 06BA70E4 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0bc9aae92ee3bd444b6e37e405b4cfebf33569a0f95d409b0d085519f23725c
Instruction ID: 004102c6146c7a5d38fff69724727ef9ec335c68d44161b0f2741cffa31193c5
Opcode Fuzzy Hash: d0bc9aae92ee3bd444b6e37e405b4cfebf33569a0f95d409b0d085519f23725c
Instruction Fuzzy Hash: EF51D27450C7D25FCB11CFB9C4505AAFFF0EE1A21070981EEE8E88B643D225E615DBA1

Function 02710764 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56de0f2ccca978066a549ed487ff59450534ce18a0ccb7a9b1d5b1c5329c2c2a
Instruction ID: c77f6321d69963d475d9c0f46d09407d9bed4c00b4045d7aac70ab68f33b15fb
Opcode Fuzzy Hash: 56de0f2ccca978066a549ed487ff59450534ce18a0ccb7a9b1d5b1c5329c2c2a
Instruction Fuzzy Hash: E1418F327456489FC704CEADCCC0289FBA2AF9921875DC2ADD848DB703C275E943CBA1

Function 06BAD764 Relevance: .1, Instructions: 118COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56de0f2ccca978066a549ed487ff59450534ce18a0ccb7a9b1d5b1c5329c2c2a
Instruction ID: c77f6321d69963d475d9c0f46d09407d9bed4c00b4045d7aac70ab68f33b15fb
Opcode Fuzzy Hash: 56de0f2ccca978066a549ed487ff59450534ce18a0ccb7a9b1d5b1c5329c2c2a
Instruction Fuzzy Hash: E1418F327456489FC704CEADCCC0289FBA2AF9921875DC2ADD848DB703C275E943CBA1

Function 02706DF4 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27dcf1d86fba2ddb1b53bf98a4e00592cb0f6f39c3222d44f196063eb1f19a68
Instruction ID: 2594364bcb3261a70740a523f104b7784aed190eff01972654783bc47c4721a1
Opcode Fuzzy Hash: 27dcf1d86fba2ddb1b53bf98a4e00592cb0f6f39c3222d44f196063eb1f19a68
Instruction Fuzzy Hash: 6C31B0A4C29BAD46DB03AB3948822D5F790AFBB05E758D787EC703A2B6F31174C55360

Function 06BA3DF4 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 989ee48df831b36d2deac941c82dc88393aed5b5021c12ef9b477d190122c952
Instruction ID: ba99275e5a9bf06f561d56a476844708b3a154a0c05838527d483a8fe03f9a97
Opcode Fuzzy Hash: 989ee48df831b36d2deac941c82dc88393aed5b5021c12ef9b477d190122c952
Instruction Fuzzy Hash: F631B0A4C29BAD46DB03AA3948822D5F790AFBB05E758D787EC703A276F31174C15360

Function 02724F24 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 7f9375fc80e7f00df38854e835369689b8f7399fce0ffea17d8ca3dba7077118
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 421106B720517243D615CA3DD9F42BBE79AEBDB229B2D437AE0428F758D322E14D9600

Function 06BC1F24 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 4d5766b14d4db29e9abf19fb52efd3828a184d4bafdc686774fdfbbd0302d9bd
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 6D1108F7A050414FE6948A2DD4B41BAE796EBD6130B2C53FED0416B756D322A345D600

Function 02710B94 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac73207d5b92e6f47eb770cfb092a1741a5fcac63d9ef8e253d41b6a34999560
Instruction ID: a3058ea39193bb2366654f19f292dfb174c4472e14fb474dc3a65eaafce27bda
Opcode Fuzzy Hash: ac73207d5b92e6f47eb770cfb092a1741a5fcac63d9ef8e253d41b6a34999560
Instruction Fuzzy Hash: EC114F716342B90FA34D893E4C518397BD0DB8A1023C542FBF8D9EB2A2C619D946E7F0

Function 026D4418 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9d7f2a1120d98148f2982d20f8224dc85cfc53bc1bdd95eb2661c752a9bf04f
Instruction ID: c679525aac11190c81dbcf302fcaeb459ee9481a3cd6aa71e06ad1233d951a49
Opcode Fuzzy Hash: c9d7f2a1120d98148f2982d20f8224dc85cfc53bc1bdd95eb2661c752a9bf04f
Instruction Fuzzy Hash: A8118132621A128BD318CF38C892AA2B3E0FB58314B504B2DE477DB2C1CB35B915CB84

Function 06B71418 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9d7f2a1120d98148f2982d20f8224dc85cfc53bc1bdd95eb2661c752a9bf04f
Instruction ID: 315ff19b292299282be24e346f8975063713fd7696744ac48a94b1408f9ce59b
Opcode Fuzzy Hash: c9d7f2a1120d98148f2982d20f8224dc85cfc53bc1bdd95eb2661c752a9bf04f
Instruction Fuzzy Hash: 53118172631A128BD318CF38C8929A2B3E0FB58314B544B2DE437DB2C1C735B515DB84

Function 06BE7161 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93f62665a00d9aa177ed59675c1855e4dd29532711309c5f73517d84a858e995
Instruction ID: 5bf67c319d4f50c0c2fba4fdc87551881100d0bbdbca068b7ef9a8af1e8c6b35
Opcode Fuzzy Hash: 93f62665a00d9aa177ed59675c1855e4dd29532711309c5f73517d84a858e995
Instruction Fuzzy Hash: 7B0152777216204FD384AF7ACC8055533D7EBCD26531A0278E515DB7A5CB79AD02DB40

Function 026D4389 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d753a2c333d5a801a500bb298a956127af22558e84e1e90629213660978f9d9e
Instruction ID: 8e19f997d66a5418031630875a11ca51265076ea1f3be83224bd15808d805612
Opcode Fuzzy Hash: d753a2c333d5a801a500bb298a956127af22558e84e1e90629213660978f9d9e
Instruction Fuzzy Hash: C2019272720A168BD358CA3ED846695F3D6EBD83107198B3DE0A6CB284DB74D981C744

Function 06B71389 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d753a2c333d5a801a500bb298a956127af22558e84e1e90629213660978f9d9e
Instruction ID: 808e273fd2aea4d1d42777bdd9d97f41139488574344b832171b06b9b45fbb2e
Opcode Fuzzy Hash: d753a2c333d5a801a500bb298a956127af22558e84e1e90629213660978f9d9e
Instruction Fuzzy Hash: 7901D2B27206128BD3ACCE3DC8426A5F3D6EBD8310B098B79E0A6CB684D674D581D750

Function 02731859 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078436788e8308ec8a9898e1e2f11c3b1c8b142bb89dd9e6773ad3dcce01c634
Instruction ID: e906fe2cdb0c23596a6c1d081bea3747ea1e64a3863ba3be4446b6829fcae4b6
Opcode Fuzzy Hash: 078436788e8308ec8a9898e1e2f11c3b1c8b142bb89dd9e6773ad3dcce01c634
Instruction Fuzzy Hash: B9E0B635000518ABDB1B6B54CD8DA8C3B6AEB65361F408824FE098A532CB35DD52DBA4

Function 06BCE859 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 078436788e8308ec8a9898e1e2f11c3b1c8b142bb89dd9e6773ad3dcce01c634
Instruction ID: ac047b6287a8e578ff8b9039a2f5d06deaff635826b93331c8d1741418a42890
Opcode Fuzzy Hash: 078436788e8308ec8a9898e1e2f11c3b1c8b142bb89dd9e6773ad3dcce01c634
Instruction Fuzzy Hash: 3DE04675410118EBDBA5AB64CC88D083B69EB60361F808468FE048A130CB39DE43CBA0

Function 06C0F6DA Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5cd5aa631510297ffef4fe5218c8f34fe0bb2cb677a5a8caf740dc98da6c5350
Instruction ID: 7f19786791770c18d7a923f5e00e61929e3e6d7a92026042a27ed23cd4dceff5
Opcode Fuzzy Hash: 5cd5aa631510297ffef4fe5218c8f34fe0bb2cb677a5a8caf740dc98da6c5350
Instruction Fuzzy Hash: ACD0E915056E10E7BF60A43D04129F307C1CA533E07F036A545AA478D50A8C388FF79D

Function 06BFFDBB Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae12887d659f8810a0e11cc13ba607c1a3977e9d2af8abc678e340ebe5dcceff
Instruction ID: fe582e31a9dd32b03b75f59549bfa6f4d0e25be1fd284baf7fec61b52dc41bf4
Opcode Fuzzy Hash: ae12887d659f8810a0e11cc13ba607c1a3977e9d2af8abc678e340ebe5dcceff
Instruction Fuzzy Hash: 7BC01230A16308EBCB14CBA8D940A19BBF8EB0D621F0005A8EC0DC3700EA36AE10CA90

Function 026FD9B4 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b91107a6e702bb560382d836a53bc6b494b359883ca23bfe4dea6d8400b6f6b8
Instruction ID: e2d3df82be64c36f081f92cb03b912227afa22ed81e3fdc1686753c602edaba1
Opcode Fuzzy Hash: b91107a6e702bb560382d836a53bc6b494b359883ca23bfe4dea6d8400b6f6b8
Instruction Fuzzy Hash: DBB0927090520CAB4B00CA89AA01999B7ECD605110F2002D9AC0D93300E6326E2066A2

Function 026C6AC1 Relevance: 9.2, APIs: 6, Instructions: 158COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026C6AC8

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 85fd080371e1067fedebe473d3fe2c4211205affb96a04d2350089a2fb922116
Instruction ID: 34eb6bbb1bc891a735054a41aabf14ec432e80d4470162516c1cf4b84ef98853
Opcode Fuzzy Hash: 85fd080371e1067fedebe473d3fe2c4211205affb96a04d2350089a2fb922116
Instruction Fuzzy Hash: 3161F975A00214CFCB05EFA4C584AA9BBF5FF89310B25809EE909AF351DB75E941CFA4

Function 026C6CDF Relevance: 9.2, APIs: 6, Instructions: 158COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026C6CE6

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: c8f629a80f901d124a1ce76ef313d7bab0857bdd808bdf9eb197f06863fd2b23
Instruction ID: dafe629fcd00f89457d096a830d067ecdaeab40b55ad3627d9c36dde8ac1369a
Opcode Fuzzy Hash: c8f629a80f901d124a1ce76ef313d7bab0857bdd808bdf9eb197f06863fd2b23
Instruction Fuzzy Hash: 1D6128B5A00214CFCB05EFA4C584AA8BBF5FF49310B25849EE909AF351DB75E941CFA4

Function 026D2DBD Relevance: 9.2, APIs: 6, Instructions: 158COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026D2DC4

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 0be1c57d6704dada2e7c71a5ab3bc8430c617ac4d85c988c86de5a3637fe3ea2
Instruction ID: b3cd3567c8264b4bc4fbb82b20254aa7c0c6fcedba52074f9c24966984802266
Opcode Fuzzy Hash: 0be1c57d6704dada2e7c71a5ab3bc8430c617ac4d85c988c86de5a3637fe3ea2
Instruction Fuzzy Hash: 596119B5A00218CFCB05DFA4C594A99BBF5FF09310B25849AE909AF352D775ED41CFA0

Function 026C7120 Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026C7127

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 4cf8719301b105215b9fe333f01c0ecbf882f288c27824e2d34d87a69967fa32
Instruction ID: d0a0b0e30abd20f41f9ee05dfc8d6e5e1318bb7a9eddb3f180b0a244c3761abf
Opcode Fuzzy Hash: 4cf8719301b105215b9fe333f01c0ecbf882f288c27824e2d34d87a69967fa32
Instruction Fuzzy Hash: F4611775A00214CFCB06EFA4C5849A9BBF5FF09310B29809EE909AF355DB75A941CFA0

Function 026C678D Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026C6794

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 31d3f0da8362b4033ccb3ee4a57f4692a07521737f587a5bc4b23f420a7eca41
Instruction ID: 664855783dddfe4775321ab53bc42a42e01940fc29d4b7d8087d314de049d688
Opcode Fuzzy Hash: 31d3f0da8362b4033ccb3ee4a57f4692a07521737f587a5bc4b23f420a7eca41
Instruction Fuzzy Hash: 5F611675A05214CFCB05EFA4C5849A8BBF5FF49310B25809EE909AF351DB75E901CFA4

Function 026C6EFD Relevance: 9.2, APIs: 6, Instructions: 157COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026C6F04

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 6edfa83c4c98a332fe34ce744bd7e206b653b3333c778a16949c685b79145451
Instruction ID: 0373bb4864904094282cd4001137f79d63926622a55753d2d25436d39b69f930
Opcode Fuzzy Hash: 6edfa83c4c98a332fe34ce744bd7e206b653b3333c778a16949c685b79145451
Instruction Fuzzy Hash: 64611B75A00215CFCB06EF64C584AA9BBF6FF49310B25809DE909AF351D775E941CFA0

Function 026D9AEE Relevance: 9.2, APIs: 6, Instructions: 156COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026D9AF5

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 99255e0599b4cf6ea70ed13da3693809829d8c8a8fd1bc218dead3a9eb0b4f12
Instruction ID: 155e095bab79c87a4a736b7dbd345c84780e6ee3177a99de233b663afcbcb1e1
Opcode Fuzzy Hash: 99255e0599b4cf6ea70ed13da3693809829d8c8a8fd1bc218dead3a9eb0b4f12
Instruction Fuzzy Hash: 486136B5E01219CFCB05DFA4C4849A9BBF5FF49300B19C49AE819AF351C775A942CFA0

Function 026D98D0 Relevance: 9.2, APIs: 6, Instructions: 156COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026D98D7

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: d3cd23be5c72acd8e8aa927d5fdcd840825fcd9ee6d3a0edb82c431459b11429
Instruction ID: f48b181f94ff55e724bbbdd23702e594a6b9eef5c937864cbcde7af21f6ec2ed
Opcode Fuzzy Hash: d3cd23be5c72acd8e8aa927d5fdcd840825fcd9ee6d3a0edb82c431459b11429
Instruction Fuzzy Hash: 346135B5E01219CFCB01DFA4C484AA9BBF5FF49300B19849AE909AF351D775E902CFA0

Function 026D9D0C Relevance: 9.2, APIs: 6, Instructions: 156COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026D9D13

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: b7d17bbb3abd21c69f316d92d5e1e6f7e82ad07c2d59163d02c625e7382e3bf0
Instruction ID: 487012ab673a7cdaf3563abc72373d3d8a14b4d9d48352d93ff9f468bb708220
Opcode Fuzzy Hash: b7d17bbb3abd21c69f316d92d5e1e6f7e82ad07c2d59163d02c625e7382e3bf0
Instruction Fuzzy Hash: 6E6115B5E01218CFCB05DFA4C584AA9BBF5FF49300B19849AE909AF351D775E942CFA0

Function 026D8AEE Relevance: 9.2, APIs: 6, Instructions: 155COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026D8AF5

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 571204115a85705aaaea524effcae40e517e5be4c7b0423368273adf801f6c6a
Instruction ID: 04966b8a027c714da5396d28cd3ff0865195030f090e89afca97bf60a1a3305f
Opcode Fuzzy Hash: 571204115a85705aaaea524effcae40e517e5be4c7b0423368273adf801f6c6a
Instruction Fuzzy Hash: E66127B5E01219CFCB05DF64C488AA9BBF6FF49300B19C499E809AF351C775A942CFA0

Function 026D8E20 Relevance: 9.2, APIs: 6, Instructions: 155COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026D8E27

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: b7fc8407e998dfa6fb40f245a0171e54bf2dc70887e5e3414ec2b4ee428c68f9
Instruction ID: d2a51b9990586381944f8fd66a51230204cd08c6119a6637c2109753c514fc3d
Opcode Fuzzy Hash: b7fc8407e998dfa6fb40f245a0171e54bf2dc70887e5e3414ec2b4ee428c68f9
Instruction Fuzzy Hash: C46108B5E00219CFCB05DFA4C4849A9BBF6FF49310B198499E919AF351C775E942CFA0

Function 026D1C64 Relevance: 9.2, APIs: 6, Instructions: 155COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026D1C6B

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: f7fb3ce778aa90e14fa4643a0904b4a7c7ed27ecc8e6dcaccea6b08d5c57a13d
Instruction ID: 9d0f542a17219820af06b34b9a68f6a97fcbdf56b2a66b2046c0e2d417250477
Opcode Fuzzy Hash: f7fb3ce778aa90e14fa4643a0904b4a7c7ed27ecc8e6dcaccea6b08d5c57a13d
Instruction Fuzzy Hash: 9E612675E00219CFCB05DFA4C484AA9BBF5FF49310B15849AE919AF351CBB5E902CFA0

Function 026D7A44 Relevance: 8.0, APIs: 5, Instructions: 461COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 026D7B2C
__CxxThrowException@8.LIBVCRUNTIME ref: 026D7C17
__CxxThrowException@8.LIBVCRUNTIME ref: 026D7D67
__CxxThrowException@8.LIBVCRUNTIME ref: 026D7E77

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: Exception@8Throw
String ID:
API String ID: 2005118841-0
Opcode ID: e8f5343f6c45d36c3bdac4343d24d8f02a41ed1b5ac9a6cb72f2c2cc5433d51d
Instruction ID: 71e73e7252e98bc79c9022c781672b8a17dd29f35f6386a9ca2b10475affb324
Opcode Fuzzy Hash: e8f5343f6c45d36c3bdac4343d24d8f02a41ed1b5ac9a6cb72f2c2cc5433d51d
Instruction Fuzzy Hash: 2BF15271A002189FCB35DF68C895EAEF3F9EB84304F50459EE54AD7240EB30EA45CB92

Function 0273F533 Relevance: 7.8, APIs: 5, Instructions: 338COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 0273F55C

Part of subcall function 026C2B3E: __EH_prolog3_GS.LIBCMT ref: 026C2B45
Part of subcall function 026C2B3E: __CxxThrowException@8.LIBVCRUNTIME ref: 026C2B6B

_strstr.LIBCMT ref: 0273F585
new.LIBCMT ref: 0273F664
_strstr.LIBCMT ref: 0273F68D
_strstr.LIBCMT ref: 0273F7B3

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: _strstr$Exception@8H_prolog3_Throw
String ID:
API String ID: 769276597-0
Opcode ID: 5b721a4526bf520b14b38f7d1b81034ea5b1c0af6c847a114fadc8aac136a4fc
Instruction ID: ff17f60483c549b04f3a1307f48f377c63c44a37c2f3e597b8771f77d77e8d3c
Opcode Fuzzy Hash: 5b721a4526bf520b14b38f7d1b81034ea5b1c0af6c847a114fadc8aac136a4fc
Instruction Fuzzy Hash: 0AC17A70A08782AFE71AEB24C854BBBB7D2EF80344F64851EE551079D2DF749548CB93

Function 06BDC533 Relevance: 7.8, APIs: 5, Instructions: 338COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 06BDC55C

Part of subcall function 06B5FB3E: __EH_prolog3_GS.LIBCMT ref: 06B5FB45
Part of subcall function 06B5FB3E: __CxxThrowException@8.LIBVCRUNTIME ref: 06B5FB6B

_strstr.LIBCMT ref: 06BDC585
new.LIBCMT ref: 06BDC664
_strstr.LIBCMT ref: 06BDC68D
_strstr.LIBCMT ref: 06BDC7B3

Part of subcall function 06BDF2C4: swprintf.LIBCMT ref: 06BDF2EA

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: _strstr$Exception@8H_prolog3_Throwswprintf
String ID:
API String ID: 353814990-0
Opcode ID: 16e9a35acad45b0eed0e2ea778585aaf78cb47ad6a93bf6a4b21a07ee25b6308
Instruction ID: 1f7a0b83dc2e3373730caa9bf735a88f4c754b0818d4f9d475bdc3a0711a09d0
Opcode Fuzzy Hash: 16e9a35acad45b0eed0e2ea778585aaf78cb47ad6a93bf6a4b21a07ee25b6308
Instruction Fuzzy Hash: F0C117F0A087816FE7D9EB34CC50BBABB98EF81314F0495AEE1614A1C0EBB59544C782

Function 026DCB9A Relevance: 7.7, APIs: 5, Instructions: 184COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 026DCBC0
__EH_prolog3_GS.LIBCMT ref: 026DCBCD
new.LIBCMT ref: 026DCC30

Part of subcall function 026DD1E7: __EH_prolog3.LIBCMT ref: 026DD1EE

new.LIBCMT ref: 026DCC53

Part of subcall function 026DD0FC: __EH_prolog3.LIBCMT ref: 026DD103

new.LIBCMT ref: 026DCCFE

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3$Exception@8H_prolog3_Throw
String ID:
API String ID: 605474211-0
Opcode ID: 4180c4c851ee146a9ef919f3cdc62fd4dc60f894ec394d664a70a4aa37d9b12d
Instruction ID: e90e2d6a1d09e3d16bf6f838a83356cf4ccf763db54e8c0c85d7048c41f01ee3
Opcode Fuzzy Hash: 4180c4c851ee146a9ef919f3cdc62fd4dc60f894ec394d664a70a4aa37d9b12d
Instruction Fuzzy Hash: CD719270901248DFDB15EF68C884BDDBBB6EF15304F20809DE919AB381DB74AA44CF55

Function 06B63CDF Relevance: 7.7, APIs: 5, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8faae262ae6b63ff9c3a60bd1fece03f01eb028bbe250185baf52f35395fba5c
Instruction ID: 08124cb5f5bafa8cb55c9ab47238b4e742b38be03e95050395c10c5a3698db03
Opcode Fuzzy Hash: 8faae262ae6b63ff9c3a60bd1fece03f01eb028bbe250185baf52f35395fba5c
Instruction Fuzzy Hash: 516105B5A00608CFCB84DFA5C980A9CBBF0FF49710B259499E919AF351D775AD41CFA0

Function 06B6FDBD Relevance: 7.7, APIs: 5, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36eb60a767905001a4c416150d77b506c90c85e7e56b147d26f306221f37c780
Instruction ID: 7f846e192dfdb142c1a7bb40b8f3fa56f2b430c006e7b008ae6d34942a957460
Opcode Fuzzy Hash: 36eb60a767905001a4c416150d77b506c90c85e7e56b147d26f306221f37c780
Instruction Fuzzy Hash: 846127B5A00204CFCB84DFA9D8809ADBBF5FF49310B158099E919AF355DB75E941CFA0

Function 06B63AC1 Relevance: 7.7, APIs: 5, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e161b1f4159690dac14c61afcef0b874e7145fe3d29cb46dc9850806e8d5b76
Instruction ID: d68438b256f0e57476b4e012c6b44c0960c3a72a84f100240eb4d5968fc7d5d9
Opcode Fuzzy Hash: 0e161b1f4159690dac14c61afcef0b874e7145fe3d29cb46dc9850806e8d5b76
Instruction Fuzzy Hash: F76129B5A00618CFCB80DFA5C88099DBBF0FF49310B299099E919AF351DB75E941CFA0

Function 06B64120 Relevance: 7.7, APIs: 5, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 844952ba2d3735ec4a034b302171f2f1225171aa22f945088168acf09a6948ac
Instruction ID: 633f895e77dca410240aee308af32a6106c7d68a8786d52edc3017b5e9b080a7
Opcode Fuzzy Hash: 844952ba2d3735ec4a034b302171f2f1225171aa22f945088168acf09a6948ac
Instruction Fuzzy Hash: 896126B5A00618CFDB84DFA5C880999BBF1FF49310B25C09AE919AF351DB75E941CFA0

Function 06B6378D Relevance: 7.7, APIs: 5, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 568f810bd43cf13b5c0e3b4eb90a0044fab7c8628e2e3769fbdd5d0182161bf6
Instruction ID: 53748d9772b794e15291f40a483fd2bdf85ba229f7592d639cdd99fac355289f
Opcode Fuzzy Hash: 568f810bd43cf13b5c0e3b4eb90a0044fab7c8628e2e3769fbdd5d0182161bf6
Instruction Fuzzy Hash: 026117B5A00204CFDB84DFA5C98099CBBF0FF49310B259099E819AF361DB79E941CFA0

Function 06B63EFD Relevance: 7.7, APIs: 5, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94d0f2027493364d777c7b9b06a8fccb98a3566843724ed3a52385785a3e05f2
Instruction ID: 322f991cbcdb80951fae19d0b57c41067270e9f908fd8fc1ee724cf71398470d
Opcode Fuzzy Hash: 94d0f2027493364d777c7b9b06a8fccb98a3566843724ed3a52385785a3e05f2
Instruction Fuzzy Hash: B56106B5A00618CFCB84DFA5C984A99BBF1FF48310F15C0A9E919AF351D775A941CFA0

Function 06B76D0C Relevance: 7.7, APIs: 5, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ddd81509905b58eb4a29d9c455241a4f246d132f4ecf1191a652f133fc2406c
Instruction ID: ab4a75dab2f87c9c9015b07f9f717ec2e215c45badfa09dc4e5cf75086944730
Opcode Fuzzy Hash: 6ddd81509905b58eb4a29d9c455241a4f246d132f4ecf1191a652f133fc2406c
Instruction Fuzzy Hash: 146117B5A00608CFCB80DFA4C88099DBBF1FF49310B198499E929AF351D775E941CFA0

Function 06B76AEE Relevance: 7.7, APIs: 5, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea8437b2198a588b240236b8cd97fe52a0b9a8b41813f37b5acb4fcdbe26f80b
Instruction ID: ee924065adb8f617a6d8f882c9b925d68e1c0e6d7a0ace2e4723204b8f442422
Opcode Fuzzy Hash: ea8437b2198a588b240236b8cd97fe52a0b9a8b41813f37b5acb4fcdbe26f80b
Instruction Fuzzy Hash: B76104B5A00604CFCB85DFA4C980999BBF5FF49310B19C49AE829AF351E775A941CFA0

Function 06B768D0 Relevance: 7.7, APIs: 5, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13018225d6aca8ae9bd135f8c3aa3749c93d2756579fefe355b46cfaa66600b6
Instruction ID: 8c77d9ae1b693bad8258ecbecb73e7d35bdf19c00f0650ed7fbe765fd46282a8
Opcode Fuzzy Hash: 13018225d6aca8ae9bd135f8c3aa3749c93d2756579fefe355b46cfaa66600b6
Instruction Fuzzy Hash: 8F6104B5A00615CFCB81DFA4C980999BBF0FF49310B19C49AE929AF351D776E941CFA0

Function 06B6EC64 Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d60fc900fc0021ad9e0b08ec1406172d1d036b1948bbb9c81b3d1bbef00aba0e
Instruction ID: 6d240957ed77fab53d4897424cf527c7263ce4062a4f902d77ae247d5501ebb4
Opcode Fuzzy Hash: d60fc900fc0021ad9e0b08ec1406172d1d036b1948bbb9c81b3d1bbef00aba0e
Instruction Fuzzy Hash: EE6127B5A00218CFCB80DFA5C88099DBBF1FF49310B1580A9E819AF351D779E942CFA0

Function 06B75E20 Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3e2cd1c310b67a632c6967d7d6b6e371509bc85f6a2d0f300f54940ade54b21
Instruction ID: affb6935857000da66e950195fad926861f18d13daef0150e9927d887a7a9eb3
Opcode Fuzzy Hash: e3e2cd1c310b67a632c6967d7d6b6e371509bc85f6a2d0f300f54940ade54b21
Instruction Fuzzy Hash: 9E61F9B6900604CFCB91DF64C880999BBF1FF49310B198499E829AF351DB75E941CFA0

Function 06B75AEE Relevance: 7.7, APIs: 5, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60067871cabffb992f83ca8a872174275d3969e5fbedcc140d6d23b98242caa9
Instruction ID: e80f0353b8844fd4d05c38bff8f723edc089c2a4679044d06a9001f8419a68ec
Opcode Fuzzy Hash: 60067871cabffb992f83ca8a872174275d3969e5fbedcc140d6d23b98242caa9
Instruction Fuzzy Hash: 62610BB5900205CFCB94DFA4C480AADBBF5FF49310B19C499E829AF351DB75A941CFA0

Function 026C8C77 Relevance: 7.6, APIs: 5, Instructions: 136COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 026C8CCB
__CxxThrowException@8.LIBVCRUNTIME ref: 026C8D25
__CxxThrowException@8.LIBVCRUNTIME ref: 026C8D72
__EH_prolog3_GS.LIBCMT ref: 026C8D7F
__CxxThrowException@8.LIBVCRUNTIME ref: 026C8DAA

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: Exception@8Throw$H_prolog3_
String ID:
API String ID: 177240471-0
Opcode ID: daadf15c4f0256a2b2c4f38783e3eeefea6cd3d37fcb773bf45d77d0951aeb5a
Instruction ID: 177403592733772a68e4269a802bc9844304dd9453fbd0aac742f95c8f39cf3a
Opcode Fuzzy Hash: daadf15c4f0256a2b2c4f38783e3eeefea6cd3d37fcb773bf45d77d0951aeb5a
Instruction Fuzzy Hash: A3419E716001189FCB16EFA8D988CAEB7BAFF09310B604199E8059B264DB31EE45CF90

Function 06B65C77 Relevance: 7.6, APIs: 5, Instructions: 136COMMON

Download Yara Rule

APIs

__CxxThrowException@8.LIBVCRUNTIME ref: 06B65CCB
__CxxThrowException@8.LIBVCRUNTIME ref: 06B65D25
__CxxThrowException@8.LIBVCRUNTIME ref: 06B65D72
__EH_prolog3_GS.LIBCMT ref: 06B65D7F
__CxxThrowException@8.LIBVCRUNTIME ref: 06B65DAA

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: Exception@8Throw$H_prolog3_
String ID:
API String ID: 177240471-0
Opcode ID: 7e2f53679791417832741cd013ec90f88fb4bcf2d318f523cb40449760696937
Instruction ID: 04aed21c310bcecee8cf78696331b2aa86f04276b690463bfd0ac61941fe268f
Opcode Fuzzy Hash: 7e2f53679791417832741cd013ec90f88fb4bcf2d318f523cb40449760696937
Instruction Fuzzy Hash: 5D41A0B1A40108DFCB94EFB9DD88CAEB7B5EF48210B6081D9F5159B260DB36EE51CB50

Function 026C95A6 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026C95AD
new.LIBCMT ref: 026C972F

Part of subcall function 026C9491: __EH_prolog3_GS.LIBCMT ref: 026C9498
Part of subcall function 026C9491: __CxxThrowException@8.LIBVCRUNTIME ref: 026C952E

new.LIBCMT ref: 026C979B

Strings

?, xrefs: 026C964D

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: Exception@8H_prolog3H_prolog3_Throw
String ID: ?
API String ID: 3648411918-1684325040
Opcode ID: 0e6deb6de55f28f193bc0e52d3d6bcf755d13895af26786c5a6ed9c56d1088fd
Instruction ID: 4a838b40ab963ab9cfa346f3ddd6c1c47bd81c3989d5f03f674f0dceb0e8c403
Opcode Fuzzy Hash: 0e6deb6de55f28f193bc0e52d3d6bcf755d13895af26786c5a6ed9c56d1088fd
Instruction Fuzzy Hash: BA61F774501744CFD761CF68C488AAABBF4FF08304F9588ADE89A9B351DB76A904CF90

Function 06C0DE26 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 06C0DE2D
__CxxThrowException@8.LIBVCRUNTIME ref: 06C0DEDD
__EH_prolog3_GS.LIBCMT ref: 06C0DEEA

Part of subcall function 06BC1035: __onexit.LIBCMT ref: 06BC103B

Strings

:, xrefs: 06C0DF06

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3_$Exception@8Throw__onexit
String ID: :
API String ID: 2275094935-336475711
Opcode ID: 797d796eb06da45400cebca6cca1d9643f065e28bd99a4663be11e474aa552cf
Instruction ID: 9728759491e4795a29363fcb48b9763b45c3051a356c3d9111af0c927dfed5a2
Opcode Fuzzy Hash: 797d796eb06da45400cebca6cca1d9643f065e28bd99a4663be11e474aa552cf
Instruction Fuzzy Hash: AA4180B5900208EFDB94EBB8CD80AEDB7B8EF14310F504159E566972D0EF746A45CBA1

Function 02704D84 Relevance: 6.5, Strings: 5, Instructions: 278COMMON

Download Yara Rule

Strings

, xrefs: 02704E07, 02704E72, 02704E84, 02704EA7
IOSY, xrefs: 02704DC9
)+/5, xrefs: 02704DBB
;=CG, xrefs: 02704DC2
aegk, xrefs: 02704DD0

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: )+/5$;=CG$IOSY$aegk$
API String ID: 0-3113352896
Opcode ID: dea71468b72c3de592abf34191cae2b37b9c631a20cc4be39ea3339d8312eb9b
Instruction ID: bd5555926f7e37416423fa95975315dd1992da313c34fc00879d71503be149c8
Opcode Fuzzy Hash: dea71468b72c3de592abf34191cae2b37b9c631a20cc4be39ea3339d8312eb9b
Instruction Fuzzy Hash: 729182B2D002199BDF21DBE09C80FEE77F9AF00361F944565EE54AB240E7659E098FE1

Function 06BA1D84 Relevance: 6.5, Strings: 5, Instructions: 278COMMON

Download Yara Rule

Strings

;=CG, xrefs: 06BA1DC2
)+/5, xrefs: 06BA1DBB
, xrefs: 06BA1E07, 06BA1E72, 06BA1E84, 06BA1EA7
aegk, xrefs: 06BA1DD0
IOSY, xrefs: 06BA1DC9

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: )+/5$;=CG$IOSY$aegk$
API String ID: 0-3113352896
Opcode ID: dea71468b72c3de592abf34191cae2b37b9c631a20cc4be39ea3339d8312eb9b
Instruction ID: 968a8dcdbbda5fdf3cc833ac11bc0087e4cabdabc3e82969fb6b936060d7c0af
Opcode Fuzzy Hash: dea71468b72c3de592abf34191cae2b37b9c631a20cc4be39ea3339d8312eb9b
Instruction Fuzzy Hash: 5B9150F2D14319ABDFB1DBE09C51BAF77B8AF00360F0441A5ED14AB240E6759A4AC7B1

Function 027331F2 Relevance: 6.3, APIs: 4, Instructions: 316COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 02733279

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b07bfabf0d263e615428ed09b3c7df30c3fc2a5a6fe0d4f92863895b9a8bc67c
Instruction ID: 0c6ffff265a09999527ce55e5b46c6dc43250672afb61b4538565df34914e4e9
Opcode Fuzzy Hash: b07bfabf0d263e615428ed09b3c7df30c3fc2a5a6fe0d4f92863895b9a8bc67c
Instruction Fuzzy Hash: 41B14872D052969FEB33CB28C8917BEFBA5EF51364F1442E9D445AB282C7389941CBD0

Function 06BD01F2 Relevance: 6.3, APIs: 4, Instructions: 316COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 06BD0279

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: b07bfabf0d263e615428ed09b3c7df30c3fc2a5a6fe0d4f92863895b9a8bc67c
Instruction ID: e14ef4af056cc321cfacefa7528281b9b52b41d6b772ba359fb2339435a3e78d
Opcode Fuzzy Hash: b07bfabf0d263e615428ed09b3c7df30c3fc2a5a6fe0d4f92863895b9a8bc67c
Instruction Fuzzy Hash: D2B14AB2D053569FEB61DF28C891BAEBFB4EF15360F1442E9D4549F280E3389941CB90

Function 026CAA45 Relevance: 6.1, APIs: 4, Instructions: 135COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 026CAA4C
new.LIBCMT ref: 026CAA6E
new.LIBCMT ref: 026CAB2A
__CxxThrowException@8.LIBVCRUNTIME ref: 026CABD1

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw
String ID:
API String ID: 2985221223-0
Opcode ID: 0ff991a3072b5c294880d0e787f5aa1bcbf6e7268610e40eb97838af117abdb7
Instruction ID: b1919f3a9e484d1976b387b66a8cd69793a887928a6c2e2af545f2a627704c26
Opcode Fuzzy Hash: 0ff991a3072b5c294880d0e787f5aa1bcbf6e7268610e40eb97838af117abdb7
Instruction Fuzzy Hash: D1518931600209AFDB19EFA4D994EADB7FAEF44304F2480ADE50A9B351EB719D06CF51

Function 02730BD5 Relevance: 6.1, APIs: 4, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e64851cc79eeff34207540168d3d5e4ba5f0da35ce3472fd512dbf34b7bc4640
Instruction ID: 511d3df7db6796166380f22c1a36f1e6fff2f15d36c0743bcfdf4d2d87a96292
Opcode Fuzzy Hash: e64851cc79eeff34207540168d3d5e4ba5f0da35ce3472fd512dbf34b7bc4640
Instruction Fuzzy Hash: 1741FB71A00358EFD7279F78CC45BABBBEAEB88710F10462AE055EB681D771A545CB80

Function 026DCE1B Relevance: 6.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 026DCE22
new.LIBCMT ref: 026DCE30
new.LIBCMT ref: 026DCE98
new.LIBCMT ref: 026DCED2

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 70b2677c13e9af9a33528b384a5dc146883f7ca95dbdf892f7fab2edbf5361f3
Instruction ID: 2ac587912d8128d6d4d22cb5394102d5a89a3386cd66a88b9013ca0a4faf4282
Opcode Fuzzy Hash: 70b2677c13e9af9a33528b384a5dc146883f7ca95dbdf892f7fab2edbf5361f3
Instruction Fuzzy Hash: 55318DB1900619AFDB05DFA4C854EAEBBBAFF48704F14855EE5059B281DB70AA44CFE0

Function 026DC5A2 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 026DC5A9
__allrem.LIBCMT ref: 026DC5CC
new.LIBCMT ref: 026DC5E3
new.LIBCMT ref: 026DC651

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3___allrem
String ID:
API String ID: 3205878136-0
Opcode ID: 267f4a7ede5ceb274d2f1c4eb7e04fde26420022598b7d4424b966d975190106
Instruction ID: 95bcbcaa7ff7f456e80422c7bd322b6f0ed8ed89062adfb248c16c9a8230ab22
Opcode Fuzzy Hash: 267f4a7ede5ceb274d2f1c4eb7e04fde26420022598b7d4424b966d975190106
Instruction Fuzzy Hash: E531E070A00208EFDB15EFA4C995BED7BB6EF44304F64409CD505AB381DB74AA45CF98

Function 06B795A2 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 06B795A9
__allrem.LIBCMT ref: 06B795CC
new.LIBCMT ref: 06B795E3
new.LIBCMT ref: 06B79651

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3___allrem
String ID:
API String ID: 3205878136-0
Opcode ID: 92e548b83b5c6f008a58dda8400f325c6a3c31e789b22dac54515a67df73d9ee
Instruction ID: 66e5d2b039ddf7dffab3b79805183b246ada3eb603b442491cce02821c925f91
Opcode Fuzzy Hash: 92e548b83b5c6f008a58dda8400f325c6a3c31e789b22dac54515a67df73d9ee
Instruction Fuzzy Hash: 9B318BB0A01204DFDB98EFB4CD90BDD7BB4AF54300F5440A8E525AB281EB75AA45CB55

Function 0272724C Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 02727268
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 02727281

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 6a94d835e0dd44bbe3879a522c3a6804c93060767217525634841f982fbff008
Instruction ID: 4bcf56eb3f5ce3bdfbe6f4aa557b2117e2f461b40c83ba7e9557a93404d8f1e9
Opcode Fuzzy Hash: 6a94d835e0dd44bbe3879a522c3a6804c93060767217525634841f982fbff008
Instruction Fuzzy Hash: 7B017B3310A3315EE72E27B56EC872B67F9DB407B4B60032AF924854E9EF114C888610

Function 06BC424C Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 06BC4268
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 06BC4281

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 6a94d835e0dd44bbe3879a522c3a6804c93060767217525634841f982fbff008
Instruction ID: 558aaaf0fcf35e6c012a76afcc5df17ef7820ae6bb7b4b98082911bd3b01a2b7
Opcode Fuzzy Hash: 6a94d835e0dd44bbe3879a522c3a6804c93060767217525634841f982fbff008
Instruction Fuzzy Hash: 460128B25283312DF7D817B56DE562F27E4DB402B176043ADF6248D4E8EF114B008150

Function 0272528E Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 027252A5

Part of subcall function 027258DD: ___BuildCatchObjectHelper.LIBVCRUNTIME ref: 0272590C
Part of subcall function 027258DD: ___AdjustPointer.LIBCMT ref: 02725927

_UnwindNestedFrames.LIBCMT ref: 027252BC
___FrameUnwindToState.LIBVCRUNTIME ref: 027252CE
CallCatchBlock.LIBVCRUNTIME ref: 027252F2

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
String ID:
API String ID: 2901542994-0
Opcode ID: b5fc079b556d4405917486fcc151aa874695c6458e73cb5ec622f325b6035c77
Instruction ID: 2acb59818025b5231636a45166ed7a5286653a56e0993622bbd34dcfb7af0a29
Opcode Fuzzy Hash: b5fc079b556d4405917486fcc151aa874695c6458e73cb5ec622f325b6035c77
Instruction Fuzzy Hash: 0601D332000119BBCF16AF65CC05EDA3BBAEF49754F554019FA1866120D772E869DFA0

Function 06BC228E Relevance: 6.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

___BuildCatchObject.LIBVCRUNTIME ref: 06BC22A5

Part of subcall function 06BC28DD: ___BuildCatchObjectHelper.LIBVCRUNTIME ref: 06BC290C
Part of subcall function 06BC28DD: ___AdjustPointer.LIBCMT ref: 06BC2927

_UnwindNestedFrames.LIBCMT ref: 06BC22BC
___FrameUnwindToState.LIBVCRUNTIME ref: 06BC22CE
CallCatchBlock.LIBVCRUNTIME ref: 06BC22F2

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: Catch$BuildObjectUnwind$AdjustBlockCallFrameFramesHelperNestedPointerState
String ID:
API String ID: 2901542994-0
Opcode ID: b5fc079b556d4405917486fcc151aa874695c6458e73cb5ec622f325b6035c77
Instruction ID: 55d9322aff434e1bd3e937e3f001abe2356ae730dc8ba503ceadadb963010c9d
Opcode Fuzzy Hash: b5fc079b556d4405917486fcc151aa874695c6458e73cb5ec622f325b6035c77
Instruction Fuzzy Hash: 3801E972400109BFDF92AF65CC01EDA3BBAFF48764F158459FD2865120D372EAA1DBA0

Function 02726A5A Relevance: 6.0, APIs: 4, Instructions: 14COMMON

Download Yara Rule

APIs

___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 02726A5A
___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 02726A5F
___vcrt_initialize_locks.LIBVCRUNTIME ref: 02726A64

Part of subcall function 027274E2: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 027274F3

___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 02726A79

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
String ID:
API String ID: 1761009282-0
Opcode ID: 878da9353edfb9561c0491fb44ff0f84d53300f9d96c7cef14d60bbb3a08e25c
Instruction ID: e9feae94c838016f3b8992ee314fd8c3b73186e9160b384591f64f5b6cda1981
Opcode Fuzzy Hash: 878da9353edfb9561c0491fb44ff0f84d53300f9d96c7cef14d60bbb3a08e25c
Instruction Fuzzy Hash: 20C04C75400171159C2B3AB2135D3AE976F4C92BC5BA064C7CC52174029E46048E9C36

Function 0272CA1C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 270COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0272CB76

Strings

+, xrefs: 0272CACC
-, xrefs: 0272CABF

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 1fa52a4ade5270ee05d9137f343a31ee6469b22b92ef48e9e16122ab4ec9399f
Instruction ID: 1404e45170cb88c28173ff1047c23892b014690d2d3c2222bdebd784a6c010ec
Opcode Fuzzy Hash: 1fa52a4ade5270ee05d9137f343a31ee6469b22b92ef48e9e16122ab4ec9399f
Instruction Fuzzy Hash: 1191E231D011689ACF23DE78C8517EE7BB6EFA5360F26825FE865A7290D7304A4DCB50

Function 06BC9A1C Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 270COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 06BC9B76

Strings

-, xrefs: 06BC9ABF
+, xrefs: 06BC9ACC

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 77a3c2c54b4ed7e87f0110b8e6721a39101e2e47b92edc770811caf8e0725d00
Instruction ID: 253560dde1d87b92b5ecc0ee152e0caecf66730b0445a120925dbd931ec0fb18
Opcode Fuzzy Hash: 77a3c2c54b4ed7e87f0110b8e6721a39101e2e47b92edc770811caf8e0725d00
Instruction Fuzzy Hash: BD919DB1E04109AEEBA4AE68C8416EE7BB5EB85370F1452DDE875AB280D7309B05CB50

Function 06C0656D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 231COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 06C06577

Strings

:, xrefs: 06C06671
], xrefs: 06C0661A

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3_
String ID: :$]
API String ID: 2427045233-848262587
Opcode ID: 2049c9e59f0954a308e3a09500177987c698800cdd888d125a0133845fab02ef
Instruction ID: 4c223f7c48311021336b79598998d8fc118f1fbb65a20b966fd628e44a8bdae9
Opcode Fuzzy Hash: 2049c9e59f0954a308e3a09500177987c698800cdd888d125a0133845fab02ef
Instruction Fuzzy Hash: 7E91B0B1D04358DEEBA4EFAACD80BDDBBB4AF11314F10419DE455671C1DBB42A88CB51

Function 06B665A6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 131COMMON

Download Yara Rule

APIs

new.LIBCMT ref: 06B6672F

Part of subcall function 06B66491: __EH_prolog3_GS.LIBCMT ref: 06B66498
Part of subcall function 06B66491: __CxxThrowException@8.LIBVCRUNTIME ref: 06B6652E

new.LIBCMT ref: 06B6679B

Strings

?, xrefs: 06B6664D

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: ?
API String ID: 2985221223-1684325040
Opcode ID: 902363effa3767d129e6e3d6d4a75541c81e8e287db092038de40307d9a2b9b6
Instruction ID: 6f78c54bb597246b8bf04c0dc0cd4612502040a5b453a5de7c7d109a0a9a0430
Opcode Fuzzy Hash: 902363effa3767d129e6e3d6d4a75541c81e8e287db092038de40307d9a2b9b6
Instruction Fuzzy Hash: D461F9B4500744CFD761CF68C884A9ABBF4FF08314F9588ADE89A9B351DB76A904CF50

Function 06BE4C77 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 06BE4C7E
__CxxThrowException@8.LIBVCRUNTIME ref: 06BE4DE3

Strings

:, xrefs: 06BE4D7C

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: Exception@8H_prolog3_Throw
String ID: :
API String ID: 2985221223-336475711
Opcode ID: 881de93898df55adf83a09d2534cf013d17c39adcedcc4ef588d88fa1ea03747
Instruction ID: 0df6eeaa83ba30edafd849ac4bec581b0b312cade6fbcf08b34132681fad73ab
Opcode Fuzzy Hash: 881de93898df55adf83a09d2534cf013d17c39adcedcc4ef588d88fa1ea03747
Instruction Fuzzy Hash: FA41A2B5D403199EDBA1EBB5CD51BEDB7F4EF04700F208199E825AB2C1EBB46A04CB50

Function 06C028D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 06C028D7

Part of subcall function 06B60F71: _memcmp.LIBVCRUNTIME ref: 06B60FD9

Part of subcall function 06B76312: __EH_prolog3_GS.LIBCMT ref: 06B76319

Strings

[, xrefs: 06C02978
:, xrefs: 06C029A3

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID: H_prolog3_$_memcmp
String ID: :$[
API String ID: 981120583-3689730190
Opcode ID: c677eb1234b93b310bfd1d6e4de30933394a059ba755267d477497fe69923dc7
Instruction ID: 818ac379020ef90c2f40b8e6c8853e5f5bfe4caa4cc0b17bcf00a7b5b6fcdf7c
Opcode Fuzzy Hash: c677eb1234b93b310bfd1d6e4de30933394a059ba755267d477497fe69923dc7
Instruction Fuzzy Hash: E63125B09005449AEFE4E67DCD94FEE77B99F85720F10024AE421B72C0DFA81B46C621

Function 02712F24 Relevance: 5.2, Strings: 4, Instructions: 186COMMON

Download Yara Rule

Strings

0+m, xrefs: 0271302B
O5m, xrefs: 0271303F
[=, xrefs: 027130C1
I(fQ, xrefs: 027130B7

Memory Dump Source

Source File: 00000000.00000003.1656522833.00000000026C2000.00000004.00000020.00020000.00000000.sdmp, Offset: 026C2000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_26c2000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: 0+m$I(fQ$O5m$[=
API String ID: 0-2929770212
Opcode ID: d17f614a8967b0abda4c614d1710b51e629788fa12b183089a0fb7ff257effb6
Instruction ID: 72432ba8cc5bba301f6d1706c37bc2d8cf3e2872b831d75b05a52e8d0f4c378e
Opcode Fuzzy Hash: d17f614a8967b0abda4c614d1710b51e629788fa12b183089a0fb7ff257effb6
Instruction Fuzzy Hash: 86A144B0901798CFDB20CFA9D98079EBBB4FF04300F50899DD19AAB601D7B5AA85CF55

Function 06BAFF24 Relevance: 5.2, Strings: 4, Instructions: 186COMMON

Download Yara Rule

Strings

0+m, xrefs: 06BB002B
O5m, xrefs: 06BB003F
I(fQ, xrefs: 06BB00B7
[=, xrefs: 06BB00C1

Memory Dump Source

Source File: 00000000.00000003.1657420114.0000000006B5F000.00000004.00000020.00020000.00000000.sdmp, Offset: 06B5F000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_6b5f000_$RMH4FA8.jbxd

Similarity

API ID:
String ID: 0+m$I(fQ$O5m$[=
API String ID: 0-2929770212
Opcode ID: d17f614a8967b0abda4c614d1710b51e629788fa12b183089a0fb7ff257effb6
Instruction ID: 37804ab9e3b012eab00e88210e38f48fc513c97f4e36d69d9fe1868de439e1e7
Opcode Fuzzy Hash: d17f614a8967b0abda4c614d1710b51e629788fa12b183089a0fb7ff257effb6
Instruction Fuzzy Hash: D4A131B0901758CEDB60CFA9D98079EBBB4FF04300F50899DD1AAAB600D7B5AA85CF55

Analysis Process: ISL_Light_Client_4_4_2332_44 49919761.exePID: 7664, Parent PID: 7564COMMON

Execution Graph

Execution Coverage:	9.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	111

Executed Functions

Function 6CF1247B Relevance: 23.1, APIs: 8, Strings: 5, Instructions: 362
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF12482
ioctlsocket.WS2_32(?,8004667E,00000001), ref: 6CF12498
WSAGetLastError.WS2_32(?,8004667E,00000001,00000044,?,6CFF38D8,?,00000029,0000001B,6CFF38D8,00000004,00000044,?,6CFF38D8,?,0000FFFF), ref: 6CF124A8
__EH_prolog3_catch_GS.LIBCMT ref: 6CF124E7

Strings

bind, xrefs: 6CF12B45
ioctlsocket_FIONBIO, xrefs: 6CF124C0
%, xrefs: 6CF12ADA
NetMT WSA win32, xrefs: 6CF1275D
bind name=%1%, xrefs: 6CF12758

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorH_prolog3_H_prolog3_catch_Lastioctlsocket
String ID: %$NetMT WSA win32$bind$bind name=%1%$ioctlsocket_FIONBIO
API String ID: 3440179552-3916013023
Opcode ID: b8f67542eaaf5397a398ab60f08d4bf26ce6e4eacc37795e04e1122e8c704143
Instruction ID: 3d1da04bfd1f50f9877b2b18215567aa873c64c015611558ad7b32a1fbbd3c1d
Opcode Fuzzy Hash: b8f67542eaaf5397a398ab60f08d4bf26ce6e4eacc37795e04e1122e8c704143
Instruction Fuzzy Hash: 8BF16670D05258DFEB25CFA8C888BDDBBB4AF09308F1080D9D059AB691DB755A88CF61

Function 00C44F4F Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 72
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(?,00000000,00000000,00C45080,00000000,00000000,000000FE,00C411D6,00C45A51,00000000,00000000,?,00000000), ref: 00C44F60
RegOpenKeyExA.KERNEL32(-7FFFFFFF,Software\ISL Online\launch,00000000,00000001,00000000,?,00000000,00000000,00C45080,00000000,00000000,000000FE,00C411D6,00C45A51,00000000,00000000), ref: 00C44F89
RegQueryValueExW.ADVAPI32(00000000,location,00000000,000000FE,000000FE,?,?,00000000,00000000,00C45080,00000000,00000000,000000FE,00C411D6,00C45A51,00000000), ref: 00C44FB8
RegCloseKey.ADVAPI32(00000000,?,00000000,00000000,00C45080,00000000,00000000,000000FE,00C411D6,00C45A51,00000000,00000000), ref: 00C4502D

Part of subcall function 00C444AA: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00C441B3,00000618), ref: 00C444C8
Part of subcall function 00C444AA: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000000,00000000,00000000,?,00000000,?,00C441B3,00000618), ref: 00C444EC

RegQueryValueExW.ADVAPI32(00000000,create,00000000,000000FE,00C45A51,0001FFFD,0000FFFF,?,00000000,00000000,00C45080,00000000,00000000,000000FE,00C411D6,00C45A51), ref: 00C45008
RegCloseKey.ADVAPI32(00000004,?,00000000,00000000,00C45080,00000000,00000000,000000FE,00C411D6,00C45A51,00000000), ref: 00C4501F

Strings

Software\ISL Online\launch, xrefs: 00C44F7E
location, xrefs: 00C44FAF
create, xrefs: 00C44FFF

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharCloseMultiQueryValueWide$OpenVersion
String ID: Software\ISL Online\launch$create$location
API String ID: 1482860899-4092529538
Opcode ID: 7219163e0cf028061e94865fc2631210ae6816f919f1645049297965cced2b47
Instruction ID: 580f2cc1f93102fb296d8a2748e870a9615cc0f73b9885155a7f27c82fccd229
Opcode Fuzzy Hash: 7219163e0cf028061e94865fc2631210ae6816f919f1645049297965cced2b47
Instruction Fuzzy Hash: D3216D75108305ABC7109F21EC44FAFB7ECFF45354F000A2EB996D2160D736DA49AA62

Function 00C4489A Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32(shell32.dll,00000000,?,%PROGRAMFILES%), ref: 00C448B3
GetProcAddress.KERNEL32(00000000,SHGetFolderPathW), ref: 00C448C5
GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 00C44908
FreeLibrary.KERNEL32(00000000,?,%PROGRAMFILES%), ref: 00C44931

Part of subcall function 00C444AA: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00C441B3,00000618), ref: 00C444C8
Part of subcall function 00C444AA: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000000,00000000,00000000,?,00000000,?,00C441B3,00000618), ref: 00C444EC

Strings

%PROGRAMFILES%, xrefs: 00C448A0
shell32.dll, xrefs: 00C448A3
SHGetFolderPathW, xrefs: 00C448BF
SHGetFolderPathA, xrefs: 00C44902

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressByteCharLibraryMultiProcWide$FreeLoad
String ID: %PROGRAMFILES%$SHGetFolderPathA$SHGetFolderPathW$shell32.dll
API String ID: 52142658-1984668975
Opcode ID: 9129be9b0662e029f5efb6363dc9f2daf9e966cecc4a04b6b1b054979e17674f
Instruction ID: 6a19c22307400b458af53c4ce3b8ad6389827f72c812c5147db43244ec3f2f1e
Opcode Fuzzy Hash: 9129be9b0662e029f5efb6363dc9f2daf9e966cecc4a04b6b1b054979e17674f
Instruction Fuzzy Hash: C301C435105341BBC725AF90EC09F9FBBA9FF9D360F180928F95592160DB31C9459762

Function 6CF4B53A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 215registrytimeCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CF4B544

Part of subcall function 6CF59EF5: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,6CF4B54E,00000098,6CDC17FA,?,00000001), ref: 6CF59F11

Part of subcall function 6CDDD79B: __EH_prolog3_GS.LIBCMT ref: 6CDDD7A2

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?,00000000,00000098,6CDC17FA,?,00000001), ref: 6CF4B58B

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

RegQueryValueExA.KERNEL32(?,6CD8C488,00000000,?,00000000,?,?,00000001), ref: 6CF4B5F9
GetSystemTimeAsFileTime.KERNEL32(?,00000000,?), ref: 6CF4B657
RegCloseKey.KERNEL32(?,?,00000001), ref: 6CF4B7DA

Strings

\Boost transport type, xrefs: 6CF4B55B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Time$CloseCriticalDeallocateFileH_prolog3_H_prolog3_catch_InitializeOpenQuerySectionSystemValue
String ID: \Boost transport type
API String ID: 3331101602-1074822025
Opcode ID: 4360e6d6fbb2d5c4bfb00c88f63c37e5401c6ccd7944dee6df6ae54baf7d7c70
Instruction ID: db418954c2857798b35f80413cb1dc52f6a0afc4143191aaebdbc004d7040c52
Opcode Fuzzy Hash: 4360e6d6fbb2d5c4bfb00c88f63c37e5401c6ccd7944dee6df6ae54baf7d7c70
Instruction Fuzzy Hash: 79814871D056189FEB24DFA8D880ADDBBB8EF08304F60855EE424A7652DB306A49CF61

Function 6CEF44F1 Relevance: 10.6, APIs: 7, Instructions: 82fileCOMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 6CEF4511

Part of subcall function 6CEF48A4: GetCurrentProcessId.KERNEL32(?,6CEF4522), ref: 6CEF48B1

InitializeSecurityDescriptor.ADVAPI32(?,00000001), ref: 6CEF4531
SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000), ref: 6CEF4541
CreateMailslotW.KERNEL32(?,00020000,000000FF,?), ref: 6CEF456C
ReadFile.KERNEL32(00000000,?,0001FFFC,?,00000000), ref: 6CEF45EC
CloseHandle.KERNEL32(00000000), ref: 6CEF45F4
CoUninitialize.OLE32 ref: 6CEF45FA

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: DescriptorInitializeSecurity$CloseCreateCurrentDaclFileHandleMailslotProcessReadUninitialize
String ID:
API String ID: 1377920774-0
Opcode ID: 1261a71f8ca7b23546f3a5e0f06b4732267011525592bb7110951a0094f64cbe
Instruction ID: 88a17e95128b8d993615ded92ec3ae94477992b7b845d843d9e1ffcc96985558
Opcode Fuzzy Hash: 1261a71f8ca7b23546f3a5e0f06b4732267011525592bb7110951a0094f64cbe
Instruction Fuzzy Hash: 30314D7194422C9FDB10DF64CD84FDEB3F9EF05314F2045A5A999E2281DB74AA89CFA0

Function 6CEF4778 Relevance: 7.6, APIs: 5, Instructions: 117commemoryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CEF477F
GlobalAlloc.KERNEL32(00000002,00000000,0000000C,6CEF4627,?,00000000,?,6CEF4589,?), ref: 6CEF478E
CreateStreamOnHGlobal.OLE32(00000000,00000000,?,?,6CEF4589,?), ref: 6CEF47AC
CoCreateInstance.OLE32(6CD51310,00000000,00000017,6CD87B2C,?,?,6CEF4589,?), ref: 6CEF47D2
GlobalFree.KERNEL32(00000000), ref: 6CEF4896

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Global$Create$AllocFreeH_prolog3InstanceStream
String ID:
API String ID: 984538316-0
Opcode ID: f69f3d6f897a977dcc5deccad49c7fbc70dcbf7db67fcd3a7948f000c4d703ae
Instruction ID: 6ea81a357626afc0dee0cd6899fcf18c7bc9b532d1820bfc9b61ac24a5f3b537
Opcode Fuzzy Hash: f69f3d6f897a977dcc5deccad49c7fbc70dcbf7db67fcd3a7948f000c4d703ae
Instruction Fuzzy Hash: 42412E70B0169ADBEB04CBA5C948AAF7BB9AF89708F20445DF525EB650D735D902CB20

Function 00C466C1 Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,00C43B64,000000F8), ref: 00C466C7
RtlAllocateHeap.NTDLL(00000000), ref: 00C466CE

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 8dca8ca8e83d68610446634380525e412f52a53c3686566a0c60006cf1967816
Instruction ID: 8bab3eafe7aad22ce66968f001caba22e30d0f6d70a0be09a27717ef51f94933
Opcode Fuzzy Hash: 8dca8ca8e83d68610446634380525e412f52a53c3686566a0c60006cf1967816
Instruction Fuzzy Hash: E9B00279644201ABDF417FE19E0DB1D7A65BB45743F044445F34B86460C6758511DB11

Function 6CE5B0C9 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e4e6547737a3333e6c4c8be119177faeb7cd02dc557e6493fb8e1b0ba04af7c
Instruction ID: 0315b53d66096c1cbf66168d9ce782001a64035b16fc2d5be201177520703af8
Opcode Fuzzy Hash: 8e4e6547737a3333e6c4c8be119177faeb7cd02dc557e6493fb8e1b0ba04af7c
Instruction Fuzzy Hash: AEB0123060830CEBEB08AB17CC41F6937BBAFC8B04F90803469002E698CFB17D558584

Function 6CF1215F Relevance: 61.5, APIs: 20, Strings: 15, Instructions: 223
libraryloadernetworkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF12169
GetVersion.KERNEL32(000001B8,6CF12C2E,00000004,6CDC17F5,?,00000001), ref: 6CF12170
WSAStartup.WS2_32(00000202,?), ref: 6CF121A2
LoadLibraryW.KERNEL32(Ws2_32.dll,?,?,00000001), ref: 6CF121C1
GetProcAddress.KERNEL32(00000000,GetAddrInfoW), ref: 6CF121D9
GetProcAddress.KERNEL32(00000000,FreeAddrInfoW), ref: 6CF121E4
GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 6CF121EF
GetProcAddress.KERNEL32(00000000,freeaddrinfo), ref: 6CF121FA
__EH_prolog3_GS.LIBCMT ref: 6CF1225D
ioctlsocket.WS2_32(?,4004667F,?), ref: 6CF1226C
WSAGetLastError.WS2_32(?,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed,?,?,00000001), ref: 6CF1227F

Part of subcall function 6CF228E9: __EH_prolog3_GS.LIBCMT ref: 6CF228F0

Part of subcall function 6CF22A63: __EH_prolog3.LIBCMT ref: 6CF22A6A

Part of subcall function 6CDF158A: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6CDC1249,?,?,?,6CDC1249,?,6CFF3920), ref: 6CDF15EA

__EH_prolog3_GS.LIBCMT ref: 6CF122BB
setsockopt.WS2_32(?,0000FFFF,00000008,6CFF38D8,00000004), ref: 6CF122D4
WSAGetLastError.WS2_32(?,0000FFFF,00000008,6CFF38D8,00000004,00000044,?,6CFF38D8,?,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed), ref: 6CF122E4
__EH_prolog3_GS.LIBCMT ref: 6CF12320
setsockopt.WS2_32(?,00000006,00000001,6CFF38D8,00000004), ref: 6CF12336

Strings

freeaddrinfo, xrefs: 6CF121F1
setsockopt_SO_KEEPALIVE, xrefs: 6CF122FC
ioctlsocket_FIONREAD, xrefs: 6CF12297
setsockopt_SO_SNDBUF, xrefs: 6CF123FB
", xrefs: 6CF12A45
getaddrinfo, xrefs: 6CF121E6
setsockopt_SO_RECVBUF, xrefs: 6CF123C3
setsockopt_TCP_NODELAY, xrefs: 6CF1235E
Ws2_32.dll, xrefs: 6CF121B0
WSAStartup failed, xrefs: 6CF1223A
GetAddrInfoW, xrefs: 6CF121D3
FreeAddrInfoW, xrefs: 6CF121DB
listen, xrefs: 6CF1291C
NetMT WSA win32, xrefs: 6CF1275D
bind name=%1%, xrefs: 6CF12758

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$AddressProc$ErrorLastsetsockopt$DispatcherExceptionH_prolog3LibraryLoadStartupUserVersionioctlsocket
String ID: "$FreeAddrInfoW$GetAddrInfoW$NetMT WSA win32$WSAStartup failed$Ws2_32.dll$bind name=%1%$freeaddrinfo$getaddrinfo$ioctlsocket_FIONREAD$listen$setsockopt_SO_KEEPALIVE$setsockopt_SO_RECVBUF$setsockopt_SO_SNDBUF$setsockopt_TCP_NODELAY
API String ID: 3067175807-4134724454
Opcode ID: 580f2a59878e1f304fdc2a1e165148df46404bc8ab8e28a9f2a44f1ee00daf11
Instruction ID: 86fa0ee055d1989c12608ddf6f02c11052afd4ddeda418b76bcded4933ad76af
Opcode Fuzzy Hash: 580f2a59878e1f304fdc2a1e165148df46404bc8ab8e28a9f2a44f1ee00daf11
Instruction Fuzzy Hash: CD7184B1911205BFEB04EFF1DC89EED77B8FB05304F64442AA51196A40EB76EA4DCB50

Function 6CF1860B Relevance: 37.0, APIs: 6, Strings: 15, Instructions: 277
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CF18612

Part of subcall function 6CF18A13: __EH_prolog3_catch.LIBCMT ref: 6CF18A1A
Part of subcall function 6CF18A13: LoadLibraryA.KERNEL32(kernel32.dll,0000000C,6CF1861C,00000068,6CDC1804,?,00000001), ref: 6CF18A36

Part of subcall function 6CF966E2: LoadLibraryW.KERNELBASE(00000000,Iphlpapi.dll,6D032B78,00000000,6CF1862B,00000068,6CDC1804,?,00000001), ref: 6CF966F3

GetProcAddress.KERNEL32(00000000,?), ref: 6CF18672

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

GetProcAddress.KERNEL32(00000000,?), ref: 6CF186D6

Part of subcall function 6CF226EE: __EH_prolog3.LIBCMT ref: 6CF226F5

LoadLibraryA.KERNEL32(Psapi.dll,00000068,6CDC1804,?,00000001), ref: 6CF18757
LoadLibraryA.KERNELBASE(Pdh.dll,?,00000001), ref: 6CF188B5

Strings

GetPerformanceInfo, xrefs: 6CF18830
Psapi.dll, xrefs: 6CF1874B
PdhCloseQuery, xrefs: 6CF188F6
EnumProcesses, xrefs: 6CF18771
PdhAddCounterW, xrefs: 6CF188CF
GetProcessMemoryInfo, xrefs: 6CF187CF
GetIfTable, xrefs: 6CF18644
PdhOpenQueryW, xrefs: 6CF189CE
EnumPageFilesW, xrefs: 6CF18878
GetTcpTable, xrefs: 6CF186AE
GetAdaptersInfo, xrefs: 6CF1871C
Iphlpapi.dll, xrefs: 6CF1861E
PdhCollectQueryData, xrefs: 6CF18944
Pdh.dll, xrefs: 6CF188A9
PdhGetRawCounterValue, xrefs: 6CF1899E

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: LibraryLoad$AddressProc$DeallocateH_prolog3H_prolog3_catchH_prolog3_catch_
String ID: EnumPageFilesW$EnumProcesses$GetAdaptersInfo$GetIfTable$GetPerformanceInfo$GetProcessMemoryInfo$GetTcpTable$Iphlpapi.dll$Pdh.dll$PdhAddCounterW$PdhCloseQuery$PdhCollectQueryData$PdhGetRawCounterValue$PdhOpenQueryW$Psapi.dll
API String ID: 2133315525-914596307
Opcode ID: 96fa9068cec1fecb2ff645f23f7a5246a361dc3654c7ca698838c8a0706a6909
Instruction ID: 71dbf7d64405b80521e3034a1b7cbc78ec5161de87be7156e7762ef73d19469d
Opcode Fuzzy Hash: 96fa9068cec1fecb2ff645f23f7a5246a361dc3654c7ca698838c8a0706a6909
Instruction Fuzzy Hash: C9B1C171D01744DBDB24EFA9C54879DBBB1AF06708F60056DD4086FB92CBB58A09CBE2

Function 6CF406E2 Relevance: 32.2, APIs: 10, Strings: 8, Instructions: 652
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF406E9
LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0000007C,6CF60A1F,winhttp.dll,00000000), ref: 6CF40814
__EH_prolog3_catch_GS.LIBCMT ref: 6CF4099D

Part of subcall function 6CF406E2: GetProcAddress.KERNEL32(?,?), ref: 6CF40A23
Part of subcall function 6CF406E2: GetProcAddress.KERNEL32(?,?), ref: 6CF40AA7
Part of subcall function 6CF406E2: __EH_prolog3_GS.LIBCMT ref: 6CF41168

GetLastError.KERNEL32 ref: 6CF4083C

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Part of subcall function 6CF226EE: __EH_prolog3.LIBCMT ref: 6CF226F5

Part of subcall function 6CDF158A: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6CDC1249,?,?,?,6CDC1249,?,6CFF3920), ref: 6CDF15EA

NetWkstaGetInfo.NETAPI32(00000000,00000064,?), ref: 6CF40AF4
FreeLibrary.KERNEL32(00000000), ref: 6CF40C20

Strings

netapi32.dll, xrefs: 6CF409B9
\, xrefs: 6CF41222
kernel32.dll, xrefs: 6CF40C63
GetComputerNameExW, xrefs: 6CF40CAA
LoadLibrary, xrefs: 6CF40831
error loading %1%: %2%='%3%', xrefs: 6CF40868
NetWkstaGetInfo, xrefs: 6CF409E6
NetApiBufferFree, xrefs: 6CF40A6B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressH_prolog3_LibraryProc$DeallocateDispatcherErrorExceptionFreeH_prolog3H_prolog3_catch_InfoLastLoadUserWksta
String ID: GetComputerNameExW$LoadLibrary$NetApiBufferFree$NetWkstaGetInfo$\$error loading %1%: %2%='%3%'$kernel32.dll$netapi32.dll
API String ID: 3415671631-709614374
Opcode ID: 89163fb24adcad5699ef26dce79bf1484dbfd0a5e33024fb2d00890447f19ce0
Instruction ID: a6367b659f34b88ef8654f515f3761dd31b6fa338af3086a0f83479dedc3cf26
Opcode Fuzzy Hash: 89163fb24adcad5699ef26dce79bf1484dbfd0a5e33024fb2d00890447f19ce0
Instruction Fuzzy Hash: 23426E71D0025CDFEB24DFA4C884BDDBBB8BF14304F14809AD449A7691DB75AA89CFA1

Function 6CEF463C Relevance: 26.3, APIs: 12, Strings: 3, Instructions: 92
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GlobalSize.KERNEL32(00000000), ref: 6CEF4665
GlobalLock.KERNEL32(00000000), ref: 6CEF4672
ExpandEnvironmentStringsW.KERNEL32(%AppData%\Microsoft\Windows\SendTo\,?,00000800), ref: 6CEF46A9
StrCatW.SHLWAPI(?), ref: 6CEF46B7
StrCatW.SHLWAPI(?,6CD81E78), ref: 6CEF46C9
StrCatW.SHLWAPI(?,.lnk), ref: 6CEF46DB
CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000), ref: 6CEF46F9
WriteFile.KERNEL32(00000000,?,?,?,00000000), ref: 6CEF4731
CloseHandle.KERNEL32(00000000), ref: 6CEF4738
CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,04000080,00000000), ref: 6CEF4755
GlobalUnlock.KERNEL32(00000000), ref: 6CEF475C
GlobalFree.KERNEL32(00000000), ref: 6CEF4763

Strings

%USERPROFILE%\SendTo\, xrefs: 6CEF4692
.lnk, xrefs: 6CEF46CF
%AppData%\Microsoft\Windows\SendTo\, xrefs: 6CEF467F, 6CEF46A8

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Global$File$Create$CloseEnvironmentExpandFreeHandleLockSizeStringsUnlockWrite
String ID: %AppData%\Microsoft\Windows\SendTo\$%USERPROFILE%\SendTo\$.lnk
API String ID: 2348569952-1976941856
Opcode ID: ea83f023dbf6cb31a537bd78c6c8f27dd3537d3b848243df14cfcb7438d29445
Instruction ID: f295b65adedaa2b95fe76fee0bf72f9ef993c66a91aea70f5a81089865fbf049
Opcode Fuzzy Hash: ea83f023dbf6cb31a537bd78c6c8f27dd3537d3b848243df14cfcb7438d29445
Instruction Fuzzy Hash: 1C3161B1900218ABDB209FA4CE48FEA77BCFF4A305F1485A5B646D2140CF74AA45CFB0

Function 6CF606E3 Relevance: 19.7, APIs: 7, Strings: 4, Instructions: 401
registrytimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CF606ED

Part of subcall function 6CDE904A: __EH_prolog3_GS.LIBCMT ref: 6CDE9051

RegOpenKeyExA.KERNEL32(80000001,00000000,00000000,00020019,?,00000000,000000D4), ref: 6CF6073B

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

RegQueryValueExA.KERNEL32(?,6CD8C488,00000000,?,00000000,?), ref: 6CF607A9
GetSystemTimeAsFileTime.KERNEL32(?,00000000,?), ref: 6CF6080E

Part of subcall function 6CF251BF: __EH_prolog3_GS.LIBCMT ref: 6CF251C6

RegCloseKey.KERNEL32(?), ref: 6CF609F1
FreeLibrary.KERNEL32(00000000), ref: 6CF60B4B
__EH_prolog3_GS.LIBCMT ref: 6CF60BCC

Strings

winhttp.dll, xrefs: 6CF60A0F
:8080, xrefs: 6CF60C09
WinHttpDetectAutoProxyConfigUrl, xrefs: 6CF60AAA
WinHttpGetIEProxyConfigForCurrentUser, xrefs: 6CF60A5A

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$Time$CloseDeallocateFileFreeH_prolog3_catch_LibraryOpenQuerySystemValue
String ID: :8080$WinHttpDetectAutoProxyConfigUrl$WinHttpGetIEProxyConfigForCurrentUser$winhttp.dll
API String ID: 658153589-219921785
Opcode ID: f7d14ff6e38c67d6139f1b844d37722fff930e28aba4917860462b55e15c2ade
Instruction ID: 369ce9830d143b9d258a3985ed37a3bad88f392bfe50b018754ca9f4c6207920
Opcode Fuzzy Hash: f7d14ff6e38c67d6139f1b844d37722fff930e28aba4917860462b55e15c2ade
Instruction Fuzzy Hash: D5F16C71D01258DFDB24CFA9C880BDDBBB4FF08308F60819AD559A7A91DB705A88CF65

Function 6CF2C42B Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 113
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileSize.KERNEL32(?,00000000,000000FF,?,?), ref: 6CF2C46C
CreateFileMappingA.KERNEL32(?,00000000,00000002,00000000,00000000,00000000), ref: 6CF2C47E
MapViewOfFile.KERNEL32(00000000,00000002,00000000,00000000,?,?,00000000,00000002,00000000,00000000,00000000,?,00000000,000000FF,?,?), ref: 6CF2C4A9
CloseHandle.KERNEL32(00000000,?,00000000,00000002,00000000,00000000,00000000,?,00000000,000000FF,?,?), ref: 6CF2C4BC
CloseHandle.KERNEL32(?,?,00000000,00000002,00000000,00000000,00000000,?,00000000,000000FF,?,?), ref: 6CF2C4BF

Part of subcall function 6CF2284D: __EH_prolog3_GS.LIBCMT ref: 6CF22854

UnmapViewOfFile.KERNEL32(00000000,?,00000000,00000002,00000000,00000000,00000000,?,00000000,000000FF,?,?), ref: 6CF2C4D9
CloseHandle.KERNEL32(00000000,?,00000000,00000002,00000000,00000000,00000000,?,00000000,000000FF,?,?), ref: 6CF2C4EA
CloseHandle.KERNEL32(?,?,00000000,00000002,00000000,00000000,00000000,?,00000000,000000FF,?,?), ref: 6CF2C4ED

Strings

MapViewOfFile, xrefs: 6CF2C4C1
CreateFileMappingA, xrefs: 6CF2C529

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseFileHandle$View$CreateH_prolog3_MappingSizeUnmap
String ID: CreateFileMappingA$MapViewOfFile
API String ID: 3762929590-3797785816
Opcode ID: 85120d7fff4a75005300c27c1eb01e32ac0e01f8da26012658940876b0c0f76c
Instruction ID: b562d6a27fba7a410b0c0fa58997727299645bd6a5dbd40772e06beed227931a
Opcode Fuzzy Hash: 85120d7fff4a75005300c27c1eb01e32ac0e01f8da26012658940876b0c0f76c
Instruction Fuzzy Hash: 8431D472901218ABEB10AFB9CC49FAF7FB8EF45760F11411AF915A7690D734D801CAA0

Function 6CF1165A Relevance: 18.0, APIs: 2, Strings: 8, Instructions: 451
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF11664

Part of subcall function 6CDDE5B3: __EH_prolog3_GS.LIBCMT ref: 6CDDE5BD

Part of subcall function 6CDDE9B1: __EH_prolog3_GS.LIBCMT ref: 6CDDE9B8

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

GetAddrInfoW.WS2_32(00000000,00000006,?,?,00000001,0000001B,?,00000000,000000FC,6CF11055,?,?,?,?,00000010,6CF125D1), ref: 6CF11864

Part of subcall function 6CDDEA27: __EH_prolog3_GS.LIBCMT ref: 6CDDEA31

Part of subcall function 6CDC358D: __EH_prolog3_GS.LIBCMT ref: 6CDC3594

Strings

getaddrinfo node=[%1%] service=%2% hints=%3%, xrefs: 6CF11A2E
GetAddrInfoW, xrefs: 6CF11C7C
/, xrefs: 6CF11A33
,, xrefs: 6CF11A27
NetMT WSA win32, xrefs: 6CF116F7, 6CF118ED, 6CF11A04, 6CF11B8B
getaddrinfo, xrefs: 6CF11B2E
... %1%, xrefs: 6CF118E8, 6CF11B86
GetAddrInfoW node=[%1%] service=%2% hints=%3%, xrefs: 6CF1172A

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$AddrDeallocateInfo
String ID: ,$... %1%$/$GetAddrInfoW$GetAddrInfoW node=[%1%] service=%2% hints=%3%$NetMT WSA win32$getaddrinfo$getaddrinfo node=[%1%] service=%2% hints=%3%
API String ID: 29712139-1164087923
Opcode ID: 43ddf2b30da44e53b20724503896801022010c458484f9e1a2dd8496d4d50dd7
Instruction ID: 285097012e12103cd1107b87bf7f8b2b4ac06f5a6ba16f24834d8b767773df31
Opcode Fuzzy Hash: 43ddf2b30da44e53b20724503896801022010c458484f9e1a2dd8496d4d50dd7
Instruction Fuzzy Hash: D7122B71D05259DFEB14CFA4D880BDDBBB4BF18314F2481DAD409AB690DB719A88CF61

Function 6CF962F9 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 119
librarywindowmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog.LIBCMT ref: 6CF962FE

Part of subcall function 6CF9719D: GetVersionExA.KERNEL32(?), ref: 6CF971C0

LoadLibraryA.KERNEL32(kernel32.dll,?,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed,?,?,00000001), ref: 6CF96325
GetProcAddress.KERNEL32(00000000,FormatMessageW), ref: 6CF9633B
FormatMessageW.KERNEL32(?,0000000F,?,?,?,00000002,00000000,?,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed), ref: 6CF96376
LocalAlloc.KERNEL32(00000000,00000001,00000000,?,0000000F,?,?,?,00000002,00000000,?,?,00000000,4004667F,?,00000040), ref: 6CF963AD
LocalFree.KERNEL32(00000000,0000000F,?,?,?,00000002,00000000,?,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed), ref: 6CF963F0
FreeLibrary.KERNEL32(00000000,0000000F,?,?,?,00000002,00000000,?,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed), ref: 6CF9640E

Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000), ref: 6CF97261
Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000,4004667F,?), ref: 6CF97287

Part of subcall function 6CF971DE: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00000000,?,6CF9672C,00000000), ref: 6CF971FE
Part of subcall function 6CF971DE: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,?,00000000,?,6CF9672C,00000000), ref: 6CF97222

FormatMessageA.KERNEL32(?,?,?,?,?,00000000,00000000,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed), ref: 6CF96425

Strings

kernel32.dll, xrefs: 6CF96320
FormatMessageW, xrefs: 6CF96330

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharMultiWide$FormatFreeLibraryLocalMessage$AddressAllocH_prologLoadProcVersion
String ID: FormatMessageW$kernel32.dll
API String ID: 4007475796-156247006
Opcode ID: d3bd860d7761bbff7a598fb67e6f2132ad2135a826ef3841020445bd32953171
Instruction ID: f42e0085f6f0d8c25b9cc59eab0831c3a0985ebe42bb19d4abb98db1c441b8c0
Opcode Fuzzy Hash: d3bd860d7761bbff7a598fb67e6f2132ad2135a826ef3841020445bd32953171
Instruction Fuzzy Hash: 48419C75A01315ABEF518FA8CD88FAE7BB8BB8A308F204419F915E6640C7359905CBB0

Function 6CF1DC57 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 229
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CF1DC61
EnterCriticalSection.KERNEL32(00F11B20,000000A0,6CF1BC87,00000000,4004667F,7FFFFFFF,00000000,0000000C,6CF1BC0F,?,?,00000008,6CF1D121,?,00000040,6CDC1345), ref: 6CF1DC83
CloseHandle.KERNEL32(?,?,?,00000000,?,?,00000000,6CFD5429,000000FF,?,00000078,6CFF38D8,?,?,00000008,6CF1D121), ref: 6CF1DFC4

Part of subcall function 6CDC358D: __EH_prolog3_GS.LIBCMT ref: 6CDC3594

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Sleep.KERNEL32(00000001,?,00000000), ref: 6CF1DDD3

Strings

", xrefs: 6CF1DE70
_beginthread failed: %1%, xrefs: 6CF1DCF7, 6CF1DF7E
/, xrefs: 6CF1DE7C
thread startup, xrefs: 6CF1DCC4
new maximum number of threads: %1%, xrefs: 6CF1DE77

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseCriticalDeallocateEnterH_prolog3_H_prolog3_catch_HandleSectionSleep
String ID: "$/$_beginthread failed: %1%$new maximum number of threads: %1%$thread startup
API String ID: 2765506943-2434869471
Opcode ID: a8b86b1f58491f66bc1e99d8a09bab01709f965d6d4d55208a8b48ad01d944fc
Instruction ID: 03e6d56781cb0302be2db9e56fdc1ccc279d92392d8a7501e636d5104d92beee
Opcode Fuzzy Hash: a8b86b1f58491f66bc1e99d8a09bab01709f965d6d4d55208a8b48ad01d944fc
Instruction Fuzzy Hash: E291ADB1904218DFEB15CFA4C884BDEBBB8FB05314F10419EE449A7B91DB759A89CF20

Function 6CE5DF00 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 336
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CE5DF07
AcquireSRWLockExclusive.KERNEL32(00000006,00000078,6CE5E35A,?,6CD7AAAC,00000002,6CD7AD34,?,6CD7CB44,00000002), ref: 6CE5DF21
__EH_prolog3_catch_GS.LIBCMT ref: 6CE5E0D0

Part of subcall function 6CF293F4: __EH_prolog3_GS.LIBCMT ref: 6CF293FB

Part of subcall function 6CDC429B: __EH_prolog3_GS.LIBCMT ref: 6CDC42A2

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Strings

FONT_FACTOR, xrefs: 6CE5DF6A
translations\LangAll.tr2, xrefs: 6CE5E103
skin\custom_texts.ini, xrefs: 6CE5E20E
MATCH_WIN, xrefs: 6CE5E03C
conf_static\substitutes.txt, xrefs: 6CE5E183

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_H_prolog3_catch_$AcquireDeallocateExclusiveLock
String ID: FONT_FACTOR$MATCH_WIN$conf_static\substitutes.txt$skin\custom_texts.ini$translations\LangAll.tr2
API String ID: 798212233-3014316356
Opcode ID: 8580dc38e27c91baabb1807f89dbbc906cdf6e4d8cf7ae19f3a10ebf00901a7b
Instruction ID: 837f6a7c2451875a6e4fd1b59b5e68bd657cbe18a17d71a11310f3b73d334902
Opcode Fuzzy Hash: 8580dc38e27c91baabb1807f89dbbc906cdf6e4d8cf7ae19f3a10ebf00901a7b
Instruction Fuzzy Hash: 3FD138B1D00608DFEB14DFE8D581ADEBBB9AF08304F60851ED015AB790DB75AA49CF61

Function 00C44261 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00C44469: GetVersionExA.KERNEL32(?), ref: 00C4448C

Part of subcall function 00C466C1: GetProcessHeap.KERNEL32(00000000,?,00C43B64,000000F8), ref: 00C466C7
Part of subcall function 00C466C1: RtlAllocateHeap.NTDLL(00000000), ref: 00C466CE

LoadLibraryA.KERNEL32(00000000,?,?,?,?,00000000,00C463CC), ref: 00C4428F
GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 00C4429D
K32GetModuleBaseNameW.KERNEL32(?,00000000,00000000,?,?,?,?,?,00000000,00C463CC), ref: 00C442AA
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,00000000,00C463CC), ref: 00C442DD
GetLastError.KERNEL32(?,?,?,?,00000000,00C463CC), ref: 00C442E5
FreeLibrary.KERNEL32(00000000,?,?,?,?,00000000,00C463CC), ref: 00C442F7

Part of subcall function 00C444AA: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,00000000,?,00C441B3,00000618), ref: 00C444C8
Part of subcall function 00C444AA: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,?,00000000,00000000,00000000,?,00000000,?,00C441B3,00000618), ref: 00C444EC

Strings

psapi.dll, xrefs: 00C44288
GetModuleBaseNameW, xrefs: 00C44297

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Library$ByteCharFreeHeapMultiWide$AddressAllocateBaseErrorLastLoadModuleNameProcProcessVersion
String ID: GetModuleBaseNameW$psapi.dll
API String ID: 690046834-1235311327
Opcode ID: 5408532c591e3aa7a2eba9f6710c9c03ed541ed8ed1684f20829c1e9ce04e8ce
Instruction ID: 5e94aea84e1f67d7a350ea76c4b31b6f98416f2a8b3af25ba6e188174d788b51
Opcode Fuzzy Hash: 5408532c591e3aa7a2eba9f6710c9c03ed541ed8ed1684f20829c1e9ce04e8ce
Instruction Fuzzy Hash: 841155715006066BD3287F369C04B6FBBACFF87362F210129FC6282115CFB4CD4686A1

Function 6CF05DF8 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(shcore.dll,SetProcessDpiAwareness,6CE8E0D3,6CE5B5C7,00000330,6CE5B0DE,?,00000000), ref: 6CF05E0B
GetProcAddress.KERNEL32(00000000), ref: 6CF05E12
LoadLibraryA.KERNEL32(user32.dll,SetProcessDPIAware,6CE8E0D3,6CE5B5C7,00000330,6CE5B0DE,?,00000000), ref: 6CF05E3A
GetProcAddress.KERNEL32(00000000), ref: 6CF05E41

Strings

SetProcessDpiAwareness, xrefs: 6CF05E01
user32.dll, xrefs: 6CF05E35
shcore.dll, xrefs: 6CF05E06
SetProcessDPIAware, xrefs: 6CF05E30

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: SetProcessDPIAware$SetProcessDpiAwareness$shcore.dll$user32.dll
API String ID: 2574300362-3788450809
Opcode ID: fda46466ae98fe624d43118fad97a2125882757b5f8e0fbcef1a1614f113cc2f
Instruction ID: 3ffbc65da1c140d42fff8dcb7afe41e14cda33a54e24c2c752e24b4f5bb9d2d3
Opcode Fuzzy Hash: fda46466ae98fe624d43118fad97a2125882757b5f8e0fbcef1a1614f113cc2f
Instruction Fuzzy Hash: 75E0ED7030A20266AE401BF10E2CFEB3A589B86DCEB200844ADA5DBDC6DF95D108E935

Function 6CF19CDF Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 69threadmemoryCOMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00008003,?,?,6CDC180E,?,00000001), ref: 6CF19D06
VirtualAlloc.KERNEL32(00000000,000514CC,00003000,00000004,00000000,?,?,6CDC180E,?,00000001), ref: 6CF19D29
GetCurrentThreadId.KERNEL32 ref: 6CF19D48
OpenThread.KERNEL32(0000004A,00000000,00000000,?,?,6D032B78,?,?,6CDC180E,?,00000001), ref: 6CF19D52

Part of subcall function 6CF622CA: __EH_prolog3_catch_GS.LIBCMT ref: 6CF622D4
Part of subcall function 6CF622CA: GetTickCount.KERNEL32 ref: 6CF622FE
Part of subcall function 6CF622CA: GetCurrentThreadId.KERNEL32 ref: 6CF6231B
Part of subcall function 6CF622CA: GetCurrentProcessId.KERNEL32(?,?,6D032B78,?,?,6CDC180E,?,00000001), ref: 6CF62323
Part of subcall function 6CF622CA: GetTempPathW.KERNEL32(00000619,?,?,%u-%u-%u-%u,00000000,00000000,00000000,00000000,00000000,?,?,6D032B78,?,?,6CDC180E), ref: 6CF62382

GetEnvironmentVariableA.KERNEL32(ISSC_DEBUG_CRASH,?,0000000F,02940000,?,?,6D032B78,?,?,6CDC180E,?,00000001), ref: 6CF19D88

Strings

ISSC_DEBUG_CRASH, xrefs: 6CF19D83
full, xrefs: 6CF19D91

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CurrentThread$AllocCountEnvironmentErrorH_prolog3_catch_ModeOpenPathProcessTempTickVariableVirtual
String ID: ISSC_DEBUG_CRASH$full
API String ID: 698750323-2222335717
Opcode ID: c6e24572e394d5f1b3aa6f154f6a596c82c34db4c4b9899fe748f2e9780c078a
Instruction ID: b2a25d44a96316412ca4b63aba8ec3856b5ca83b5808a69dddaee5f4f0a4b462
Opcode Fuzzy Hash: c6e24572e394d5f1b3aa6f154f6a596c82c34db4c4b9899fe748f2e9780c078a
Instruction Fuzzy Hash: 96212770618214AFEB40ABA9C909FAA7BF4FB46708F50002CFA46A6990DB305545CBF2

Function 6CDFE79E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 6CDFE7F5
ext-ms-, xrefs: 6CDFE809

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: 707c109bbe52c3b478f4d7bec3105667d9552c3d59b69b7885d9b65e5dbf5838
Instruction ID: af699d08cec14ad6f8f9b3e43543589d987444d33a8e9f6fdefdeae0f44bb7ab
Opcode Fuzzy Hash: 707c109bbe52c3b478f4d7bec3105667d9552c3d59b69b7885d9b65e5dbf5838
Instruction Fuzzy Hash: 8321DB31A45219EBDB1167658C44B4A7B68FFC6774F270620ED75ABEA0D730FD0285E0

Function 6CF257C7 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 153registryCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF257D1
RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,?,?,?,00000890,6CF99E0C,?,?,00000004,6CF99E3B,?,00000030,00000004), ref: 6CF2586E
RegEnumValueW.ADVAPI32(?,00000000,?,000007FF,00000000,?,00000000,?), ref: 6CF258E3
RegCloseKey.ADVAPI32(?), ref: 6CF25992

Strings

Software\ISL Online\, xrefs: 6CF2580A

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseEnumH_prolog3_OpenValue
String ID: Software\ISL Online\
API String ID: 2466630147-3340055980
Opcode ID: 00fec8b6c3d2a87600094c008d8dcb1e5f20e5ea7cef3c934e9f9140a00f8067
Instruction ID: 8c205f49947883895a7af6fc238f200fb4c3551802bd9b1deebca8c5e080c903
Opcode Fuzzy Hash: 00fec8b6c3d2a87600094c008d8dcb1e5f20e5ea7cef3c934e9f9140a00f8067
Instruction Fuzzy Hash: A2514E719001189EDB18DBA4C845BEDB7F8FB04304F64C0AAE155A7691DF759A88CFA0

Function 6CF739BB Relevance: 7.6, APIs: 5, Instructions: 133memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(00DC0000,00000109,00000020,?,?,?,?,6D0418D0), ref: 6CF73AE3
VirtualProtect.KERNEL32(?,?,00000000,00000000,?,?,?,6D0418D0), ref: 6CF73B15
VirtualProtect.KERNEL32(?,?,00000000,00000000,?,?,?,?,6D0418D0), ref: 6CF73B65
GetCurrentProcess.KERNEL32(00000000,00000000,?,?,?,?,6D0418D0), ref: 6CF73B6F
FlushInstructionCache.KERNEL32(00000000,?,?,?,?,6D0418D0), ref: 6CF73B76

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
String ID:
API String ID: 4115577372-0
Opcode ID: b229abf61a14c3aea22fabec95f0e2c6c1b86bc2484484a6a5ff23bc2d15c854
Instruction ID: 01a6a760bb94728b5f211cb70190e013cd6dd7488e64e7e68e62a07904dc77e8
Opcode Fuzzy Hash: b229abf61a14c3aea22fabec95f0e2c6c1b86bc2484484a6a5ff23bc2d15c854
Instruction Fuzzy Hash: AC519071A002189FDF35CF64DC45BEAB7B5AF48308F1084AAD55A97640DB709E89CF61

Function 00C44A3B Relevance: 7.6, APIs: 5, Instructions: 62fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00C45FFE,00000000,00000000,00000000,00000000,?,00000000,00C45FFE,00000000,00000000,?,?,000000FE,000000FF,00000000), ref: 00C44A5E
GetFileSize.KERNEL32(?,00000000,00000000,00000000,?,00000000,00C45FFE,00000000,00000000,?,?,000000FE,000000FF,00000000,00000000,00C45AF8), ref: 00C44A73
CreateFileMappingA.KERNEL32(?,00000000,00000002,00000000,00C45FFE,00000000), ref: 00C44A89
MapViewOfFile.KERNEL32(00000000,00000004,00000000,00000000,00C45FFE,?,00000000,00C45FFE,00000000,00000000,?,?,000000FE,000000FF,00000000,00000000), ref: 00C44A9C
GetLastError.KERNEL32(?,00000000,00C45FFE,00000000,00000000,?,?,000000FE,000000FF,00000000,00000000,00C45AF8,?,?,00000000), ref: 00C44AA9

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: File$CreateErrorLastMappingPointerSizeView
String ID:
API String ID: 3806030159-0
Opcode ID: 0ab21a6a37ac57d2644dbd87f9626b9436cb94dba82f7cfb0d2523b6f2ae012d
Instruction ID: 94fd5303adcef493e037bd4b15174be7ecaab10404a56e012c895e3f142cc55f
Opcode Fuzzy Hash: 0ab21a6a37ac57d2644dbd87f9626b9436cb94dba82f7cfb0d2523b6f2ae012d
Instruction Fuzzy Hash: C21112B5640701AFE3249F65DC59F3BBBECFB45750F10841EB556C7650E671E8408B24

Function 6CF1D9D5 Relevance: 7.6, APIs: 5, Instructions: 54threadCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF1D9DC

Part of subcall function 6CF0B401: GetCurrentThreadId.KERNEL32 ref: 6CF0B413
Part of subcall function 6CF0B401: GetCurrentProcessId.KERNEL32(?,00000000,00000000,00000000,00000000,?,6CDC1796,?,00000001), ref: 6CF0B41B
Part of subcall function 6CF0B401: GetTickCount.KERNEL32 ref: 6CF0B423

EnterCriticalSection.KERNEL32(00F11B20,00000004), ref: 6CF1D9EF

Part of subcall function 6CF1E1A1: LeaveCriticalSection.KERNEL32(6CD7A9C0,6CDC30E6,?,6CDC710B,6CDB1570,?,?,6CF24DBC,00000000,00000000,?,?,?,?,?,/xstd/convert), ref: 6CF1E1A8

GetCurrentThread.KERNEL32 ref: 6CF1DA13
SetThreadPriority.KERNEL32(00000000), ref: 6CF1DA1A
EnterCriticalSection.KERNEL32(00F11B20), ref: 6CF1DA47

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalCurrentSectionThread$Enter$CountH_prolog3LeavePriorityProcessTick
String ID:
API String ID: 3810896034-0
Opcode ID: c78f08eca2783b9ca8c2ffa1793139e4de4ec8d1f1f5acab96f6b88a3ea4a9d7
Instruction ID: ad8a843cda9d2d87bd50ef0e2a6cb0fbfbc8bd455eadc4c15a59cbb78f8b5162
Opcode Fuzzy Hash: c78f08eca2783b9ca8c2ffa1793139e4de4ec8d1f1f5acab96f6b88a3ea4a9d7
Instruction Fuzzy Hash: 52118B70748202DFCF14DFB9CA48B997BF8BF0A714B204109E955ABB91CB31E644CB50

Function 6CE5E0C9 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 213COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CE5E0D0

Part of subcall function 6CE5EABE: __EH_prolog3_catch_GS.LIBCMT ref: 6CE5EAC8

Strings

translations\LangAll.tr2, xrefs: 6CE5E103
skin\custom_texts.ini, xrefs: 6CE5E20E
conf_static\substitutes.txt, xrefs: 6CE5E183

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_catch_
String ID: conf_static\substitutes.txt$skin\custom_texts.ini$translations\LangAll.tr2
API String ID: 1329019490-3455691631
Opcode ID: 7ae854764c0b9e9773c39d9c6a146d013011b350201f18beef47b2cdb429fe3a
Instruction ID: f2c8d8628ed0150d566718fe7b7beae30e1881e7b0f8dd84054183a6eee52f14
Opcode Fuzzy Hash: 7ae854764c0b9e9773c39d9c6a146d013011b350201f18beef47b2cdb429fe3a
Instruction Fuzzy Hash: FE813CB1D002489FEB14DFE8D485ADEBBB9EF08314F60401EE115AB790DB759A49CFA1

Function 00C45B6C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 00C4476F: LoadLibraryW.KERNEL32(00000000,00000000,?,?,00C45B91), ref: 00C44783

GetLastError.KERNEL32 ref: 00C45B95
GetProcAddress.KERNEL32(00000000,DllStartService), ref: 00C45BA4
GetLastError.KERNEL32 ref: 00C45BB0

Strings

DllStartService, xrefs: 00C45B9E

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorLast$AddressLibraryLoadProc
String ID: DllStartService
API String ID: 1866314245-3675106962
Opcode ID: 1d360f2c3beaf73a0908cfed4b2a271865ed9906700811fe67d9d96aaf72c655
Instruction ID: 0bef60bed20de3d4294d60a6877d7ca868ec98e49172d5ab26bd9deb2afd7474
Opcode Fuzzy Hash: 1d360f2c3beaf73a0908cfed4b2a271865ed9906700811fe67d9d96aaf72c655
Instruction Fuzzy Hash: 84F0B475D001199BCB21FBB5AC05FDE7B78BB453D4F0000A0F84AD3125FBB0D6889A90

Function 6CF259EE Relevance: 6.1, APIs: 4, Instructions: 78registryCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF259F5

Part of subcall function 6CDE088F: __EH_prolog3.LIBCMT ref: 6CDE0896

RegOpenKeyExW.KERNEL32(-7FFFFFFF,00000000,00000000,00000001,?,?,00000028,6CF26919,?,?,?,?), ref: 6CF25A1F
RegQueryValueExW.KERNEL32(?,00000000,00000000,000000FF,00000000,0000000F,?,?,?), ref: 6CF25A7C
RegCloseKey.ADVAPI32(?,?,?), ref: 6CF25A8F

Part of subcall function 6CF25BA9: __EH_prolog3_GS.LIBCMT ref: 6CF25BB0

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3$CloseH_prolog3_OpenQueryValue
String ID:
API String ID: 2849625265-0
Opcode ID: b6ec2cfaa5e42efdab4fa80a700b0558b2eec4e53f891b012c77999f80a2f657
Instruction ID: dcacef2090f44b8713b6596a284a93fd7bf1bf69738e208219d47cf0d8d1ea92
Opcode Fuzzy Hash: b6ec2cfaa5e42efdab4fa80a700b0558b2eec4e53f891b012c77999f80a2f657
Instruction Fuzzy Hash: A6219E71D0020AAFCF19DFA0C845BEEBB75FF18364F240219E511B76A0DB746A59DBA0

Function 00C45F89 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

Part of subcall function 00C43F7D: lstrcmpA.KERNEL32(?,?,00C44E81,00C41128,?), ref: 00C43F85

GetLastError.KERNEL32(?,?,000000FE,000000FF,00000000,00000000,00C45AF8,?,?,00000000), ref: 00C45FC5
CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,000000FE,000000FF,00000000,00000000), ref: 00C46005

Strings

remove.dir, xrefs: 00C45FA3

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseErrorHandleLastlstrcmp
String ID: remove.dir
API String ID: 3993898648-3095141808
Opcode ID: 509462b4154858545b49c3ac547f0b71cfe31db537e2716cad3b35f6a77a2f15
Instruction ID: 69241b89a2e36e9cf1359ec7ae5b68bd5d8239c7f22d5df13c4295f83cb99e67
Opcode Fuzzy Hash: 509462b4154858545b49c3ac547f0b71cfe31db537e2716cad3b35f6a77a2f15
Instruction Fuzzy Hash: 76112B316002056BE738B775DC4AFAE7768BF42360F204415F412A71D2EB309E08E699

Function 6CE5A77F Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,?,6CE5A621,00000000,00000004,00000000), ref: 6CE5A7CE
GetLastError.KERNEL32(?,?,?,?,?,6CF1DCB3,6CF1D9D5,00000000,?,?,?,00000008,6CF1D121,?,00000040,6CDC1345), ref: 6CE5A7DA
__dosmaperr.LIBCMT ref: 6CE5A7E1

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CreateErrorLastThread__dosmaperr
String ID:
API String ID: 2744730728-0
Opcode ID: 3b2ed83560f0789ebeffe30739b2694b6bbb9c7ed54a41bb5688b4fe1e750827
Instruction ID: d691a47fb964401033a49f325a9a33a187bf9079ba6c143c365010a2862c1cbb
Opcode Fuzzy Hash: 3b2ed83560f0789ebeffe30739b2694b6bbb9c7ed54a41bb5688b4fe1e750827
Instruction Fuzzy Hash: 2801D272441204BFDB009BA5CC04BEE7BB9EF813BAF704218F930966D0DB719965D670

Function 6CF2C56F Relevance: 6.0, APIs: 4, Instructions: 27fileCOMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,00000000,?,6CE5EB15,?,?), ref: 6CF2C585
UnmapViewOfFile.KERNEL32(?,?,6CE5EB15,?,?), ref: 6CF2C58F
CloseHandle.KERNEL32(?,?,6CE5EB15,?,?), ref: 6CF2C59E
CloseHandle.KERNEL32(00000000,?,6CE5EB15,?,?), ref: 6CF2C5AC

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseHandle$FileFreeUnmapViewVirtual
String ID:
API String ID: 3863211623-0
Opcode ID: c2e35c9142596487fd380c83717d9fca848102ab69035ef1c99246047adeeed2
Instruction ID: b30edccc269b1c4dca8e82846c1c80f099991d1c53a46b43127937e5cd1432a0
Opcode Fuzzy Hash: c2e35c9142596487fd380c83717d9fca848102ab69035ef1c99246047adeeed2
Instruction Fuzzy Hash: C2F01C350057009FEB216FA4DA0DF567BF9AF05305F208919F5A6828A0C779F884CB20

Function 00C466D5 Relevance: 6.0, APIs: 4, Instructions: 14memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,?,00C43B08,00000000,00000020,00000000,00000000,?,00000000,00000000,00C43A06,?,?,?,?), ref: 00C466E6
RtlReAllocateHeap.NTDLL(00000000,?,?,?,00000000,00000000,00000000,00C45977,?,?,?,00000001,000000FF,00000000), ref: 00C466ED
GetProcessHeap.KERNEL32(00000000,?,00C43B08,00000000,00000020,00000000,00000000,?,00000000,00000000,00C43A06,?,?,?,?), ref: 00C466F6
RtlAllocateHeap.NTDLL(00000000,?,?,?,00000000,00000000,00000000,00C45977,?,?,?,00000001,000000FF,00000000), ref: 00C466FD

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 6655141e3933ccabeb65cb09e4a431be0fe7467a7054790d2e758b7291bd27d0
Instruction ID: ac19e36578c8cf273e09f470cd78e3494218e42a7bfc0e415dc93a2c9187edf1
Opcode Fuzzy Hash: 6655141e3933ccabeb65cb09e4a431be0fe7467a7054790d2e758b7291bd27d0
Instruction Fuzzy Hash: 44D09279608302BBDF106FA0DD0DB5E7B65BB86743F048808F24B824A0CB749141DB22

Function 6CF26678 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 292COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF26682
EnterCriticalSection.KERNEL32(00000000), ref: 6CF267D2

Part of subcall function 6CF1E1A1: LeaveCriticalSection.KERNEL32(6CD7A9C0,6CDC30E6,?,6CDC710B,6CDB1570,?,?,6CF24DBC,00000000,00000000,?,?,?,?,?,/xstd/convert), ref: 6CF1E1A8

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Strings

Software\ISL Online\, xrefs: 6CF266D0

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalSection$DeallocateEnterH_prolog3_Leave
String ID: Software\ISL Online\
API String ID: 1279467743-3340055980
Opcode ID: 536f0e321e4c6311b1d63137ec17b4fd5dbb5de762f0a9ea1d096e09b6b19856
Instruction ID: 06422c15cc82ae3bd37f4b4da1c887e4b8206c2b8f14108169ac8775a3f41a7a
Opcode Fuzzy Hash: 536f0e321e4c6311b1d63137ec17b4fd5dbb5de762f0a9ea1d096e09b6b19856
Instruction Fuzzy Hash: 44C1EB71D05268DFEB14CFA4D884BDEBBB9FB08314F10409AE149E7681DF359A898F61

Function 6CF6F20B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF6F212

Part of subcall function 6CF1EE6F: WSAStringToAddressA.WS2_32(?,00000017,00000000,?,?,48566DFF,?,?,00000000), ref: 6CF1EECC

Strings

], xrefs: 6CF6F27E
[, xrefs: 6CF6F285

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressH_prolog3_String
String ID: [$]
API String ID: 2653017251-2073744556
Opcode ID: 30028c01c19b57a9e07486aa280366154b8ebdb710b0ee8aa011f368d2df2d86
Instruction ID: 9b7fd4aed646a047bb9c07285e3e80709057a96cc09daa70531a68484ee58dd9
Opcode Fuzzy Hash: 30028c01c19b57a9e07486aa280366154b8ebdb710b0ee8aa011f368d2df2d86
Instruction Fuzzy Hash: 8521F235B045088BDB44DBB48895BEE737D9F4521CF60421AC42167ED4CBA55E0FCA63

Function 6CF966E2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000), ref: 6CF97261
Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000,4004667F,?), ref: 6CF97287

LoadLibraryW.KERNELBASE(00000000,Iphlpapi.dll,6D032B78,00000000,6CF1862B,00000068,6CDC1804,?,00000001), ref: 6CF966F3

Part of subcall function 6CDF4BEC: _free.LIBCMT ref: 6CDF4BFF

LoadLibraryA.KERNEL32(Iphlpapi.dll,Iphlpapi.dll,6D032B78,00000000,6CF1862B,00000068,6CDC1804,?,00000001), ref: 6CF96705

Strings

Iphlpapi.dll, xrefs: 6CF966E4, 6CF96704

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharLibraryLoadMultiWide$_free
String ID: Iphlpapi.dll
API String ID: 1531845943-3434370012
Opcode ID: 74b7d8b563bd974d29bb61d18a185dfef0edb400e480f8f7b34ca4eaae4711a4
Instruction ID: d20bf2fd4430d0dccb05a1abd6bb55cbb0c7be0fd889439805902c48f144cd77
Opcode Fuzzy Hash: 74b7d8b563bd974d29bb61d18a185dfef0edb400e480f8f7b34ca4eaae4711a4
Instruction Fuzzy Hash: 48D05E37616620578B51137A280CE9B1AA9AECBA753260026F800D3704DF24C8468AF2

Function 00C452F4 Relevance: 4.8, APIs: 2, Strings: 1, Instructions: 346COMMON

Download Yara Rule

APIs

Part of subcall function 00C466AD: GetProcessHeap.KERNEL32(00000000,?,00C4456B,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466B3
Part of subcall function 00C466AD: RtlFreeHeap.NTDLL(00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466BA

CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,?,?), ref: 00C457A4

Strings

.extra, xrefs: 00C45652

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Heap$CloseFreeHandleProcess
String ID: .extra
API String ID: 2023733622-125386653
Opcode ID: 8cc61cd24a5e1915ac1b162e9306fa7b09fc53e1e0c057f65bd67c18e345bdb5
Instruction ID: 757808cc3ba83c7f9d6b72c3408ee2a1086314bca556f03b459fe9c2a02c8184
Opcode Fuzzy Hash: 8cc61cd24a5e1915ac1b162e9306fa7b09fc53e1e0c057f65bd67c18e345bdb5
Instruction Fuzzy Hash: 59C1FB719087459BD724EF64C881BAFBBE5BB85704F10082EF99587293DA70DA48CB93

Function 6CE07682 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6CE06E17: GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6CE06E5F

WriteFile.KERNEL32(?,00000000,6CE00DF5,?,00000000,?,?,?,6CE00D84,?,00000000,00000000,6CFF3418,0000002C,6CE00DF5,?), ref: 6CE077D3
GetLastError.KERNEL32 ref: 6CE077DD
__dosmaperr.LIBCMT ref: 6CE07822

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ConsoleErrorFileLastWrite__dosmaperr
String ID:
API String ID: 251514795-0
Opcode ID: f66b6b33cb233cdef98bfb2aae649768ee353d40fb49aa0adc60ec1ed0b4d2ec
Instruction ID: 28581043bcd922212b023af0737360ead6bef8d179380c2076a458856974f466
Opcode Fuzzy Hash: f66b6b33cb233cdef98bfb2aae649768ee353d40fb49aa0adc60ec1ed0b4d2ec
Instruction Fuzzy Hash: 7D51E371B0121AABDB01CFA8C880BEE7B78FF4639DF240515E510A7A51D3749965CBF0

Function 00C459E7 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 120sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0000000A,?,?,00000000), ref: 00C45B45

Strings

remove.dir, xrefs: 00C45AB4

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Sleep
String ID: remove.dir
API String ID: 3472027048-3095141808
Opcode ID: b6daadb8b773c530d7f9436ec31ee9ee8f9988bfd6225a76a218c2f73e7786b7
Instruction ID: a1919d4187cdf4f1de79ac02f7ab4c8ed195c9e706422dae37af7a839deef1cc
Opcode Fuzzy Hash: b6daadb8b773c530d7f9436ec31ee9ee8f9988bfd6225a76a218c2f73e7786b7
Instruction Fuzzy Hash: AF4129395087418BDB24DF2498C076E77A1BBC1354F150669F89647263DA328D0DE752

Function 00C45813 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 85COMMON

Download Yara Rule

APIs

Part of subcall function 00C4430D: GetModuleFileNameW.KERNEL32(?,?,00001861), ref: 00C44336

Part of subcall function 00C43F9B: lstrlenA.KERNEL32(00C45AB0,00C44AFB,00000000,000000FE,00C411D6,00C45AB0,?,?,00000000), ref: 00C43F9F

Part of subcall function 00C466C1: GetProcessHeap.KERNEL32(00000000,?,00C43B64,000000F8), ref: 00C466C7
Part of subcall function 00C466C1: RtlAllocateHeap.NTDLL(00000000), ref: 00C466CE

Part of subcall function 00C43F8C: lstrcpyA.KERNEL32(?,?,00C44BE3,?), ref: 00C43F94

Part of subcall function 00C43F6E: lstrcatA.KERNEL32(?,?,00C44BF4,?,\remove.dir,?), ref: 00C43F76

Part of subcall function 00C440D7: CreateFileW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00C44101

GetLastError.KERNEL32(?,?,?,?,00000000,00C465B8), ref: 00C45892
CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,?,00000000,00C465B8), ref: 00C458F8

Strings

.extra, xrefs: 00C45861

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: FileHeap$AllocateCloseCreateErrorHandleLastModuleNameProcesslstrcatlstrcpylstrlen
String ID: .extra
API String ID: 3930632117-125386653
Opcode ID: e4ed49af099a5c1b51be0ecb425b8bd391c7745ea5e5d8c310f8e11ab74f6862
Instruction ID: 32458bc63cf0a1438cc0032641a6184862c7c78efdcad647d8fd630fadb96ad4
Opcode Fuzzy Hash: e4ed49af099a5c1b51be0ecb425b8bd391c7745ea5e5d8c310f8e11ab74f6862
Instruction Fuzzy Hash: C12136B5A44300AFD314EB74DC81B9E77E8FB85364F204A19F81297292EE31AE099760

Function 6CE087B9 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(00000000,?,00000002,?,00000000,?,00000001,6CE00DF5,6CE00DF5,?,6CE08866,?,?,00000002,00000000), ref: 6CE087F2
GetLastError.KERNEL32(?,6CE08866,?,?,00000002,00000000,?,6CE0770B,00000001,00000000,00000000,00000002,?,?,?,6CE00D84), ref: 6CE087FC
__dosmaperr.LIBCMT ref: 6CE08803

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorFileLastPointer__dosmaperr
String ID:
API String ID: 2336955059-0
Opcode ID: 1bef1e7eeff96cdd51fda54f1159c886d48610437864f39a005b4ae70eba59c8
Instruction ID: 51d1230ccb0b82c92a82d7ddde95ba36ce982d9448e09d0297e1bce9a64c3773
Opcode Fuzzy Hash: 1bef1e7eeff96cdd51fda54f1159c886d48610437864f39a005b4ae70eba59c8
Instruction Fuzzy Hash: 8401B537710615ABCB158BA9CC4499E3B39FB867657390205F811DB694E770E9228BA0

Function 6CF26F9F Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(00000000,00000000,00000000,?,?,6CDC17CB,?,00000001), ref: 6CF26FB3
InitializeCriticalSection.KERNEL32(00000000,?,?,?,?,?,6CDC17CB,?,00000001), ref: 6CF27007

Strings

hefa, xrefs: 6CF26FE1

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalInitializeSection
String ID: hefa
API String ID: 32694325-2564330708
Opcode ID: 23056d6e99de7e8e4b47a0c6892b2190b8368ed717954de13a332903ce12a970
Instruction ID: 38c5bca4660445f6ef3569f01f37085c59269b899917c8d0f3a30681c43a03c3
Opcode Fuzzy Hash: 23056d6e99de7e8e4b47a0c6892b2190b8368ed717954de13a332903ce12a970
Instruction Fuzzy Hash: 11F0BB71905224BBEB1067949D45FCE767CDB07698F644015F900A6B81EF741F4847F6

Function 00C44BC6 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

Part of subcall function 00C43F8C: lstrcpyA.KERNEL32(?,?,00C44BE3,?), ref: 00C43F94

Part of subcall function 00C43F6E: lstrcatA.KERNEL32(?,?,00C44BF4,?,\remove.dir,?), ref: 00C43F76

Part of subcall function 00C440D7: CreateFileW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00C44101

CloseHandle.KERNEL32(00000000), ref: 00C44C1D
GetLastError.KERNEL32 ref: 00C44C25

Strings

\remove.dir, xrefs: 00C44BE9

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLastlstrcatlstrcpy
String ID: \remove.dir
API String ID: 1369866624-1121291209
Opcode ID: 6a22b1b28886ef87b94a055f596ea13cd7b877f4e007dfd75658cf4ca6cb2cbb
Instruction ID: 6af518ce699dcb0e58e745100f2a14d1c448c68e1c30f1392bb066339584108e
Opcode Fuzzy Hash: 6a22b1b28886ef87b94a055f596ea13cd7b877f4e007dfd75658cf4ca6cb2cbb
Instruction Fuzzy Hash: 2FF02475A412086BE76867F45CC6BAE721CBB05324F280664F562D31C1EAB09F4C5A20

Function 6CE5A6D8 Relevance: 4.5, APIs: 3, Instructions: 30threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6CDFD6F3: GetLastError.KERNEL32(?,?,00000001,6CDFCA16,6CDFCBBB,?,?,6CDFC6E5), ref: 6CDFD6F8
Part of subcall function 6CDFD6F3: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000001,6CDFCA16,6CDFCBBB,?,?,6CDFC6E5), ref: 6CDFD796

CloseHandle.KERNEL32(?,?,?,6CE5A81A,?,?,6CE5A681,00000000), ref: 6CE5A709
FreeLibraryAndExitThread.KERNEL32(?,?,?,?,6CE5A81A,?,?,6CE5A681,00000000), ref: 6CE5A71F
ExitThread.KERNEL32 ref: 6CE5A728

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorExitLastThread$CloseFreeHandleLibrary
String ID:
API String ID: 1991824761-0
Opcode ID: c42d65656822d7fffe24f8f99b70b8e8cfc74e4e3817a48937ca806bf079b2b6
Instruction ID: 6bdf2077f494ded2695644b610f20cc10eabc8732c2523efcd33546bfd54bc9d
Opcode Fuzzy Hash: c42d65656822d7fffe24f8f99b70b8e8cfc74e4e3817a48937ca806bf079b2b6
Instruction Fuzzy Hash: C7F05E304417046FDB111F71C908B6A3BBABF0126CB704610F875C7AA0EB66E5628A70

Function 6CE5DEC8 Relevance: 4.5, APIs: 3, Instructions: 20threadCOMMON

Download Yara Rule

APIs

AcquireSRWLockShared.KERNEL32(000000FF,?,?,?,6CE5E0A5,?,?,?,00000000), ref: 6CE5DED6

Part of subcall function 6CF1D3B5: ReleaseSRWLockShared.KERNEL32(?,48566DFF,?,00000004,00000000,?,00000000,6CFD529E,000000FF,?,6CE5E46A,6CD7AD8C), ref: 6CF1D3E4

GetThreadLocale.KERNEL32(?,?,?,6CE5E0A5,?,?,?,00000000), ref: 6CE5DEEB
SetThreadLocale.KERNEL32(?,?,?,?,6CE5E0A5,?,?,?,00000000), ref: 6CE5DEF7

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: LocaleLockSharedThread$AcquireRelease
String ID:
API String ID: 2646585030-0
Opcode ID: 52affa994defad48035a094939d67d99d47c363f640974774d072a2edacc9597
Instruction ID: 8585b7908048934e868ab5978efc1e93dca6d4d0c19f4672008145d6922c522f
Opcode Fuzzy Hash: 52affa994defad48035a094939d67d99d47c363f640974774d072a2edacc9597
Instruction Fuzzy Hash: B8E08635802118DBCB109BA4C50DDDA77BCEB45205B204056E85293640DB70BE048B70

Function 00C44ABB Relevance: 4.5, APIs: 3, Instructions: 15fileCOMMON

Download Yara Rule

APIs

FlushViewOfFile.KERNEL32(?,00000000,00000000,00C4602E,?,?,000000FE,000000FF,00000000,00000000), ref: 00C44AC9
UnmapViewOfFile.KERNEL32(?), ref: 00C44AD2
CloseHandle.KERNEL32(000000FF,00000000,00C4602E,?,?,000000FE,000000FF,00000000,00000000), ref: 00C44ADF

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: FileView$CloseFlushHandleUnmap
String ID:
API String ID: 4185930659-0
Opcode ID: f428d8f129b623dd497e31b4630b4d9334e45c5267329ab8119143de76eb0edf
Instruction ID: 87fd0491e57e93346081d01f61859f5f249c058a091924332459fdf0ecc5518e
Opcode Fuzzy Hash: f428d8f129b623dd497e31b4630b4d9334e45c5267329ab8119143de76eb0edf
Instruction Fuzzy Hash: C8D06C39080610DBE72A7F14ED0DB9ABAB2FB15B22F25482DE4A6518B097B15890EB44

Function 6CF980F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF980F7

Part of subcall function 6CF99E17: __EH_prolog3.LIBCMT ref: 6CF99E1E

Part of subcall function 6CF99BC8: __EH_prolog3.LIBCMT ref: 6CF99BCF

Strings

ISL Light v3\flags, xrefs: 6CF9810C

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3$H_prolog3_
String ID: ISL Light v3\flags
API String ID: 4240126716-1375379779
Opcode ID: 56c77b6fada691f0ed03dcd299e0219afbbb3b7e89a115af96f19e3307abdd4a
Instruction ID: 155bed49a26e8e8863fe06ca949919846dd1d86b2260102488940270432a3d2f
Opcode Fuzzy Hash: 56c77b6fada691f0ed03dcd299e0219afbbb3b7e89a115af96f19e3307abdd4a
Instruction Fuzzy Hash: 50115E71E102089FDF08DFE8D4C09EEBBB5AF48320F60511EE115B7790DB349A488BA5

Function 6CF2849D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF284A4

Strings

error parsing packet, xrefs: 6CF2851B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: error parsing packet
API String ID: 2427045233-419517662
Opcode ID: 5ab5646f90103339c85727a9777607cd3315dedec8126c6c5f95bfca1e3df677
Instruction ID: a9287193ad14f8d1418f4fac846c563914b411bda0f1de6864982c51e85565d2
Opcode Fuzzy Hash: 5ab5646f90103339c85727a9777607cd3315dedec8126c6c5f95bfca1e3df677
Instruction Fuzzy Hash: 7C115B31911108EFDF01EFE4EA49ADCBFB6EF04329F604429F011A2AA4DB764A59DB01

Function 6CDC495F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CDC4966

Strings

SLLIGHT-6430 schan protection during reconnect, xrefs: 6CDC498E

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID: SLLIGHT-6430 schan protection during reconnect
API String ID: 431132790-1360787968
Opcode ID: c9b285e1355931e4db1365c3b31cb2a57ebb9365cfbc7ad3c3cd7e676a130f37
Instruction ID: de4195f508fbb1b17bb0225ef1737f8a2449475a6fe3905c15410111bd3e852f
Opcode Fuzzy Hash: c9b285e1355931e4db1365c3b31cb2a57ebb9365cfbc7ad3c3cd7e676a130f37
Instruction Fuzzy Hash: 39F039F0900305AFCB00DF69C480599BBB8BF58218760052ED1049BB10CBB1EA65CBE1

Function 6CF0B8E7 Relevance: 3.1, APIs: 2, Instructions: 136COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF0B8EE

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: affbb52b23676a3d95bddcfb0caa4ddeff760316e054b0d05ccda921f5e45036
Instruction ID: a639095a302d9888f941485eb20c7fe332a305b243a15cd3ab9b88a1506c1980
Opcode Fuzzy Hash: affbb52b23676a3d95bddcfb0caa4ddeff760316e054b0d05ccda921f5e45036
Instruction Fuzzy Hash: 56519AB5A01204EFCF05DFA8C990EAA7BB2FF49704B048469ED189B725D731D960EF61

Function 6CF228E9 Relevance: 3.1, APIs: 2, Instructions: 134COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF228F0

Part of subcall function 6CF962F9: __EH_prolog.LIBCMT ref: 6CF962FE
Part of subcall function 6CF962F9: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed,?,?,00000001), ref: 6CF96325
Part of subcall function 6CF962F9: GetProcAddress.KERNEL32(00000000,FormatMessageW), ref: 6CF9633B
Part of subcall function 6CF962F9: FormatMessageW.KERNEL32(?,0000000F,?,?,?,00000002,00000000,?,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed), ref: 6CF96376
Part of subcall function 6CF962F9: LocalAlloc.KERNEL32(00000000,00000001,00000000,?,0000000F,?,?,?,00000002,00000000,?,?,00000000,4004667F,?,00000040), ref: 6CF963AD
Part of subcall function 6CF962F9: LocalFree.KERNEL32(00000000,0000000F,?,?,?,00000002,00000000,?,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed), ref: 6CF963F0
Part of subcall function 6CF962F9: FreeLibrary.KERNEL32(00000000,0000000F,?,?,?,00000002,00000000,?,?,00000000,4004667F,?,00000040,?,6CFF38D8,WSAStartup failed), ref: 6CF9640E

LocalFree.KERNEL32(?,?,?,?,00000400,?,?,?,0000006C,6CF1228F,?,4004667F,?,00000040,?,6CFF38D8), ref: 6CF2297D

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: FreeLocal$Library$AddressAllocFormatH_prologH_prolog3_LoadMessageProc
String ID:
API String ID: 1285392509-0
Opcode ID: 463f94617678ef71d7a0f4bbc05b97aaa8b67b00c1f60a03858b4896c22cc38b
Instruction ID: bb9dd83477771c93a1ba439e832288ed3ae12caf50c8d3681811094d5d685b06
Opcode Fuzzy Hash: 463f94617678ef71d7a0f4bbc05b97aaa8b67b00c1f60a03858b4896c22cc38b
Instruction Fuzzy Hash: 44514AB1D14618DFDB18CFE4C884AEEBBB9BB48314F64012ED005B7A51DB369A49CF61

Function 6CE5EABE Relevance: 3.1, APIs: 2, Instructions: 99COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CE5EAC8

Part of subcall function 6CDC4BB2: __EH_prolog3.LIBCMT ref: 6CDC4BB9

Part of subcall function 6CE5E403: __EH_prolog3_GS.LIBCMT ref: 6CE5E40D
Part of subcall function 6CE5E403: AcquireSRWLockShared.KERNEL32(00000004), ref: 6CE5E446
Part of subcall function 6CE5E403: AcquireSRWLockExclusive.KERNEL32(00000004,6CD7AD8C), ref: 6CE5E471

AcquireSRWLockExclusive.KERNEL32(00000004,?,?,?), ref: 6CE5EB9F

Part of subcall function 6CF1D41E: ReleaseSRWLockExclusive.KERNEL32(?,48566DFF,?,0000000F,00000000,?,0000000F,6CFD52BB,000000FF,?,6CE5E9B5,000000A0,6CD7CCE8,?,light,00000005), ref: 6CF1D44D

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Lock$AcquireExclusive$H_prolog3H_prolog3_H_prolog3_catch_ReleaseShared
String ID:
API String ID: 3440062671-0
Opcode ID: 5a06584f5bfa5126ac8763a1140d89b54937b230f2fa90df6573233d77d5ad9d
Instruction ID: c3f0af730f8e522a6c398f5a1b49fbf53f515c0f3d85b38398d82ddaa8fc3982
Opcode Fuzzy Hash: 5a06584f5bfa5126ac8763a1140d89b54937b230f2fa90df6573233d77d5ad9d
Instruction Fuzzy Hash: E3414971D04258DFDB24DFA8C844BDDBBB5BF18304F6084AAD049A3690DF349A99CF61

Function 6CF293F4 Relevance: 3.1, APIs: 2, Instructions: 87COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF293FB
__EH_prolog3_GS.LIBCMT ref: 6CF2946A

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$Deallocate
String ID:
API String ID: 953458638-0
Opcode ID: dd407003aaf1f1d118b485fe35c5ec98e92f275fb4161939d42d1c3eda627cd6
Instruction ID: 330afe26e5076c35a840cefc3413b5ed24b6223e250c35ece6567ba8d672135f
Opcode Fuzzy Hash: dd407003aaf1f1d118b485fe35c5ec98e92f275fb4161939d42d1c3eda627cd6
Instruction Fuzzy Hash: D7312FB5A102089FDB10DFB4C840ADE7BF8AF48314F10886AE915EBB41DB75DA59CB61

Function 6CE5E9CF Relevance: 3.1, APIs: 2, Instructions: 78COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CE5E9D6
AcquireSRWLockExclusive.KERNEL32(00000001,?,?,00000038,6CE5E1B2,?,?,0000004C,6CE5F0EB,00000004,6CE5B79B,00000000,\trace.out,0000000A), ref: 6CE5EA29

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AcquireExclusiveH_prolog3_catch_Lock
String ID:
API String ID: 2520556246-0
Opcode ID: 8efb89042863dc035f3fc0ce2c6182cc852ad37139736d5ca4933477c7fd4674
Instruction ID: 2fa9d1b9285f624e4c11b8930e45777cd12045412f0a1d205fb36b0887487bf6
Opcode Fuzzy Hash: 8efb89042863dc035f3fc0ce2c6182cc852ad37139736d5ca4933477c7fd4674
Instruction Fuzzy Hash: 65318E71D01208AFDB08DFE8D480ADDBBB9BF18304FA0406EE015A7681DB359A09CBA1

Function 00C45E28 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

Part of subcall function 00C4422E: GetFileAttributesW.KERNEL32(00000000,00000000,?,?,00C44C34), ref: 00C44242

GetLastError.KERNEL32(00000000,00C45158,?,?,?,?,?,?,?,?,?,00000000), ref: 00C45EDF

Part of subcall function 00C45F1F: GetLastError.KERNEL32(?,00C45EF7,00000000,00C45158,?,?,?,?,?,?,?,?,?,00000000), ref: 00C45F7C

Part of subcall function 00C44BC6: CloseHandle.KERNEL32(00000000), ref: 00C44C1D

Part of subcall function 00C43F8C: lstrcpyA.KERNEL32(?,?,00C44BE3,?), ref: 00C43F94

Part of subcall function 00C43F6E: lstrcatA.KERNEL32(?,?,00C44BF4,?,\remove.dir,?), ref: 00C43F76

Part of subcall function 00C44DD3: CloseHandle.KERNEL32(?,00C45F34,00C411D4,?,00C45EF7,00000000,00C45158), ref: 00C44DDE

Part of subcall function 00C44370: MoveFileW.KERNEL32(00000000,00000000), ref: 00C4439A

Strings

_rm, xrefs: 00C45E9D

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseErrorFileHandleLast$AttributesMovelstrcatlstrcpy
String ID: _rm
API String ID: 3194293871-3064706574
Opcode ID: e2897a39ad16a00211126c719f194f896ad8145bf5cc8761233618909f327e98
Instruction ID: 9f0d244ed1df5a111a71e19df518ee96672aabc7e0257828351ccb3ab3351207
Opcode Fuzzy Hash: e2897a39ad16a00211126c719f194f896ad8145bf5cc8761233618909f327e98
Instruction Fuzzy Hash: FB11813461060587EB38EB70DCD2B6D7365BB55384F100164F81BC71B2EE65DF8DAA80

Function 6CDE16AD Relevance: 3.1, APIs: 2, Instructions: 56COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CDE16B4
EnterCriticalSection.KERNEL32(?,00000004,6CDE15DA,00000008,6CF276EA,?,00000000,00000034,6CF271A3,?,?,?,7FFFFFFF,?,?), ref: 6CDE16C2

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalEnterH_prolog3Section
String ID:
API String ID: 1844471736-0
Opcode ID: 01e066c538272d77eb59294336a608969ce4ea573a132b32785496b7b8c1fcbd
Instruction ID: bc37385a5fd07e6379dc398e2e95b190f07a5b3691820a049f173dee06bf5e01
Opcode Fuzzy Hash: 01e066c538272d77eb59294336a608969ce4ea573a132b32785496b7b8c1fcbd
Instruction Fuzzy Hash: DA11D6B4A00B00CFD728DF2AC580956B7F5BF887243648A2ED4A78BF61D734F9498B50

Function 6CF2276B Relevance: 3.1, APIs: 2, Instructions: 51COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF22772
GetLastError.KERNEL32(0000004C,6CF22870,00000020,6CF1E138,CreateSemaphoreA,?,?), ref: 6CF227C0

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorH_prolog3_Last
String ID:
API String ID: 1018228973-0
Opcode ID: 8b08230e9f71de8b57d49fb71e8254ebf9829f0832ab0a879fdaf7b8bba66a8e
Instruction ID: d8f5a4be23b0151c8a7df1e53226347fa0b4d2aefd1cca4f1e357c702c1f833f
Opcode Fuzzy Hash: 8b08230e9f71de8b57d49fb71e8254ebf9829f0832ab0a879fdaf7b8bba66a8e
Instruction Fuzzy Hash: 32118E30A01144AFDB14EBF4C568AEDBBB0AF98708F648158A406AB7A5DF749E0CDB50

Function 6CE5A621 Relevance: 3.0, APIs: 2, Instructions: 39threadCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(6CFF3868,0000000C), ref: 6CE5A634
ExitThread.KERNEL32 ref: 6CE5A63B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorExitLastThread
String ID:
API String ID: 1611280651-0
Opcode ID: fb4b7af84c1971c6a9cd29584ef580a1f8af2396a2a4e2074eb6b19dbbe02db2
Instruction ID: a40e21b30ff4b8446ff3a597eed444c45837c5d5d6225105cc197625b50cee2c
Opcode Fuzzy Hash: fb4b7af84c1971c6a9cd29584ef580a1f8af2396a2a4e2074eb6b19dbbe02db2
Instruction Fuzzy Hash: 10F08C71A40204AFDB05AFB0C849BAE3B70FF45609F200149E4219BBA1CBB5A9168FB1

Function 6CE5E37C Relevance: 3.0, APIs: 2, Instructions: 35COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CE5E383

Part of subcall function 6CF2CE0D: __EH_prolog3_GS.LIBCMT ref: 6CF2CE14

AcquireSRWLockExclusive.KERNEL32(00000001,00000014,6CE5E23B,?,?,?,0000004C,6CE5F0EB,00000004,6CE5B79B,00000000,\trace.out,0000000A), ref: 6CE5E3B9

Part of subcall function 6CF1D41E: ReleaseSRWLockExclusive.KERNEL32(?,48566DFF,?,0000000F,00000000,?,0000000F,6CFD52BB,000000FF,?,6CE5E9B5,000000A0,6CD7CCE8,?,light,00000005), ref: 6CF1D44D

Part of subcall function 6CE5E403: __EH_prolog3_GS.LIBCMT ref: 6CE5E40D
Part of subcall function 6CE5E403: AcquireSRWLockShared.KERNEL32(00000004), ref: 6CE5E446
Part of subcall function 6CE5E403: AcquireSRWLockExclusive.KERNEL32(00000004,6CD7AD8C), ref: 6CE5E471

Part of subcall function 6CF08F74: __EH_prolog3.LIBCMT ref: 6CF08F7B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Lock$AcquireExclusive$H_prolog3_$H_prolog3H_prolog3_catchReleaseShared
String ID:
API String ID: 3230847268-0
Opcode ID: bde836a69ac415116ca94d0e6b0cc6a449c9ffd09d79d1f36486717b83130087
Instruction ID: b75576992e6b6187a1e9fab990f384f53f076e67008a1ac0aa1e5d0bcbcc7f5f
Opcode Fuzzy Hash: bde836a69ac415116ca94d0e6b0cc6a449c9ffd09d79d1f36486717b83130087
Instruction Fuzzy Hash: D401047490124DDEDF10DFA4C554BDDBBF4AF18208F50846AD449ABB40EB78AB49CBA1

Function 00C440D7 Relevance: 3.0, APIs: 2, Instructions: 35fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,?,?,000000FF,?,?,?,?,?,?,00C440EA,00000000), ref: 00C44531
Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C44557

CreateFileW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00C44101

Part of subcall function 00C466AD: GetProcessHeap.KERNEL32(00000000,?,00C4456B,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466B3
Part of subcall function 00C466AD: RtlFreeHeap.NTDLL(00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466BA

CreateFileA.KERNEL32(?,?,?,?,?,?,?,00000000), ref: 00C44113

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharCreateFileHeapMultiWide$FreeProcess
String ID:
API String ID: 3770837978-0
Opcode ID: 00d70d8fa027518ad15f75943f1f7e523dc597707155e1b85f9a60437993acdf
Instruction ID: d12d9854f2e544476ea3cfa77dbeb251bba5425449b05cc6697bec637f856123
Opcode Fuzzy Hash: 00d70d8fa027518ad15f75943f1f7e523dc597707155e1b85f9a60437993acdf
Instruction Fuzzy Hash: EAF0EC37100214BBDB051FA59C45FAFBB6DFFD97A1F144016FE0593121D9718C1167A0

Function 6CF1BC35 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF1BC3C

Part of subcall function 6CF1E0DE: CreateSemaphoreA.KERNEL32(00000000,?,6CFF38D8,00000000), ref: 6CF1E107

Part of subcall function 6CF1C50D: __EH_prolog3.LIBCMT ref: 6CF1C514
Part of subcall function 6CF1C50D: InitializeCriticalSection.KERNEL32(00000000,00000001,00000000), ref: 6CF1C553

Part of subcall function 6CF1DC57: __EH_prolog3_catch_GS.LIBCMT ref: 6CF1DC61
Part of subcall function 6CF1DC57: EnterCriticalSection.KERNEL32(00F11B20,000000A0,6CF1BC87,00000000,4004667F,7FFFFFFF,00000000,0000000C,6CF1BC0F,?,?,00000008,6CF1D121,?,00000040,6CDC1345), ref: 6CF1DC83

Part of subcall function 6CF1DBCA: WaitForSingleObject.KERNEL32(?,000000FF,00000044,?), ref: 6CF1DBE3

CloseHandle.KERNEL32(?,00000000,4004667F,7FFFFFFF,00000000,0000000C,6CF1BC0F,?,?,00000008,6CF1D121,?,00000040,6CDC1345,00000000,?), ref: 6CF1BC99

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalH_prolog3Section$CloseCreateEnterH_prolog3_catch_HandleInitializeObjectSemaphoreSingleWait
String ID:
API String ID: 3742485998-0
Opcode ID: 5602f447a2716e09a9d6ee10b9e19a857279592da6e1661a7e4a88e565ea160d
Instruction ID: 4f155c307272e30abb45b9a26b80206004242d808abfbabf762d4d10b0f46a6a
Opcode Fuzzy Hash: 5602f447a2716e09a9d6ee10b9e19a857279592da6e1661a7e4a88e565ea160d
Instruction Fuzzy Hash: 7EF03C74E04209DBDF05DBF48581EEE7BB4AB14304F50462DA511A7BD0DB705A988B61

Function 6CF96ADC Relevance: 3.0, APIs: 2, Instructions: 34fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000), ref: 6CF97261
Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000,4004667F,?), ref: 6CF97287

CreateFileW.KERNEL32(00000000,000000FF,?,00000000,?,?,00000000,?,000000FF,?,?,?,6CF2C3E7,000000FF,?,00000000), ref: 6CF96B01

Part of subcall function 6CDF4BEC: _free.LIBCMT ref: 6CDF4BFF

CreateFileA.KERNEL32(?,000000FF,?,00000000,?,?,00000000,?,000000FF,?,?,?,6CF2C3E7,000000FF,?,00000000), ref: 6CF96B13

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharCreateFileMultiWide$_free
String ID:
API String ID: 2938726331-0
Opcode ID: db3156f3db429d101946e15c73d040529cf3daf3d6fc9e221b6fe74af6224287
Instruction ID: 2eb986351b50310fce53f2e3c4dc76e56275f3595eb7fb9161873abcbe7e85be
Opcode Fuzzy Hash: db3156f3db429d101946e15c73d040529cf3daf3d6fc9e221b6fe74af6224287
Instruction Fuzzy Hash: 92E09B372052187BDB205FA95D44FAB7AACEF86BA4F150115FE04D3211D6719C1056B0

Function 00C45F1F Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00C44DD3: CloseHandle.KERNEL32(?,00C45F34,00C411D4,?,00C45EF7,00000000,00C45158), ref: 00C44DDE

Part of subcall function 00C43F8C: lstrcpyA.KERNEL32(?,?,00C44BE3,?), ref: 00C43F94

Part of subcall function 00C43F6E: lstrcatA.KERNEL32(?,?,00C44BF4,?,\remove.dir,?), ref: 00C43F76

Part of subcall function 00C440D7: CreateFileW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00C44101

GetLastError.KERNEL32(?,00C45EF7,00000000,00C45158,?,?,?,?,?,?,?,?,?,00000000), ref: 00C45F7C

Strings

\writeacc.dat, xrefs: 00C45F47

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseCreateErrorFileHandleLastlstrcatlstrcpy
String ID: \writeacc.dat
API String ID: 1369866624-736115703
Opcode ID: 5e3214aabd3ee251a7b021fb5ff86935f0782154b1a6338b2ef685e40d502f32
Instruction ID: 8f9495d60217a5cc7880882e23870fe2e07ed6b767aa64bc6566622cf5a15995
Opcode Fuzzy Hash: 5e3214aabd3ee251a7b021fb5ff86935f0782154b1a6338b2ef685e40d502f32
Instruction Fuzzy Hash: BEF08271E002245BE760B3B95C0AF8E76ACBB05764F414291B549E7181EAB0AE489BA0

Function 6CF1EC5B Relevance: 3.0, APIs: 2, Instructions: 33COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF1EC62

Part of subcall function 6CF1DFE2: __EH_prolog3_GS.LIBCMT ref: 6CF1DFE9

Part of subcall function 6CF1DC57: __EH_prolog3_catch_GS.LIBCMT ref: 6CF1DC61
Part of subcall function 6CF1DC57: EnterCriticalSection.KERNEL32(00F11B20,000000A0,6CF1BC87,00000000,4004667F,7FFFFFFF,00000000,0000000C,6CF1BC0F,?,?,00000008,6CF1D121,?,00000040,6CDC1345), ref: 6CF1DC83

SetConsoleCtrlHandler.KERNEL32(6CF1E948,00000001,00000000,00000001,00000000), ref: 6CF1ECC4

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ConsoleCriticalCtrlEnterH_prolog3H_prolog3_H_prolog3_catch_HandlerSection
String ID:
API String ID: 2365561177-0
Opcode ID: 6657e60543038256f3915b9274762861350cc414a92d52ff4952fc1c6ef07e25
Instruction ID: 780f8c468e6f1b8570bbf6a4e4dccbb8850ede3bdd9bed6811a2ddce40d19926
Opcode Fuzzy Hash: 6657e60543038256f3915b9274762861350cc414a92d52ff4952fc1c6ef07e25
Instruction Fuzzy Hash: 17F09670A10200ABDF215F75850AF9EBEB5BFD1B0CFA1044DE1445FBA0CBB24646DBA1

Function 6CF740DF Relevance: 3.0, APIs: 2, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,?,?,6CF73C94), ref: 6CF740F0
VirtualProtect.KERNEL32(?,?,00000004,?), ref: 6CF74111

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Virtual$ProtectQuery
String ID:
API String ID: 1027372294-0
Opcode ID: 782462564c47313e4d1cdf7de8c4e419d42cbe42135bb4b6f49d6f6cb6110340
Instruction ID: c5497c2935e79545335f0482ddab2ad52ac8b835b8dd5e5e0ba051f192a3ca87
Opcode Fuzzy Hash: 782462564c47313e4d1cdf7de8c4e419d42cbe42135bb4b6f49d6f6cb6110340
Instruction Fuzzy Hash: FBF0A771244205AAFF216B64DD06FA77BEC9B05710F10011AEB51D54D0E7D1E8009A70

Function 6CF62140 Relevance: 3.0, APIs: 2, Instructions: 27threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNEL32(00000000,00000000,6CF606E3,00000000,00000000,00000000), ref: 6CF6214D
CloseHandle.KERNEL32(00000000,?,00000001), ref: 6CF62158

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseCreateHandleThread
String ID:
API String ID: 3032276028-0
Opcode ID: a35ba928f762a4f4985ba70dce3590d3bc4447d3faa77600995069dcd3caed1b
Instruction ID: 25a8e23795a21df445850fbf63fa3d62f4a8fe5cc0d392c67b254df9859ad4c2
Opcode Fuzzy Hash: a35ba928f762a4f4985ba70dce3590d3bc4447d3faa77600995069dcd3caed1b
Instruction Fuzzy Hash: 8DE04FB1506230AEDB605F6A790CFDB3F6CEF4B6A5B210145FA08CA590CB350901CBF8

Function 00C4409F Relevance: 3.0, APIs: 2, Instructions: 27COMMON

Download Yara Rule

APIs

Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,?,?,000000FF,?,?,?,?,?,?,00C440EA,00000000), ref: 00C44531
Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C44557

CreateDirectoryW.KERNEL32(00000000,00000000,00000000,00000000,00C411D6,000000FE,00C45A8B,?,?,00000000), ref: 00C440B7

Part of subcall function 00C466AD: GetProcessHeap.KERNEL32(00000000,?,00C4456B,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466B3
Part of subcall function 00C466AD: RtlFreeHeap.NTDLL(00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466BA

CreateDirectoryA.KERNEL32(?,00000000,00000000,00000000,00C411D6,000000FE,00C45A8B,?,?,00000000), ref: 00C440C9

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharCreateDirectoryHeapMultiWide$FreeProcess
String ID:
API String ID: 3325413430-0
Opcode ID: c0a6b16c4b5f41453a2f5d04d7942a274dda0365569185717a01302a6c8e411a
Instruction ID: 7f25dc60781a3fb09b6396a9582103993729bbfb570808c22b917d29a0f62443
Opcode Fuzzy Hash: c0a6b16c4b5f41453a2f5d04d7942a274dda0365569185717a01302a6c8e411a
Instruction Fuzzy Hash: 5EE0CD3760151057D72832BA1CC9F6BC56CAFD29F3B254166F906D3210DD604C1211A0

Function 6CF978C4 Relevance: 3.0, APIs: 2, Instructions: 25COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF978CB
__Init_thread_footer.LIBCMT ref: 6CF9791B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3Init_thread_footer
String ID:
API String ID: 537467459-0
Opcode ID: f711a4fbb9ed2d3e49de64ffc3e2cd56f9f972f160312e8d610abbedbf97dd9d
Instruction ID: 3edca0d9ca6b7bda352f402a46959cb022bba1a14bdeefb936162866d79df31f
Opcode Fuzzy Hash: f711a4fbb9ed2d3e49de64ffc3e2cd56f9f972f160312e8d610abbedbf97dd9d
Instruction Fuzzy Hash: 61F065B1A41340DBEF10EF29E544F883371FB46319F60415AE9048BF90CF345955CA55

Function 00C443FE Relevance: 3.0, APIs: 2, Instructions: 23COMMON

Download Yara Rule

APIs

Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,?,?,000000FF,?,?,?,?,?,?,00C440EA,00000000), ref: 00C44531
Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C44557

SetCurrentDirectoryW.KERNEL32(00000000,00000000,00000000,00C411D4,00C45F17,00000000,00C45158), ref: 00C44412

Part of subcall function 00C466AD: GetProcessHeap.KERNEL32(00000000,?,00C4456B,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466B3
Part of subcall function 00C466AD: RtlFreeHeap.NTDLL(00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466BA

SetCurrentDirectoryA.KERNEL32(?,00000000,00000000,00C411D4,00C45F17,00000000,00C45158), ref: 00C44424

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharCurrentDirectoryHeapMultiWide$FreeProcess
String ID:
API String ID: 1400000061-0
Opcode ID: f41d9748b6d695e2938865f25662167c0ad39d55369520249668d8e495bcf568
Instruction ID: d89234a1dc3c82cd4c11927afa7089b6f1e1fbf6f64598c1ebbb875b7ea2cdf6
Opcode Fuzzy Hash: f41d9748b6d695e2938865f25662167c0ad39d55369520249668d8e495bcf568
Instruction Fuzzy Hash: 23D05E3B60352017C729367A7C49B9F19AABFCBBA2B2A4026F502D7204DD74CC0356A1

Function 00C4476F Relevance: 3.0, APIs: 2, Instructions: 23libraryCOMMON

Download Yara Rule

APIs

Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,?,?,000000FF,?,?,?,?,?,?,00C440EA,00000000), ref: 00C44531
Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C44557

LoadLibraryW.KERNEL32(00000000,00000000,?,?,00C45B91), ref: 00C44783

Part of subcall function 00C466AD: GetProcessHeap.KERNEL32(00000000,?,00C4456B,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466B3
Part of subcall function 00C466AD: RtlFreeHeap.NTDLL(00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466BA

LoadLibraryA.KERNEL32(?,00000000,?,?,00C45B91), ref: 00C44795

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharHeapLibraryLoadMultiWide$FreeProcess
String ID:
API String ID: 728286927-0
Opcode ID: 3984a56969375232bfd6e0e4301898cd4dd6a5601ecaba9dd155eb47475ff369
Instruction ID: 20f3cc8c72442ce456007c3f4813660beeda6ff7305f2500dd627e91067f7ed7
Opcode Fuzzy Hash: 3984a56969375232bfd6e0e4301898cd4dd6a5601ecaba9dd155eb47475ff369
Instruction Fuzzy Hash: 50D02B3760162013C264323A2C49F8F05966FC7B31B2A0022F406D3200DE34CC0341B1

Function 00C4422E Relevance: 3.0, APIs: 2, Instructions: 23COMMON

Download Yara Rule

APIs

Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,?,?,000000FF,?,?,?,?,?,?,00C440EA,00000000), ref: 00C44531
Part of subcall function 00C4450B: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C44557

GetFileAttributesW.KERNEL32(00000000,00000000,?,?,00C44C34), ref: 00C44242

Part of subcall function 00C466AD: GetProcessHeap.KERNEL32(00000000,?,00C4456B,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466B3
Part of subcall function 00C466AD: RtlFreeHeap.NTDLL(00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466BA

GetFileAttributesA.KERNEL32(?,00000000,?,?,00C44C34), ref: 00C44254

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AttributesByteCharFileHeapMultiWide$FreeProcess
String ID:
API String ID: 3924129366-0
Opcode ID: 6861232da39abe362887097512bc6ee01a61278c932053ef1b475c00a36822bd
Instruction ID: 9ecf6e53f5476b9fdab98b0b9c00cb0efe242c9638f7dc91f0b5539f0faef520
Opcode Fuzzy Hash: 6861232da39abe362887097512bc6ee01a61278c932053ef1b475c00a36822bd
Instruction Fuzzy Hash: 50D05B3760162017C725327B7C09B5F16957FC7771B2A4026F612D7204DD74CC0355E0

Function 6CF96968 Relevance: 3.0, APIs: 2, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000), ref: 6CF97261
Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000,4004667F,?), ref: 6CF97287

GetFileAttributesW.KERNEL32(00000000,?,?,00000000,6CF1AAA0,00000008,?,6CFF38D8,?,?,?,\trace.out), ref: 6CF96979

Part of subcall function 6CDF4BEC: _free.LIBCMT ref: 6CDF4BFF

GetFileAttributesA.KERNEL32(?,?,?,00000000,6CF1AAA0,00000008,?,6CFF38D8,?,?,?,\trace.out), ref: 6CF9698B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AttributesByteCharFileMultiWide$_free
String ID:
API String ID: 3814735602-0
Opcode ID: 4c1164068eff768ae5b54f9b6d7fc93730dd6640b85323b94c1a79d1e4ec5957
Instruction ID: d66ee68a8d29af0e0457db3ee58a580db937c68840782e01038b591e2afb34c3
Opcode Fuzzy Hash: 4c1164068eff768ae5b54f9b6d7fc93730dd6640b85323b94c1a79d1e4ec5957
Instruction Fuzzy Hash: 08D05E37626521174B55137A6808D9F19AD9BC76663260127FD04D3700DF24D80646F5

Function 6CF96B24 Relevance: 3.0, APIs: 2, Instructions: 22fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000), ref: 6CF97261
Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000,4004667F,?), ref: 6CF97287

DeleteFileW.KERNEL32(00000000,?,?,74DE8DA0,6CF1A6BE,?,?,?,6CFF38D8,00000800,02940000), ref: 6CF96B35

Part of subcall function 6CDF4BEC: _free.LIBCMT ref: 6CDF4BFF

DeleteFileA.KERNEL32(?,?,?,74DE8DA0,6CF1A6BE,?,?,?,6CFF38D8,00000800,02940000), ref: 6CF96B47

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharDeleteFileMultiWide$_free
String ID:
API String ID: 3898730923-0
Opcode ID: 0d322dde036934cdc84b224bd4122b653004bb55f86b38fa367d6a6d2e944095
Instruction ID: 263eb3002ce59b872791903fc1d63fc813e3b3687c597cbee00304528a44f51d
Opcode Fuzzy Hash: 0d322dde036934cdc84b224bd4122b653004bb55f86b38fa367d6a6d2e944095
Instruction Fuzzy Hash: 40D05E37616520174B61177E2908E9F29AD9FCBB613260026FD04D3704EF24D80646F5

Function 6CF5F25D Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,6CDC28FF,6CF0938F,?,6CD7FB68,00000000), ref: 6CF5F260
RtlFreeHeap.NTDLL(00000000,?,6CD7FB68,00000000), ref: 6CF5F267

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 95fe680ca7bf1e8fb430c790ce451f3523123c2c5010e98f37d8d96da91ada1b
Instruction ID: d41ca2378f8d71be241e052598c80d701ed144ce83d9e01fda7e8a099c78cffe
Opcode Fuzzy Hash: 95fe680ca7bf1e8fb430c790ce451f3523123c2c5010e98f37d8d96da91ada1b
Instruction Fuzzy Hash: F5A002715551419FDF4497B08A0DF153678A746747F244544F50585150D7A464009631

Function 6CF5F23F Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,6CDCB61C,6CF0935B,?,6CD7FB68,00000000), ref: 6CF5F242
RtlAllocateHeap.NTDLL(00000000,?,6CD7FB68,00000000), ref: 6CF5F249

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Heap$AllocateProcess
String ID:
API String ID: 1357844191-0
Opcode ID: 53cbde3cd6657fe368d08c1c198c5b77b00b03a24b59a7e595e7bcd71287495f
Instruction ID: c7340689815e702a7b57f4b52aea9a501ed5a8e315ab2c4caded9804b7de6e5f
Opcode Fuzzy Hash: 53cbde3cd6657fe368d08c1c198c5b77b00b03a24b59a7e595e7bcd71287495f
Instruction Fuzzy Hash: 37A002715552019BDF4497A08A0DF157B38A746747F240544F505C504097A474409631

Function 00C466AD Relevance: 3.0, APIs: 2, Instructions: 6memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,?,00C4456B,00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466B3
RtlFreeHeap.NTDLL(00000000,?,000000FF,00000000,?,?,?,?,?,00C440EA,00000000), ref: 00C466BA

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 961bd43e3090457afe8a0ca7989788b15c442024d1d036a7fe177cd491482c69
Instruction ID: f86544e81301ee0d18117693c41c1eaafd3c706367ebc8ab4c6b9d24fbe57af7
Opcode Fuzzy Hash: 961bd43e3090457afe8a0ca7989788b15c442024d1d036a7fe177cd491482c69
Instruction Fuzzy Hash: 61B01239504200EFCF003FE09D0CB0D3A24BB49703F008404F20782060C6304001DB21

Function 00C4635A Relevance: 3.0, APIs: 2, Instructions: 6COMMON

Download Yara Rule

APIs

Part of subcall function 00C4636E: GetVersion.KERNEL32 ref: 00C4637B
Part of subcall function 00C4636E: MessageBoxA.USER32(00000000,This program requires Microsoft Windows 95, Microsoft Windows NT 4.0 or later versions of these operating systems.,00000000,00000010), ref: 00C46390

GetCurrentProcess.KERNEL32(00000000), ref: 00C46360
TerminateProcess.KERNEL32(00000000), ref: 00C46367

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Process$CurrentMessageTerminateVersion
String ID:
API String ID: 3410201056-0
Opcode ID: 3911f332575bf95cc8811028bba3a966fb2503717dbc7d201c2c2b97965847f2
Instruction ID: 91eca39e26d054ef6f9b40f1e1e8e24dff8b22581c55b90c97653680533f8f0e
Opcode Fuzzy Hash: 3911f332575bf95cc8811028bba3a966fb2503717dbc7d201c2c2b97965847f2
Instruction Fuzzy Hash: D2A001B9904645ABCE14BBB1AF0DB4E3A2DBA4A3227100844FA47E2025DA79C0559A22

Function 6CF41E76 Relevance: 1.7, APIs: 1, Instructions: 220COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF41E7D

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: afea1693717621a4129277c2efb91e45c6353b134816a0b7e289c525d111b584
Instruction ID: 5d517a0c1380a6d658094304989108fef8c7f5ac687ce1b3a88fb905bc0f6bda
Opcode Fuzzy Hash: afea1693717621a4129277c2efb91e45c6353b134816a0b7e289c525d111b584
Instruction Fuzzy Hash: 6B718372E011199FCF14DFE8C8849DEBFB8EF08314F544529D415B7A91DB31AA8ACBA1

Function 6CF6F2E1 Relevance: 1.6, APIs: 1, Instructions: 146COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF6F2E8

Part of subcall function 6CF41E76: __EH_prolog3_GS.LIBCMT ref: 6CF41E7D

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: f1cd174014b51e93ef98bd7feecef17ce126b2c3f36d7acacd46c340b193d98b
Instruction ID: 17fe8af58c6e65ac36b687f011b5cbd85649ad686e052a7b179757dd883be4f3
Opcode Fuzzy Hash: f1cd174014b51e93ef98bd7feecef17ce126b2c3f36d7acacd46c340b193d98b
Instruction Fuzzy Hash: 7351B431A04248DFDF00DFE5C854BDDBBB8AF09328F648119D465BBA90DB749A4DCB21

Function 6CF1CFAF Relevance: 1.6, APIs: 1, Instructions: 135COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF1CFB6

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: 66621cb0e4abecfd4e60927669da5e1180209b7297fe22d81d8625cb5ab81e67
Instruction ID: 01524b15dbe7dd1010b544c07bf8d83f292f4981d9027d733e00d8c9460b30f7
Opcode Fuzzy Hash: 66621cb0e4abecfd4e60927669da5e1180209b7297fe22d81d8625cb5ab81e67
Instruction Fuzzy Hash: 7A51BF71D042089FDF19CFA9C480AEEBBB5EF48308F24841DD055B7A90DB35A98ACB60

Function 6CF278B3 Relevance: 1.6, APIs: 1, Instructions: 111COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF278BA

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 013bde857d691d10d171098a8ad3cad53c9ad55339d7810feaf40488a1517aa5
Instruction ID: d3168b8ddd3147040bd3870e9f322a67b2812c499a7ad00e486f1700a36ce854
Opcode Fuzzy Hash: 013bde857d691d10d171098a8ad3cad53c9ad55339d7810feaf40488a1517aa5
Instruction Fuzzy Hash: 8D41F774A00306DFCB14CFA9C480A9AB7F1FF09318B21856EE8699BB50C735E991DF90

Function 6CF27781 Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF27788

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 64df378cee21d1151f320f60deb56b7463ac74b79e534249d7ba0b595d7fe7a9
Instruction ID: 6b81e09808022e2e5537e33f2e1c0cee98cd5b29060777a9fcb73b0da54cd23d
Opcode Fuzzy Hash: 64df378cee21d1151f320f60deb56b7463ac74b79e534249d7ba0b595d7fe7a9
Instruction Fuzzy Hash: 1B414D32A00205CFCB14CFA8C984B9AB7F1FF44718F258959E499DBB61D735E944CB90

Function 6CDC5260 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CDC5267

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: cc51764dfd080e0a091d69a408e0017482b2080d23721a7ebdf79fef59ebcbbc
Instruction ID: 56d3c2194e1e38e4545efbbe64e07009be4bb81fcad28d723330b8eb7ae35010
Opcode Fuzzy Hash: cc51764dfd080e0a091d69a408e0017482b2080d23721a7ebdf79fef59ebcbbc
Instruction Fuzzy Hash: E9314B71E102088FDB08CFE9D480ADDFBB9AF48314F64812ED024E7690DB74A98ACF51

Function 6CDC44CE Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 6CDC4569

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 12a7b87ef63acd3a40440e08802253810469f7211585b0a33e353a657484e261
Instruction ID: 58404887cdb09c4213c11b8963fc2cf73b815c8b42ec072d6fba20ef6f307114
Opcode Fuzzy Hash: 12a7b87ef63acd3a40440e08802253810469f7211585b0a33e353a657484e261
Instruction Fuzzy Hash: 0C318271A00219EBCF04DF58D8808DE7BB9FF49354B144469F815E7724DB31EA16CBA1

Function 6CDC4BB2 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CDC4BB9

Part of subcall function 6CDC4DCB: __EH_prolog3_GS.LIBCMT ref: 6CDC4DD2

Part of subcall function 6CDC4E54: __EH_prolog3_GS.LIBCMT ref: 6CDC4E5B

Part of subcall function 6CF2849D: __EH_prolog3_GS.LIBCMT ref: 6CF284A4

Part of subcall function 6CDC4F24: __EH_prolog3_GS.LIBCMT ref: 6CDC4F2B

Part of subcall function 6CDC4FF4: __EH_prolog3_GS.LIBCMT ref: 6CDC4FFB

Part of subcall function 6CF08F74: __EH_prolog3.LIBCMT ref: 6CF08F7B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID:
API String ID: 3952504126-0
Opcode ID: 290ef05bd1b63dca671af57f2dae354ce6e5b7d70f1cf375cde087ef782b74ae
Instruction ID: 6437d8c77894b1de89eb910b560b933d9f4af95bc1b0fe1ed6856721e84add2e
Opcode Fuzzy Hash: 290ef05bd1b63dca671af57f2dae354ce6e5b7d70f1cf375cde087ef782b74ae
Instruction Fuzzy Hash: A7318B32D0161ADBDF01DBA0C6087EEBBB4BF48319F244449C41177BA4CB786A48CBE2

Function 6CDC3840 Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 6CDC38BB

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 913a3b6e21171c2a1fed05bfd461226d3db7d5be8b67f04c55ecdd8e549b2880
Instruction ID: 507a2a5389f1f04ac08eff6ddfd75f9c1426b16dd1d4aaceef8897cd30f38f58
Opcode Fuzzy Hash: 913a3b6e21171c2a1fed05bfd461226d3db7d5be8b67f04c55ecdd8e549b2880
Instruction Fuzzy Hash: EE219FB2A00215ABCB04DFA9DC809DF7BADEF46294B140559F814DB315DB71E91187B2

Function 6CDC4E54 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CDC4E5B

Part of subcall function 6CDC5190: __EH_prolog3_GS.LIBCMT ref: 6CDC5197

Part of subcall function 6CF08F74: __EH_prolog3.LIBCMT ref: 6CF08F7B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID:
API String ID: 3952504126-0
Opcode ID: 4af272d637a7865c303e40e4a02c299735c4f9d010eb719aa813c6815b431ddf
Instruction ID: eb1b1ad84746b9a2cd477e84bea75ad5d637b3c8f7c49c2b9d18dcf9bbd386bc
Opcode Fuzzy Hash: 4af272d637a7865c303e40e4a02c299735c4f9d010eb719aa813c6815b431ddf
Instruction Fuzzy Hash: 34211871E10208DFCB19DFE9C490ADCFBB9AF48314FA4412AD014A77A0DB359A49CB65

Function 6CF1EE6F Relevance: 1.6, APIs: 1, Instructions: 64networkCOMMON

Download Yara Rule

APIs

WSAStringToAddressA.WS2_32(?,00000017,00000000,?,?,48566DFF,?,?,00000000), ref: 6CF1EECC

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressString
String ID:
API String ID: 2549180374-0
Opcode ID: 798cf558bd10e71712005019dafc197000fc4b81613792eab353d516a78ecbc0
Instruction ID: b605676d796a5d6cc72ec323657c22e987d592af19145e76e14d581ec2165a01
Opcode Fuzzy Hash: 798cf558bd10e71712005019dafc197000fc4b81613792eab353d516a78ecbc0
Instruction Fuzzy Hash: D5119132A08619EBDB11CF58D840FDBB7F9FB49B14F11412AE911ABA80D771A904CBA0

Function 6CF2CE0D Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF2CE14

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID:
API String ID: 2427045233-0
Opcode ID: 6a440f14fdfc5f468641ea2511cc36cd5e778bf293434fc40f721d339003bca0
Instruction ID: a43c1b71cf3f377e59cccd4521430a51e4abe48b17224981ea79ad4282985f77
Opcode Fuzzy Hash: 6a440f14fdfc5f468641ea2511cc36cd5e778bf293434fc40f721d339003bca0
Instruction Fuzzy Hash: C1215471D11218DFDB08DFE8D880AEDBBB5BB48314FA4812ED015AB790DB349A49CB61

Function 6CDC4F24 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CDC4F2B

Part of subcall function 6CDC5260: __EH_prolog3_GS.LIBCMT ref: 6CDC5267

Part of subcall function 6CF08F74: __EH_prolog3.LIBCMT ref: 6CF08F7B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID:
API String ID: 3952504126-0
Opcode ID: b7102df3d58263ff519675f69b9affb77b310b2b44829b39e62a2114a54c5dcf
Instruction ID: 7b6912706af8361132aa30c954accc4761e425d7bc18d97ffcee1e565ddf8e0f
Opcode Fuzzy Hash: b7102df3d58263ff519675f69b9affb77b310b2b44829b39e62a2114a54c5dcf
Instruction Fuzzy Hash: B8214771E00208CFDB19DFE9C490ADDFBB9AF48314FA4412ED014A77A0DB349A49CB25

Function 6CDC5190 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CDC5197

Part of subcall function 6CDC4F24: __EH_prolog3_GS.LIBCMT ref: 6CDC4F2B

Part of subcall function 6CF08F74: __EH_prolog3.LIBCMT ref: 6CF08F7B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$H_prolog3
String ID:
API String ID: 3952504126-0
Opcode ID: 750694db701216422a2a01d64c9cdc739e256a14b2f52897d2d18ddcedbc7384
Instruction ID: c449a4ed103a19ac54d7f58c472e66ed8a1206bb3096d6e8f09574563286f366
Opcode Fuzzy Hash: 750694db701216422a2a01d64c9cdc739e256a14b2f52897d2d18ddcedbc7384
Instruction Fuzzy Hash: EA213871E00208CFCB18DFE9C490ADDFBB9AF48314FA4412AD015A77A0DB345A499F61

Function 6CDFE865 Relevance: 1.6, APIs: 1, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df9a0be749b6f5b32e68fd9f684190a95b0ad23211ce9312fcc97400420b1504
Instruction ID: 87ab8c08b4e4216b642814da5c7d7297a5e20c95c494032c457d45bbadd8846d
Opcode Fuzzy Hash: df9a0be749b6f5b32e68fd9f684190a95b0ad23211ce9312fcc97400420b1504
Instruction Fuzzy Hash: AE01F937700216DBAF159F6DDC40B4A37A6BBC62683128121F925CBD54DB30D80286D0

Function 6CDC3D83 Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 6CDC1253

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: std::exception::exception
String ID:
API String ID: 2807920213-0
Opcode ID: bc7aab9d017c351c797e2b5e918a8f80e807a268b7824d3d076c5b3181bf6393
Instruction ID: 82075d559ffc19aec40418ac3942db82ed5e2cd0d78836ef72cdad2da7dec81d
Opcode Fuzzy Hash: bc7aab9d017c351c797e2b5e918a8f80e807a268b7824d3d076c5b3181bf6393
Instruction Fuzzy Hash: 74F02D7650122C678B149B78AC15CDFB76CEF002687510569F52887F70EB35D90A83F5

Function 6CDE1565 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CDE156C

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: a1f095c803a9e1365f797017650bdd016363e3fc53d5b01ce7ae6308d3afbc09
Instruction ID: cb88bc9af41c3e03192c1c158890127ec6488a7dff0ae4c582faf49b4fcd1000
Opcode Fuzzy Hash: a1f095c803a9e1365f797017650bdd016363e3fc53d5b01ce7ae6308d3afbc09
Instruction Fuzzy Hash: A711EF70A04705DFCB24DF65C09059EBBF0BF48358B10992ED4AB9BB61D770E649CB91

Function 6CF08F74 Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF08F7B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 74ae3574f8ebdbcd328e2812565ff7a4ae56c10f1b197c0cecc485fa22c99b55
Instruction ID: 5bfe6c5f02d6a3db26ebfc583b8edf2b0de580ac102579c0ef460e0451b38bb2
Opcode Fuzzy Hash: 74ae3574f8ebdbcd328e2812565ff7a4ae56c10f1b197c0cecc485fa22c99b55
Instruction Fuzzy Hash: 84110775A0011ADFCF04DFA4C8A0AEDB7B5FF08704B544059E515ABAA0EB34AA19DF60

Function 6CDC37D1 Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 6CDC3828

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: ce9de8a377fea536c74b4999b383b939d5ce98d64b685c9e529febe70be844b4
Instruction ID: 2acf9af6cbd89cd53c99437922f1c2b2313b749007c1b0ddd242816ce2b49b9c
Opcode Fuzzy Hash: ce9de8a377fea536c74b4999b383b939d5ce98d64b685c9e529febe70be844b4
Instruction Fuzzy Hash: C901ADB2600205BFDB098F69D8809EEBBEDFF49254B24051AF918C3750DB71ED5087B2

Function 6CE5A80D Relevance: 1.5, APIs: 1, Instructions: 47COMMON

Download Yara Rule

APIs

Part of subcall function 6CE5A6D8: CloseHandle.KERNEL32(?,?,?,6CE5A81A,?,?,6CE5A681,00000000), ref: 6CE5A709
Part of subcall function 6CE5A6D8: FreeLibraryAndExitThread.KERNEL32(?,?,?,?,6CE5A81A,?,?,6CE5A681,00000000), ref: 6CE5A71F
Part of subcall function 6CE5A6D8: ExitThread.KERNEL32 ref: 6CE5A728

Part of subcall function 6CDFD6F3: GetLastError.KERNEL32(?,?,00000001,6CDFCA16,6CDFCBBB,?,?,6CDFC6E5), ref: 6CDFD6F8
Part of subcall function 6CDFD6F3: SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000001,6CDFCA16,6CDFCBBB,?,?,6CDFC6E5), ref: 6CDFD796

Part of subcall function 6CE00201: HeapAlloc.KERNEL32(00000008,?,00000000,?,6CDFD73E,00000001,00000364,00000006,000000FF,?,00000001,6CDFCA16,6CDFCBBB,?,?,6CDFC6E5), ref: 6CE00242

_free.LIBCMT ref: 6CE5A847

Part of subcall function 6CDFCB95: RtlFreeHeap.NTDLL(00000000,00000000,?,6CDFC6E5), ref: 6CDFCBAB
Part of subcall function 6CDFCB95: GetLastError.KERNEL32(?,?,6CDFC6E5), ref: 6CDFCBBD

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorLast$ExitFreeHeapThread$AllocCloseHandleLibrary_free
String ID:
API String ID: 596273186-0
Opcode ID: 3dd78a2d8412def2e99c2557494f7daf6bc93dd540f23366f25133bca45936da
Instruction ID: 6ec6f04c141c7225cb71b453de9664213bba7b8e35369b5cc054691b17e44e65
Opcode Fuzzy Hash: 3dd78a2d8412def2e99c2557494f7daf6bc93dd540f23366f25133bca45936da
Instruction Fuzzy Hash: 3EF0A93198071467C2212A658C49B777779AF8075CF750528FA186BF41DF77D82741B0

Function 6CDF158A Relevance: 1.5, APIs: 1, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6CDC1249,?,?,?,6CDC1249,?,6CFF3920), ref: 6CDF15EA

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: DispatcherExceptionUser
String ID:
API String ID: 6842923-0
Opcode ID: ace3c168d0249bc915fceeab4f4d5f2b7c3095f55022ea316e39c766b2de07e4
Instruction ID: b18cebaf86061826c85f6afacbc905fba4d730752c375b438b2ea0d4b6386132
Opcode Fuzzy Hash: ace3c168d0249bc915fceeab4f4d5f2b7c3095f55022ea316e39c766b2de07e4
Instruction Fuzzy Hash: CA01A775900209AFDB029F59C980BAEBBF8FF45718F214059ED259B350DB70E901CB90

Function 6CF1004F Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF10056

Part of subcall function 6CF1DFE2: __EH_prolog3_GS.LIBCMT ref: 6CF1DFE9

Part of subcall function 6CF1DC57: __EH_prolog3_catch_GS.LIBCMT ref: 6CF1DC61
Part of subcall function 6CF1DC57: EnterCriticalSection.KERNEL32(00F11B20,000000A0,6CF1BC87,00000000,4004667F,7FFFFFFF,00000000,0000000C,6CF1BC0F,?,?,00000008,6CF1D121,?,00000040,6CDC1345), ref: 6CF1DC83

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalEnterH_prolog3H_prolog3_H_prolog3_catch_Section
String ID:
API String ID: 2835042029-0
Opcode ID: 444302f51b715d003978d80c154d5a29050ec3bf5ca46385b55c8fb0062db958
Instruction ID: b35b97814108e581205f194100e7da6eff6246dab64090261ac59f0dbc6ef0c4
Opcode Fuzzy Hash: 444302f51b715d003978d80c154d5a29050ec3bf5ca46385b55c8fb0062db958
Instruction Fuzzy Hash: 09F096706006509BC7159F2AC405A5EFEF9BFD1708F51444EE0455FB61CBB18605CBD1

Function 6CDFCBCF Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,6CE02BE7,6CFF3478,00000018,00000003), ref: 6CDFCC01

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 4cb965ea83376f76836f430606df0fbe19a24162e001a235d353cd7e4a87495c
Instruction ID: e2fcecb0d3dee349392ca235c394797937c026b765adb1d4542b4954533a4598
Opcode Fuzzy Hash: 4cb965ea83376f76836f430606df0fbe19a24162e001a235d353cd7e4a87495c
Instruction Fuzzy Hash: 35E0E535285211E6EB3137AE8D10B963668BBC27E8F170221EC34E6AF0CB10D82385E1

Function 6CF1101B Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CF11022

Part of subcall function 6CF1165A: __EH_prolog3_GS.LIBCMT ref: 6CF11664

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_H_prolog3_catch
String ID:
API String ID: 3862090230-0
Opcode ID: 569f4683e0c98f077356ae82aa587c5070b200997d79e2a9b238eb650bfe71b5
Instruction ID: fc022d08d0d04db3e9865d3a6947178e40ce0cbd8155ad9b5dbeb41787364357
Opcode Fuzzy Hash: 569f4683e0c98f077356ae82aa587c5070b200997d79e2a9b238eb650bfe71b5
Instruction Fuzzy Hash: 2AF09071D0424ADFDF029F98C8017FEBAB1AF14314F20805DE548AB791DB718655ABA1

Function 6CF1BBDF Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CF1BBE6

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_catch
String ID:
API String ID: 3886170330-0
Opcode ID: 8fd05b82d13fee14c9c21b278de2e446a401e3be7d79f0cca160f5f337612540
Instruction ID: 66e69cabee2a88baf2b317182cdc985c100d521725f3916727352ac5168cfe5e
Opcode Fuzzy Hash: 8fd05b82d13fee14c9c21b278de2e446a401e3be7d79f0cca160f5f337612540
Instruction Fuzzy Hash: A1E0927120D31197EB1467618D80FBF67F8DF52168F70882DA61497F80DF25D51542A5

Function 6CF99DB3 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF99DBA

Part of subcall function 6CF257C7: __EH_prolog3_GS.LIBCMT ref: 6CF257D1
Part of subcall function 6CF257C7: RegOpenKeyExA.KERNEL32(?,?,00000000,00000001,?,?,?,00000890,6CF99E0C,?,?,00000004,6CF99E3B,?,00000030,00000004), ref: 6CF2586E
Part of subcall function 6CF257C7: RegEnumValueW.ADVAPI32(?,00000000,?,000007FF,00000000,?,00000000,?), ref: 6CF258E3

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: EnumH_prolog3H_prolog3_OpenValue
String ID:
API String ID: 3806272963-0
Opcode ID: 1c09fdcfac6a9b5f958aa000494ee082febc33a8dcc4baee177d1278a4bb4140
Instruction ID: 5482b913e6c6c7d1b93a90274ac3b10d642754f32331695cac7fb09c412e404e
Opcode Fuzzy Hash: 1c09fdcfac6a9b5f958aa000494ee082febc33a8dcc4baee177d1278a4bb4140
Instruction Fuzzy Hash: 7AF06DB1A00305DFCB10CF59C481589FBF5BF48304B50852ED1488BB20CB70EA69CF90

Function 6CDDE0A0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CDDE0A7

Part of subcall function 6CF1DFE2: __EH_prolog3_GS.LIBCMT ref: 6CF1DFE9

Part of subcall function 6CF1DC57: __EH_prolog3_catch_GS.LIBCMT ref: 6CF1DC61
Part of subcall function 6CF1DC57: EnterCriticalSection.KERNEL32(00F11B20,000000A0,6CF1BC87,00000000,4004667F,7FFFFFFF,00000000,0000000C,6CF1BC0F,?,?,00000008,6CF1D121,?,00000040,6CDC1345), ref: 6CF1DC83

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalEnterH_prolog3H_prolog3_H_prolog3_catch_Section
String ID:
API String ID: 2835042029-0
Opcode ID: fb821253b7bb744698a47c34e0ca3617947b45034352623ad5d5c196f2a6ace7
Instruction ID: 85a6431e16d4783ae106b7f5db38865d5712a926151f35e5de22473e6195c388
Opcode Fuzzy Hash: fb821253b7bb744698a47c34e0ca3617947b45034352623ad5d5c196f2a6ace7
Instruction Fuzzy Hash: 53F0E5706006509BDA156F3A8809B8EBDB4AFD1B4CF60014EE0445FFA1CBF28656C7E2

Function 6CF12C0C Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF12C13

Part of subcall function 6CF1215F: __EH_prolog3_GS.LIBCMT ref: 6CF12169
Part of subcall function 6CF1215F: GetVersion.KERNEL32(000001B8,6CF12C2E,00000004,6CDC17F5,?,00000001), ref: 6CF12170
Part of subcall function 6CF1215F: WSAStartup.WS2_32(00000202,?), ref: 6CF121A2
Part of subcall function 6CF1215F: LoadLibraryW.KERNEL32(Ws2_32.dll,?,?,00000001), ref: 6CF121C1
Part of subcall function 6CF1215F: GetProcAddress.KERNEL32(00000000,GetAddrInfoW), ref: 6CF121D9
Part of subcall function 6CF1215F: GetProcAddress.KERNEL32(00000000,FreeAddrInfoW), ref: 6CF121E4
Part of subcall function 6CF1215F: GetProcAddress.KERNEL32(00000000,getaddrinfo), ref: 6CF121EF
Part of subcall function 6CF1215F: GetProcAddress.KERNEL32(00000000,freeaddrinfo), ref: 6CF121FA

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressProc$H_prolog3H_prolog3_LibraryLoadStartupVersion
String ID:
API String ID: 958929627-0
Opcode ID: 40a30dc05d10a4b991a4945a9dc874983443926fe9681ee15383fdaff620ea10
Instruction ID: b2b84d13f6fbce5b26ee90b55d33db92563befe6e560b742115e5573b8fafc91
Opcode Fuzzy Hash: 40a30dc05d10a4b991a4945a9dc874983443926fe9681ee15383fdaff620ea10
Instruction Fuzzy Hash: 01F03AB1940304EBEF08DFB49046B9C37B1AB46318F608549D2005FBE4DB365655CB10

Function 6CF2284D Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF22854

Part of subcall function 6CF2276B: __EH_prolog3_GS.LIBCMT ref: 6CF22772
Part of subcall function 6CF2276B: GetLastError.KERNEL32(0000004C,6CF22870,00000020,6CF1E138,CreateSemaphoreA,?,?), ref: 6CF227C0

Part of subcall function 6CF22A63: __EH_prolog3.LIBCMT ref: 6CF22A6A

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$DeallocateErrorH_prolog3Last
String ID:
API String ID: 234382765-0
Opcode ID: 2dae7bf144b9eedb7a661e456fefc68e52038b3054578179e3c18fe73e417eb6
Instruction ID: df850958fcb31945e424d3923fddc5e173cf63ac41db252c6ccf3a2c8eff7107
Opcode Fuzzy Hash: 2dae7bf144b9eedb7a661e456fefc68e52038b3054578179e3c18fe73e417eb6
Instruction Fuzzy Hash: 75E09271E202044BDF08DFB988809DDB771AF88224F95902DD015BB741CF359A098B60

Function 6CDC13B0 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CDC13B7

Part of subcall function 6CF23327: __EH_prolog3_GS.LIBCMT ref: 6CF23331

Part of subcall function 6CF232C4: __EH_prolog3.LIBCMT ref: 6CF232CB

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$DeallocateH_prolog3
String ID:
API String ID: 682773607-0
Opcode ID: 0c8ef92c21d07c9e2d3696a645fa2f9f5c4431f9c19bf1dbab25c17556161f71
Instruction ID: 736e166d0a4e7397e0d5e95eb1559feab283a0bc11de7bd12d6739908f713acc
Opcode Fuzzy Hash: 0c8ef92c21d07c9e2d3696a645fa2f9f5c4431f9c19bf1dbab25c17556161f71
Instruction Fuzzy Hash: 31E06DB1A20118AADB08E7E4C454AEDBABCAF2430CF90401CA105A3A90CF789E5DC772

Function 6CDC33A5 Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

_Deallocate.LIBCONCRT ref: 6CDC33B4

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Deallocate
String ID:
API String ID: 1075933841-0
Opcode ID: 845eeca8e53ca0711b73794f8e96139118dc32f0bb6742847cbbd75c87780121
Instruction ID: f4619a15b3a8bddd3e37c7a2d8bf9c140e627ffc6cf9f12b766df105accb6f87
Opcode Fuzzy Hash: 845eeca8e53ca0711b73794f8e96139118dc32f0bb6742847cbbd75c87780121
Instruction Fuzzy Hash: B0D05E310096108BF3344F08F0007A677E9EB01715F20090DD0D187991CBA5588846A6

Function 6CE5F0B8 Relevance: 1.5, APIs: 1, Instructions: 15COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CE5F0BF

Part of subcall function 6CDC3E88: __EH_prolog3.LIBCMT ref: 6CDC3E8F
Part of subcall function 6CDC3E88: InitializeSRWLock.KERNEL32(00000000,00000004,6CE5F0DD,00000004,6CE5B79B,00000000,\trace.out,0000000A), ref: 6CDC3EA3

Part of subcall function 6CE5E0C9: __EH_prolog3_catch_GS.LIBCMT ref: 6CE5E0D0

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3$H_prolog3_catch_InitializeLock
String ID:
API String ID: 4262241566-0
Opcode ID: 58efebf97e722ab861e112d7526acad13bfba652be4a9a3a7421be3953e54fa7
Instruction ID: 5dfc8ae9b9282e3539df79635fb10be862b0cd8fa144bf14edd67a7df6c955b9
Opcode Fuzzy Hash: 58efebf97e722ab861e112d7526acad13bfba652be4a9a3a7421be3953e54fa7
Instruction Fuzzy Hash: 75D01770E4030596CF00ABB945067DC66B16F40328FA0461C9220AFAE0DBB987584762

Function 6CF99E17 Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF99E1E

Part of subcall function 6CF99DB3: __EH_prolog3.LIBCMT ref: 6CF99DBA

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: 1df945cf6df98e29a799a311ea2a939362a4c0430cfe6ef11195e0934848da59
Instruction ID: a51532ca9afdb145c9dd205102574f9a3f44330356bd50142af3c6a86a127dae
Opcode Fuzzy Hash: 1df945cf6df98e29a799a311ea2a939362a4c0430cfe6ef11195e0934848da59
Instruction Fuzzy Hash: 67D01260A511216BFF0157B044127FD61B56F0428DFA1405D92406EBE0DFB94F5843B1

Function 6CF0B72F Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF0B736

Part of subcall function 6CDDE0A0: __EH_prolog3.LIBCMT ref: 6CDDE0A7

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID:
API String ID: 431132790-0
Opcode ID: a0116609568d223b79cb9321aca013b938f957f61bad32cb5b66fcb6060f69cf
Instruction ID: 7c4d04f78695e9498075d5c382e4caaf9b6ac21018bd5dfc2f4149a83a228fa4
Opcode Fuzzy Hash: a0116609568d223b79cb9321aca013b938f957f61bad32cb5b66fcb6060f69cf
Instruction Fuzzy Hash: 34C01251E5020892DF0097F454097EC61A12B0430DFE0842CD2105EBD0DF7A565842A1

Function 6CDF4BEC Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 6CDF4BFF

Part of subcall function 6CDFCB95: RtlFreeHeap.NTDLL(00000000,00000000,?,6CDFC6E5), ref: 6CDFCBAB
Part of subcall function 6CDFCB95: GetLastError.KERNEL32(?,?,6CDFC6E5), ref: 6CDFCBBD

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: 93066ac1a02b703a824955ab2883c0a8d07a2cd487222c8df79a4be2b94a8910
Instruction ID: 2b3f7efe8562e7c0e532a41eef7a7956a8d87b79722afe2422615fd326605e68
Opcode Fuzzy Hash: 93066ac1a02b703a824955ab2883c0a8d07a2cd487222c8df79a4be2b94a8910
Instruction Fuzzy Hash: F7C08C31500208BBDB019B41C806E8E7BB9EBC0268F200044E4101B650CBB1EE099690

Function 6CDC6B95 Relevance: 1.3, APIs: 1, Instructions: 62COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(00F11AC0), ref: 6CDC6BC9

Part of subcall function 6CF1E1A1: LeaveCriticalSection.KERNEL32(6CD7A9C0,6CDC30E6,?,6CDC710B,6CDB1570,?,?,6CF24DBC,00000000,00000000,?,?,?,?,?,/xstd/convert), ref: 6CF1E1A8

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalSection$EnterLeave
String ID:
API String ID: 3168844106-0
Opcode ID: 6e6f0be78f37d9d51aca04e63299d282b5c6fa0fec3b00107bd5b543079fb0a1
Instruction ID: bf76797cdb61c0e33216554813533e256339e600d2c8b3c5b4e4c66cb0774225
Opcode Fuzzy Hash: 6e6f0be78f37d9d51aca04e63299d282b5c6fa0fec3b00107bd5b543079fb0a1
Instruction Fuzzy Hash: FB216D75A00608DBDB14CF64C940BEDBBB9EB49718F10C46DD816A7B90DB36E80ACB90

Function 6CF740B4 Relevance: 1.3, APIs: 1, Instructions: 17memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00000109,00003000,00000040,6D0418D0,6CF73BED,?,6D0418D0), ref: 6CF740CF

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 99f6ffde2918523ad6063fb9a2932fca7e7602f0f92479701fad59c9c76ce2ac
Instruction ID: bd35b135a91bcbe1271a529615707db7cf85a623b4367f458277774f127acc48
Opcode Fuzzy Hash: 99f6ffde2918523ad6063fb9a2932fca7e7602f0f92479701fad59c9c76ce2ac
Instruction Fuzzy Hash: E7D0A9302403209EE3208A19690AFC12B989F00B21F02C41AA658AE4C0D2E8A8808FA0

Function 6CF2274D Relevance: 1.3, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6CF227BA,0000004C,6CF22870,00000020,6CF1E138,CreateSemaphoreA,?,?), ref: 6CF22757

Part of subcall function 6CF228E9: __EH_prolog3_GS.LIBCMT ref: 6CF228F0

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorH_prolog3_Last
String ID:
API String ID: 1018228973-0
Opcode ID: 97954dc957e25cf4fb6db8059869c2e1352f7f312d525e0eb3c24b8789c4d5d2
Instruction ID: 6fdf6aa67aaeec16a69cd2efd29402bd16d9b9a646affb0ba81ffe2aa78e7724
Opcode Fuzzy Hash: 97954dc957e25cf4fb6db8059869c2e1352f7f312d525e0eb3c24b8789c4d5d2
Instruction Fuzzy Hash: D0C01271F11124AB4B046799A80A88EB6ACCA89964310406BB802D3300EAB4AE0586E9

Function 00C43F7D Relevance: 1.3, APIs: 1, Instructions: 4stringCOMMON

Download Yara Rule

APIs

lstrcmpA.KERNEL32(?,?,00C44E81,00C41128,?), ref: 00C43F85

Memory Dump Source

Source File: 00000001.00000002.1827343952.0000000000C41000.00000020.00000001.01000000.00000005.sdmp, Offset: 00C40000, based on PE: true

Associated: 00000001.00000002.1826104875.0000000000C40000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000001.00000002.1827478901.0000000000C4D000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_c40000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: lstrcmp
String ID:
API String ID: 1534048567-0
Opcode ID: d092c1fa9bb4de96d56859986b7553352a6c0e83165cfbc0c87510982c1c477f
Instruction ID: b4fd2c47c21b3d97c457c481a55846a3c18b6badecc5362eafa32c69747377bf
Opcode Fuzzy Hash: d092c1fa9bb4de96d56859986b7553352a6c0e83165cfbc0c87510982c1c477f
Instruction Fuzzy Hash: 12A00275504101ABDF015B51DD0454D7E61BB85341F004454B14D41030C7318451DB05

Non-executed Functions

Function 6CF73521 Relevance: 59.6, APIs: 18, Strings: 16, Instructions: 102libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(dbghelp.dll,?,?,?,?,?,-00100308,6CF4170B), ref: 6CF73542
GetCurrentProcess.KERNEL32(?,?,?,?,?,-00100308,6CF4170B), ref: 6CF7355B
GetProcAddress.KERNEL32(00000000,SymInitialize), ref: 6CF7356C
GetProcAddress.KERNEL32(00000000,SymGetOptions), ref: 6CF73577
GetProcAddress.KERNEL32(00000000,SymSetOptions), ref: 6CF73581
GetProcAddress.KERNEL32(?,SymFromAddr), ref: 6CF735AF
GetProcAddress.KERNEL32(?,SymGetModuleInfo64), ref: 6CF735BC
GetProcAddress.KERNEL32(?,SymLoadModule64), ref: 6CF735C9
GetProcAddress.KERNEL32(?,SymLoadModuleEx), ref: 6CF735D6
GetProcAddress.KERNEL32(?,SymGetLineFromAddr64), ref: 6CF735E3
GetProcAddress.KERNEL32(?,StackWalk64), ref: 6CF735F0
GetProcAddress.KERNEL32(?,SymFunctionTableAccess64), ref: 6CF735FD
GetProcAddress.KERNEL32(?,SymGetModuleBase64), ref: 6CF7360A
LoadLibraryA.KERNEL32(psapi.dll,?,?,?,?,?,-00100308,6CF4170B), ref: 6CF7361C
GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 6CF7362A
FreeLibrary.KERNEL32(00000000,?,?,?,?,?,-00100308,6CF4170B), ref: 6CF73636
LoadLibraryA.KERNEL32(kernel32.dll,RtlCaptureStackBackTrace,?,?,?,?,?,-00100308,6CF4170B), ref: 6CF73646
GetProcAddress.KERNEL32(00000000), ref: 6CF73649

Strings

SymLoadModule64, xrefs: 6CF735BE
kernel32.dll, xrefs: 6CF73641
psapi.dll, xrefs: 6CF73617
SymGetModuleInfo64, xrefs: 6CF735B1
StackWalk64, xrefs: 6CF735E5
SymInitialize, xrefs: 6CF73561
SymLoadModuleEx, xrefs: 6CF735CB
SymFunctionTableAccess64, xrefs: 6CF735F2
SymGetModuleBase64, xrefs: 6CF735FF
SymGetLineFromAddr64, xrefs: 6CF735D8
GetModuleInformation, xrefs: 6CF73624
SymSetOptions, xrefs: 6CF73579
dbghelp.dll, xrefs: 6CF73536
SymGetOptions, xrefs: 6CF7356E
SymFromAddr, xrefs: 6CF735A9
RtlCaptureStackBackTrace, xrefs: 6CF7363C

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressProc$Library$Load$CurrentFreeProcess
String ID: GetModuleInformation$RtlCaptureStackBackTrace$StackWalk64$SymFromAddr$SymFunctionTableAccess64$SymGetLineFromAddr64$SymGetModuleBase64$SymGetModuleInfo64$SymGetOptions$SymInitialize$SymLoadModule64$SymLoadModuleEx$SymSetOptions$dbghelp.dll$kernel32.dll$psapi.dll
API String ID: 2686511417-607760783
Opcode ID: 0569456933294f40c5d0fd4005b545c46b7c9f6466270bae442fffb3dc46cca4
Instruction ID: 0ab3cd34493ccf72014299890364c0fb80ecddc79b398d082ea9b26388ee7716
Opcode Fuzzy Hash: 0569456933294f40c5d0fd4005b545c46b7c9f6466270bae442fffb3dc46cca4
Instruction Fuzzy Hash: DA3123758123547EFF106BB6AD88F4A7AB9AF9E294B100916ED04E3650DB74EC048B78

Function 6CF41481 Relevance: 52.8, APIs: 13, Strings: 17, Instructions: 256libraryfileloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF4148B
CreateFileA.KERNEL32(coredump.txt,40000000,00000001,00000000,00000004,00000080,00000000,00000528,6CF22E5D), ref: 6CF414C0
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 6CF414E2
GetCurrentThreadId.KERNEL32 ref: 6CF41518
GetCurrentProcessId.KERNEL32(00000000), ref: 6CF4151F
GetModuleFileNameA.KERNEL32(00000000,-00100718,00000400), ref: 6CF4155A
GetSystemTime.KERNEL32(-00100728), ref: 6CF41586
GetSystemInfo.KERNEL32(-0010083C), ref: 6CF415D7
GetVersionExA.KERNEL32(-00100808), ref: 6CF415EE
LoadLibraryA.KERNEL32(psapi.dll), ref: 6CF41649
GetProcAddress.KERNEL32(00000000,GetPerformanceInfo), ref: 6CF41659
GlobalMemoryStatus.KERNEL32(-00100738), ref: 6CF416CE

Part of subcall function 6CDE5701: WriteFile.KERNEL32(00000000,-00100720,00000000,-00100724,00000000), ref: 6CDE5747
Part of subcall function 6CDE5701: FlushFileBuffers.KERNEL32(00000000), ref: 6CDE5750

CloseHandle.KERNEL32(00000000), ref: 6CF4184E

Strings

GetPerformanceInfo, xrefs: 6CF41653
t:%d-%02d-%02dT%02d:%02d:%02dZ, xrefs: 6CF415C2
gps:%d;gct:%d;gmt:%d;gma:%d, xrefs: 6CF416AD
, xrefs: 6CF416C3
fn:%s, xrefs: 6CF41571
psapi.dll, xrefs: 6CF41644
gw:%d,%d.%04d,%d,%s, xrefs: 6CF41636
pid:%u;tid:%lu, xrefs: 6CF4152C
ex:0x%x, xrefs: 6CF4153E
e:%d;ex:0x%x;efl:%x, xrefs: 6CF4172A
eaop:%s, xrefs: 6CF4179D
coredump.txt, xrefs: 6CF414AF
gm:%d%,%d,%d,%d,%d, xrefs: 6CF416F8
ea:0x%08X, xrefs: 6CF41741
ep:0x%08X, xrefs: 6CF417D4
pn:%d;pt:%d, xrefs: 6CF41606
hc:%d;tc:%d, xrefs: 6CF41684

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: File$CurrentSystem$AddressBuffersCloseCreateFlushGlobalH_prolog3_HandleInfoLibraryLoadMemoryModuleNamePointerProcProcessStatusThreadTimeVersionWrite
String ID: $GetPerformanceInfo$coredump.txt$e:%d;ex:0x%x;efl:%x$ea:0x%08X$eaop:%s$ep:0x%08X$ex:0x%x$fn:%s$gm:%d%,%d,%d,%d,%d$gps:%d;gct:%d;gmt:%d;gma:%d$gw:%d,%d.%04d,%d,%s$hc:%d;tc:%d$pid:%u;tid:%lu$pn:%d;pt:%d$psapi.dll$t:%d-%02d-%02dT%02d:%02d:%02dZ
API String ID: 3222981212-2998959125
Opcode ID: 2b622dd74763811a66a5bd6c095e67c51dd1e806406b79ba0bf902f3f6aefe79
Instruction ID: b4a8c6dcce4727378d1f1ce792cd9e54784fd30eeb21ce4a98c2a2a5fed0aae7
Opcode Fuzzy Hash: 2b622dd74763811a66a5bd6c095e67c51dd1e806406b79ba0bf902f3f6aefe79
Instruction Fuzzy Hash: D0A164B2D01619ABDF21EB60CC44FEE77B8AB08309F1045D5F648A2551EB35EAD8CF64

Function 6CDF026C Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 6CDF0278
IsDebuggerPresent.KERNEL32 ref: 6CDF0344
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6CDF0364
UnhandledExceptionFilter.KERNEL32(?), ref: 6CDF036E

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 6cfda58dc512ed953c954fc101d808db96ca5c8ed14abceddddd863202dad7d1
Instruction ID: 73d6b6f9a07a767b42f3aaec0fb1b77c8753e543dc1e4c6b166f4bb6041adcd5
Opcode Fuzzy Hash: 6cfda58dc512ed953c954fc101d808db96ca5c8ed14abceddddd863202dad7d1
Instruction Fuzzy Hash: 9E3128B5945218DBDB10DFA0C989BCCBBF8BF04344F10419AE409AB250EB71AA858F54

Function 6CDF4C26 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 6CDF4D1E
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 6CDF4D28
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 6CDF4D35

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: ea49bb0460503a2f73e2f478a0081c73e7556d4410f63f3acce0cd5381b5c2dc
Instruction ID: 878cae8e4171ad1254380f860d94d3ce7451e375dbffc370d8a7f7fef191b3b6
Opcode Fuzzy Hash: ea49bb0460503a2f73e2f478a0081c73e7556d4410f63f3acce0cd5381b5c2dc
Instruction Fuzzy Hash: F631B57590121D9BCB21DF64DD887CCBBB8BF48314F5042EAE41CA7260E7749B858F54

Function 6CF22EA2 Relevance: 3.0, APIs: 2, Instructions: 25memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00100000,00103000,00000004,6CE5B604,0000009C), ref: 6CF22EC4
SetUnhandledExceptionFilter.KERNEL32(6CF22D8D), ref: 6CF22EF2

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AllocExceptionFilterUnhandledVirtual
String ID:
API String ID: 2550930513-0
Opcode ID: 95a57e8a5e0e4494eb3f1d7101002178187d4d954e898040a41dea20c71f9fd2
Instruction ID: f79fb06a36699b36d793578116c3656c796d3d3156736340264f901b7486de80
Opcode Fuzzy Hash: 95a57e8a5e0e4494eb3f1d7101002178187d4d954e898040a41dea20c71f9fd2
Instruction Fuzzy Hash: 87F012B0655301DBEF01AFA18E0DF963BB4AF05719F604424F540D66C1EFBA99C0DAD5

Function 6CDDE5B3 Relevance: 45.8, APIs: 1, Strings: 25, Instructions: 286COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CDDE5BD

Strings

AF_UNSPEC, xrefs: 6CDDE7E5
,ai_protocol=, xrefs: 6CDDE858
],ai_addr=, xrefs: 6CDDE91F
,ai_canonname=[, xrefs: 6CDDE8BC
AI_NUMERICHOST, xrefs: 6CDDE640
,ai_family=, xrefs: 6CDDE77D
AI_ALL, xrefs: 6CDDE655
AF_INET, xrefs: 6CDDE7DC
AI_SECURE, xrefs: 6CDDE6AF
{ai_flags=, xrefs: 6CDDE5F1
AF_INET6, xrefs: 6CDDE7D3
IPPROTO_UDP, xrefs: 6CDDE8A7
SOCK_DGRAM, xrefs: 6CDDE843
,ai_socktype=, xrefs: 6CDDE7F3
AI_RETURN_PREFERRED_NAMES, xrefs: 6CDDE6C4
AI_NON_AUTHORITATIVE, xrefs: 6CDDE69A
IPPROTO_TCP, xrefs: 6CDDE8B0
AI_FILESERVER, xrefs: 6CDDE6EE
AI_ADDRCONFIG, xrefs: 6CDDE66D
AI_V4MAPPED, xrefs: 6CDDE685
AI_DISABLE_IDN_ENCODING, xrefs: 6CDDE703
AI_CANONNAME, xrefs: 6CDDE62E
SOCK_STREAM, xrefs: 6CDDE84C
AI_FQDN, xrefs: 6CDDE6D9
AI_PASSIVE, xrefs: 6CDDE61C, 6CDDE732

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: ,ai_canonname=[$,ai_family=$,ai_protocol=$,ai_socktype=$AF_INET$AF_INET6$AF_UNSPEC$AI_ADDRCONFIG$AI_ALL$AI_CANONNAME$AI_DISABLE_IDN_ENCODING$AI_FILESERVER$AI_FQDN$AI_NON_AUTHORITATIVE$AI_NUMERICHOST$AI_PASSIVE$AI_RETURN_PREFERRED_NAMES$AI_SECURE$AI_V4MAPPED$IPPROTO_TCP$IPPROTO_UDP$SOCK_DGRAM$SOCK_STREAM$],ai_addr=${ai_flags=
API String ID: 2427045233-3554949392
Opcode ID: 8237a9e6e0110a81fb9e5bcae1ab6db91baff00e2dd491b4a64896e0bf4c076f
Instruction ID: 75a655fa1d6e696b7d63dc4840a8aad502ac408f0f6cdf85bfc14a94370c6526
Opcode Fuzzy Hash: 8237a9e6e0110a81fb9e5bcae1ab6db91baff00e2dd491b4a64896e0bf4c076f
Instruction Fuzzy Hash: 22A1F570E42604E6EB119B68CC84BEDB2696F5570CF214149E4A437FF0CB74AA49CBF2

Function 6CF622CA Relevance: 28.4, APIs: 5, Strings: 11, Instructions: 427threadCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CF622D4
GetTickCount.KERNEL32 ref: 6CF622FE
GetCurrentThreadId.KERNEL32 ref: 6CF6231B
GetCurrentProcessId.KERNEL32(?,?,6D032B78,?,?,6CDC180E,?,00000001), ref: 6CF62323
GetTempPathW.KERNEL32(00000619,?,?,%u-%u-%u-%u,00000000,00000000,00000000,00000000,00000000,?,?,6D032B78,?,?,6CDC180E), ref: 6CF62382

Part of subcall function 6CF252FC: __EH_prolog3_GS.LIBCMT ref: 6CF25303

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Strings

agent:, xrefs: 6CF62798
%u-%u-%u-%u, xrefs: 6CF62347
ISL-Light-Client/4.4.2332.44 (Win; x86), xrefs: 6CF627A0
ex:ea:, xrefs: 6CF62730
.txt, xrefs: 6CF62480
fn:, xrefs: 6CF625D8
id:, xrefs: 6CF62819
ts:, xrefs: 6CF62887
gwi:, xrefs: 6CF6267B
crasherror.txt, xrefs: 6CF624D9
crasherror-, xrefs: 6CF62453

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Current$CountDeallocateH_prolog3_H_prolog3_catch_PathProcessTempThreadTick
String ID: %u-%u-%u-%u$.txt$ISL-Light-Client/4.4.2332.44 (Win; x86)$agent:$crasherror-$crasherror.txt$ex:ea:$fn:$gwi:$id:$ts:
API String ID: 1438248007-4069373923
Opcode ID: f560a9b77cb6fd57884a060fb0f174fe7a0993f7a9eb583745c4f77106ebd8ab
Instruction ID: ff4e0f1809e5969177052818b227c897c2e274bbe3f48d50c66da785b2463de4
Opcode Fuzzy Hash: f560a9b77cb6fd57884a060fb0f174fe7a0993f7a9eb583745c4f77106ebd8ab
Instruction Fuzzy Hash: 07122B31A0025C9EEB24DFA4C894FDDB778BF15308F6442DAE04967A91DF316A89CF61

Function 6CF2C5BB Relevance: 26.7, APIs: 2, Strings: 13, Instructions: 486COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF2C5C5
GetUserDefaultLCID.KERNEL32 ref: 6CF2C5EE

Part of subcall function 6CDDE51E: __EH_prolog3_GS.LIBCMT ref: 6CDDE525

Part of subcall function 6CDD7025: __EH_prolog3_GS.LIBCMT ref: 6CDD702C

Part of subcall function 6CDE20BC: __EH_prolog3_GS.LIBCMT ref: 6CDE20C3

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Part of subcall function 6CDC358D: __EH_prolog3_GS.LIBCMT ref: 6CDC3594

Strings

GetUserDefaultLCID(), xrefs: 6CF2C622
%5% = 0x%1%, langid = 0x%2%, primary = 0x%3%, sub = 0x%4%, xrefs: 6CF2C65F
", xrefs: 6CF2C816
/, xrefs: 6CF2C822
... no match, using default: %1%, xrefs: 6CF2CBAD
... ok, match found: %1%, xrefs: 6CF2C9C2
matching language from list: [%1%], xrefs: 6CF2C81D
/, xrefs: 6CF2CBB2
MATCH_WIN, xrefs: 6CF2C775, 6CF2C918
system locale (win), xrefs: 6CF2C5DD
... invalid match spec: %1%, xrefs: 6CF2CA97
, xrefs: 6CF2CBA6
"/, xrefs: 6CF2C946, 6CF2CB21, 6CF2CAB4

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$DeallocateDefaultUser
String ID: "/$ $"$%5% = 0x%1%, langid = 0x%2%, primary = 0x%3%, sub = 0x%4%$... invalid match spec: %1%$... no match, using default: %1%$... ok, match found: %1%$/$/$GetUserDefaultLCID()$MATCH_WIN$matching language from list: [%1%]$system locale (win)
API String ID: 344789144-3225570796
Opcode ID: 93207504103240ead866cb5f45d8cff53f017ebda8d4912764fb30e003f41fc4
Instruction ID: 33bd76ef6ff4dd30e6e2dcb2fed54902969d68db8836656720916e7b2af9d26b
Opcode Fuzzy Hash: 93207504103240ead866cb5f45d8cff53f017ebda8d4912764fb30e003f41fc4
Instruction Fuzzy Hash: D3123D71E05258DFEF14DFA4D880BDEBBB5AF09304F14409AD049AB791DB749A88CF62

Function 6CF629E0 Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 190libraryfileloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(DBGHELP.DLL), ref: 6CF629FE
GetProcAddress.KERNEL32(00000000,MiniDumpWriteDump), ref: 6CF62A12
GetCurrentProcessId.KERNEL32 ref: 6CF62A6C
GetModuleFileNameA.KERNEL32(00000000,-00100448,00000104), ref: 6CF62ACE
CreateFileA.KERNEL32(-00100650,C0000000,00000001,00000000,00000002,80000080,00000000), ref: 6CF62B3F
GetCurrentThreadId.KERNEL32 ref: 6CF62B58
GetCurrentProcessId.KERNEL32(00000000,00000050,-00100664,00000000,6CF6298C), ref: 6CF62BE3
GetCurrentProcess.KERNEL32(00000000), ref: 6CF62BEA
CloseHandle.KERNEL32(00000000), ref: 6CF62BF8

Strings

ISLM, xrefs: 6CF62A44
MiniDumpWriteDump, xrefs: 6CF62A0C
i, xrefs: 6CF62A57
dmp, xrefs: 6CF62A3D
DBGHELP.DLL, xrefs: 6CF629F3
in, xrefs: 6CF62A4E

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Current$Process$File$AddressCloseCreateHandleLibraryLoadModuleNameProcThread
String ID: DBGHELP.DLL$ISLM$MiniDumpWriteDump$dmp$i$in
API String ID: 83795848-489573870
Opcode ID: e686dc1b875ae10f0590e99ed2e402c7372301267dc782b324d31d6cb7c1c5a9
Instruction ID: a7bcb1b51049280d99a8d88465e6d152cc5060f4464efbe474c27bbf6e77ba4c
Opcode Fuzzy Hash: e686dc1b875ae10f0590e99ed2e402c7372301267dc782b324d31d6cb7c1c5a9
Instruction Fuzzy Hash: 116129719002599FEB258F6A8C4CBDEBBBCEF46308F1441E9D845E7980D7B59B84CB60

Function 6CF1A4D3 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 157libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF96B54: GetModuleFileNameW.KERNEL32(?,?,00001861,6D032B78,?,?,6CF1A507,00000800,02940000), ref: 6CF96B7D

GetTempPathA.KERNEL32(00001000,?,48566DFF,6D032B78,?,00000000,00000000,6CFD4B70,000000FF,?,?,6CFF38D8,00000800,02940000), ref: 6CF1A5BD
GetTempFileNameA.KERNEL32(?,rm_,00000000,?,?,?,6CFF38D8,00000800,02940000), ref: 6CF1A5D8
LoadLibraryA.KERNEL32(Kernel32.dll,?,?,6CFF38D8,00000800,02940000), ref: 6CF1A5EB
GetProcAddress.KERNEL32(00000000,MoveFileExA), ref: 6CF1A5FB

Strings

\WININIT.INI, xrefs: 6CF1A656
MoveFileExA, xrefs: 6CF1A5F5
NUL, xrefs: 6CF1A681
Rename, xrefs: 6CF1A67B, 6CF1A686, 6CF1A6A5
Kernel32.dll, xrefs: 6CF1A5E6
rm_, xrefs: 6CF1A5CC

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: FileNameTemp$AddressLibraryLoadModulePathProc
String ID: Kernel32.dll$MoveFileExA$NUL$Rename$\WININIT.INI$rm_
API String ID: 1639837710-1494580632
Opcode ID: ade3c1719a081c1e166880501a2bcfa973a2a4a0c58209b9adcc498ad35bfe03
Instruction ID: 52d9a03f9392e69b7503952b2b18ba48ca764a27694f9b7af3e5cde023d43cfa
Opcode Fuzzy Hash: ade3c1719a081c1e166880501a2bcfa973a2a4a0c58209b9adcc498ad35bfe03
Instruction Fuzzy Hash: B6517071A01218ABDB25DF64CC54FEEB7BCFB04714F1044A9A955E3690DB34AB48CBA0

Function 6CF1D487 Relevance: 22.8, APIs: 7, Strings: 6, Instructions: 67libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CF1D48E
LoadLibraryA.KERNEL32(kernel32.dll,00000048,6CDC17C6,?,00000001), ref: 6CF1D4A9
GetProcAddress.KERNEL32(00000000,InitializeSRWLock), ref: 6CF1D4C5
GetProcAddress.KERNEL32(00000000,AcquireSRWLockExclusive), ref: 6CF1D4D2
GetProcAddress.KERNEL32(00000000,AcquireSRWLockShared), ref: 6CF1D4DF
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockExclusive), ref: 6CF1D4EC
GetProcAddress.KERNEL32(00000000,ReleaseSRWLockShared), ref: 6CF1D4F9

Strings

AcquireSRWLockShared, xrefs: 6CF1D4D4
kernel32.dll, xrefs: 6CF1D4A4
ReleaseSRWLockShared, xrefs: 6CF1D4EE
InitializeSRWLock, xrefs: 6CF1D4BF
AcquireSRWLockExclusive, xrefs: 6CF1D4C7
ReleaseSRWLockExclusive, xrefs: 6CF1D4E1

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressProc$H_prolog3_catch_LibraryLoad
String ID: AcquireSRWLockExclusive$AcquireSRWLockShared$InitializeSRWLock$ReleaseSRWLockExclusive$ReleaseSRWLockShared$kernel32.dll
API String ID: 971969046-2154951675
Opcode ID: bac5cc82a1a654fdcd1f965d47fea6f41d37e2d275d28a5662018ca5b1e152ff
Instruction ID: fba3d37e2c5c32c86be8b246f36c674d69b013ebe08dd19d90efba8dc3814a09
Opcode Fuzzy Hash: bac5cc82a1a654fdcd1f965d47fea6f41d37e2d275d28a5662018ca5b1e152ff
Instruction Fuzzy Hash: 51116675807208FAEF11AFA5CB08F997F749B46719F20441AD00057D90D7B89E99CF62

Function 6CF11D1D Relevance: 21.2, APIs: 3, Strings: 9, Instructions: 162networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF11D24
htons.WS2_32(?), ref: 6CF11E1C
htons.WS2_32(?), ref: 6CF11F0D

Part of subcall function 6CDDE51E: __EH_prolog3_GS.LIBCMT ref: 6CDDE525

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Strings

{ss_family=, xrefs: 6CF11D49
,sin6_scope_id=, xrefs: 6CF11E90
,sin_port=, xrefs: 6CF11EFC
,sin_addr=, xrefs: 6CF11EC7
AF_INET, xrefs: 6CF11DAD
,sin6_port=, xrefs: 6CF11E0B
,sin6_addr=, xrefs: 6CF11DD6
,sin6_flowinfo=, xrefs: 6CF11E4F
AF_INET6, xrefs: 6CF11DA4

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_htons$Deallocate
String ID: ,sin6_addr=$,sin6_flowinfo=$,sin6_port=$,sin6_scope_id=$,sin_addr=$,sin_port=$AF_INET$AF_INET6${ss_family=
API String ID: 4034282151-3854730482
Opcode ID: 3e6a1675c54d0ca9c06cc63b45091c33cc8de766b7c5093f6992041a97213c80
Instruction ID: a26549a2ee818f1d33a4e1c5403b0925291dde82edd283c712569c40fe5bca62
Opcode Fuzzy Hash: 3e6a1675c54d0ca9c06cc63b45091c33cc8de766b7c5093f6992041a97213c80
Instruction Fuzzy Hash: 66519070A01209AADF14EFA4C854BECB6BAAF64308F445448E04577FA0DB749A4D9772

Function 6CE02FB8 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 6CE02FFC

Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04A6F
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04A81
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04A93
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04AA5
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04AB7
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04AC9
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04ADB
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04AED
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04AFF
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04B11
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04B23
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04B35
Part of subcall function 6CE04A52: _free.LIBCMT ref: 6CE04B47

_free.LIBCMT ref: 6CE02FF1

Part of subcall function 6CDFCB95: RtlFreeHeap.NTDLL(00000000,00000000,?,6CDFC6E5), ref: 6CDFCBAB
Part of subcall function 6CDFCB95: GetLastError.KERNEL32(?,?,6CDFC6E5), ref: 6CDFCBBD

_free.LIBCMT ref: 6CE03013
_free.LIBCMT ref: 6CE03028
_free.LIBCMT ref: 6CE03033
_free.LIBCMT ref: 6CE03055
_free.LIBCMT ref: 6CE03068
_free.LIBCMT ref: 6CE03076
_free.LIBCMT ref: 6CE03081
_free.LIBCMT ref: 6CE030B9
_free.LIBCMT ref: 6CE030C0
_free.LIBCMT ref: 6CE030DD
_free.LIBCMT ref: 6CE030F5

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: c0b2d25b8db91b56f64d9eb5d88cd048052076b312cd6f060ccde27249099a6c
Instruction ID: 6e2815eb461e280756e4ccdbbc2eb660a4a59c788637bba453b0db9011541451
Opcode Fuzzy Hash: c0b2d25b8db91b56f64d9eb5d88cd048052076b312cd6f060ccde27249099a6c
Instruction Fuzzy Hash: C2318D31B05B009EE7215B35D844F96B3F9BB4035CF25451AE0A99BA60DB71A8698B60

Function 6CF1E2C9 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 184COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CF1E2D0
setsockopt.WS2_32(?,0000FFFF,00000080,?,00000004), ref: 6CF1E320
getsockopt.WS2_32(?,0000FFFF,00000080,?,?), ref: 6CF1E336
setsockopt.WS2_32(?,0000FFFF,00000008,00000000,00000004), ref: 6CF1E402
getsockopt.WS2_32(?,0000FFFF,00000008,00000000,?), ref: 6CF1E419
closesocket.WS2_32(?), ref: 6CF1E4C7

Strings

socket, xrefs: 6CF1E352, 6CF1E42E
failed to disable SO_LINGER for socket %1%, xrefs: 6CF1E381
-, xrefs: 6CF1E456
/, xrefs: 6CF1E462
failed to disable SO_KEEPALIVE for socket %1%, xrefs: 6CF1E45D

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: getsockoptsetsockopt$H_prolog3_catch_closesocket
String ID: -$/$failed to disable SO_KEEPALIVE for socket %1%$failed to disable SO_LINGER for socket %1%$socket
API String ID: 3984799859-3039269672
Opcode ID: eee5ffb1a7f7be85a85cf9b56830494497b44ef634209219a4a54c364966046b
Instruction ID: e5d1ae17fe95455e550b5d723d3518fe8be73810d038ecb9e38cbd8faa03110a
Opcode Fuzzy Hash: eee5ffb1a7f7be85a85cf9b56830494497b44ef634209219a4a54c364966046b
Instruction Fuzzy Hash: E5716E71D05249AFEF14DFA4D885BEEBBB8EF08304F20412AE514EB690DB759549CB50

Function 6CE8E0CE Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 55libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6CF05DF8: LoadLibraryA.KERNEL32(shcore.dll,SetProcessDpiAwareness,6CE8E0D3,6CE5B5C7,00000330,6CE5B0DE,?,00000000), ref: 6CF05E0B
Part of subcall function 6CF05DF8: GetProcAddress.KERNEL32(00000000), ref: 6CF05E12

GetModuleHandleA.KERNEL32(user32,SetThreadDpiAwarenessContext,6CE5B5C7,00000330,6CE5B0DE,?,00000000), ref: 6CE8E0DD
GetProcAddress.KERNEL32(00000000), ref: 6CE8E0E4

Part of subcall function 6CF4185A: GetModuleHandleA.KERNEL32(ntdll.dll,?,?,ntdll.dll,?,6CF1BAF7,?,?,6CE5CE45,00000038), ref: 6CF74A1E
Part of subcall function 6CF4185A: LoadLibraryA.KERNEL32(ntdll.dll,?,?,ntdll.dll,?,6CF1BAF7,?,?,6CE5CE45,00000038), ref: 6CF74A29
Part of subcall function 6CF4185A: GetProcAddress.KERNEL32(00000000,LdrLoadDll), ref: 6CF74A35

Strings

User32.dll, xrefs: 6CE8E0F8
DialogBoxParamA, xrefs: 6CE8E109
CreateDialogIndirectParamW, xrefs: 6CE8E12E
user32, xrefs: 6CE8E0D8
CreateDialogParamA, xrefs: 6CE8E19D
CreateDialogIndirectParamA, xrefs: 6CE8E153
DialogBoxParamW, xrefs: 6CE8E0FD
SetThreadDpiAwarenessContext, xrefs: 6CE8E0D3
CreateDialogParamW, xrefs: 6CE8E178

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressProc$HandleLibraryLoadModule
String ID: CreateDialogIndirectParamA$CreateDialogIndirectParamW$CreateDialogParamA$CreateDialogParamW$DialogBoxParamA$DialogBoxParamW$SetThreadDpiAwarenessContext$User32.dll$user32
API String ID: 384173800-3095840494
Opcode ID: 0f5f1b7901707c44aac5768cd6639f2b1743a96cc502750a8bcb75fb508ba433
Instruction ID: 81bb1c5e609f11872f8326f1a398568d3e2f2f780279a270e39cc10931d88cad
Opcode Fuzzy Hash: 0f5f1b7901707c44aac5768cd6639f2b1743a96cc502750a8bcb75fb508ba433
Instruction Fuzzy Hash: B1212EB5A03651CBAF00AF69D356F993E71E746684310C16AC418DBB60CB30D5B68FA7

Function 6CDFD458 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 6CDFD46E

Part of subcall function 6CDFCB95: RtlFreeHeap.NTDLL(00000000,00000000,?,6CDFC6E5), ref: 6CDFCBAB
Part of subcall function 6CDFCB95: GetLastError.KERNEL32(?,?,6CDFC6E5), ref: 6CDFCBBD

_free.LIBCMT ref: 6CDFD47A
_free.LIBCMT ref: 6CDFD485
_free.LIBCMT ref: 6CDFD490
_free.LIBCMT ref: 6CDFD49B
_free.LIBCMT ref: 6CDFD4A6
_free.LIBCMT ref: 6CDFD4B1
_free.LIBCMT ref: 6CDFD4BC
_free.LIBCMT ref: 6CDFD4C7
_free.LIBCMT ref: 6CDFD4D5

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: a3649e465fc8480af389641635568f202d7048f51251e86634a128671ca3d3fb
Instruction ID: 4d5575aab2e4fd6f0a551d87c1688b43c11259cad779910aba82c32f0428f436
Opcode Fuzzy Hash: a3649e465fc8480af389641635568f202d7048f51251e86634a128671ca3d3fb
Instruction Fuzzy Hash: 6C21CD7A944108AFCB51EF94C880DEE7BB5BF48248F014565F5259FA30DB31D659CB90

Function 6CE0A643 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,6CE09FAF), ref: 6CE0A65C

Strings

pow, xrefs: 6CE0A6FA, 6CE0A7A4, 6CE0A7F1
log, xrefs: 6CE0A6B9, 6CE0A6C8
exp, xrefs: 6CE0A6DB, 6CE0A740
sqrt, xrefs: 6CE0A79B
asin, xrefs: 6CE0A789
acos, xrefs: 6CE0A792
log10, xrefs: 6CE0A69E, 6CE0A6AD

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 3014649570ea2c372a59085de84ef63fb8e6c4b97dd4d552174d9d53d0222466
Instruction ID: 1f65c0f6001d067029f607e1e0940ae62144fd6f22c9e610b1da87658b3b92e1
Opcode Fuzzy Hash: 3014649570ea2c372a59085de84ef63fb8e6c4b97dd4d552174d9d53d0222466
Instruction Fuzzy Hash: 1E519C75A8060EDBCF009F68E8497AD7B70FB96309F658185E490A7B64C7348A33CB90

Function 6CF18A13 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 134libraryCOMMON

Download Yara Rule

APIs

__EH_prolog3_catch.LIBCMT ref: 6CF18A1A
LoadLibraryA.KERNEL32(kernel32.dll,0000000C,6CF1861C,00000068,6CDC1804,?,00000001), ref: 6CF18A36

Part of subcall function 6CDDA6E5: __EH_prolog3_GS.LIBCMT ref: 6CDDA6EC
Part of subcall function 6CDDA6E5: GetProcAddress.KERNEL32(?,?), ref: 6CDDA704

Part of subcall function 6CDDA6E5: __EH_prolog3_GS.LIBCMT ref: 6CDDA73F
Part of subcall function 6CDDA6E5: GetProcAddress.KERNEL32(?,?), ref: 6CDDA755

Part of subcall function 6CDE090E: __EH_prolog3_GS.LIBCMT ref: 6CDE0915
Part of subcall function 6CDE090E: GetProcAddress.KERNEL32(?,?), ref: 6CDE092B

Strings

K32GetProcessMemoryInfo, xrefs: 6CF18B00
GetProcessTimes, xrefs: 6CF18A56
kernel32.dll, xrefs: 6CF18A2E
GetThreadTimes, xrefs: 6CF18A95
K32EnumPageFilesW, xrefs: 6CF18BC6
K32GetPerformanceInfo, xrefs: 6CF18B68

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressH_prolog3_Proc$H_prolog3_catchLibraryLoad
String ID: GetProcessTimes$GetThreadTimes$K32EnumPageFilesW$K32GetPerformanceInfo$K32GetProcessMemoryInfo$kernel32.dll
API String ID: 210343218-3805741676
Opcode ID: 254eb72c528775ecbab6ed2e72a0a65ef4544a54d23723ac33d12c2328d67be9
Instruction ID: 0d6284c87fb5fdb87d25be1873d15685e75b12e33a1a3a34a851fd8814a8bff9
Opcode Fuzzy Hash: 254eb72c528775ecbab6ed2e72a0a65ef4544a54d23723ac33d12c2328d67be9
Instruction Fuzzy Hash: AC51C1B1D05744CFDB20EF68C50579ABEF1AB46708F65015DD4081BB82C7B19A49CBE2

Function 6CF4185A Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 77libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(ntdll.dll,?,?,ntdll.dll,?,6CF1BAF7,?,?,6CE5CE45,00000038), ref: 6CF74520
LoadLibraryA.KERNEL32(ntdll.dll,?,?,ntdll.dll,?,6CF1BAF7,?,?,6CE5CE45,00000038), ref: 6CF7452B
GetProcAddress.KERNEL32(00000000,LdrLoadDll), ref: 6CF74537
GetModuleHandleA.KERNEL32(ntdll.dll,?,?,ntdll.dll,?,6CF1BAF7,?,?,6CE5CE45,00000038), ref: 6CF74A1E
LoadLibraryA.KERNEL32(ntdll.dll,?,?,ntdll.dll,?,6CF1BAF7,?,?,6CE5CE45,00000038), ref: 6CF74A29
GetProcAddress.KERNEL32(00000000,LdrLoadDll), ref: 6CF74A35

Strings

LdrLoadDll, xrefs: 6CF74535, 6CF74A33
ntdll.dll, xrefs: 6CF74518, 6CF7451F, 6CF7452A, 6CF74A16, 6CF74A1D, 6CF74A28

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressHandleLibraryLoadModuleProc
String ID: LdrLoadDll$ntdll.dll
API String ID: 310444273-2564759627
Opcode ID: 0a08b6f962c65172f691d557ee5cfa28a9ed7d49e6a1cfa3dd7f4d0792e95888
Instruction ID: 769646db1a0aab621c92a36190704907f45896d59bf86b532d5a7be84869b8f1
Opcode Fuzzy Hash: 0a08b6f962c65172f691d557ee5cfa28a9ed7d49e6a1cfa3dd7f4d0792e95888
Instruction Fuzzy Hash: 8A115E31604215A76F249B6EBE08E9FBFBC9EC7798315007AE801E3500EB60DA019D74

Function 6CF4AA6C Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 423registryCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(80000001,00000000,00000000,00000000,00000000,0002001F,00000000,?,00000000,00000000,00000000,?), ref: 6CF4AB60
RegQueryValueExA.ADVAPI32(?,00000000,00000000,?), ref: 6CF4ABBB

Part of subcall function 6CDE62FE: __EH_prolog3_GS.LIBCMT ref: 6CDE6305

RegCloseKey.ADVAPI32(?,?,00000001,?,?,?,?,?), ref: 6CF4AF6E

Strings

saving additional [%1%], xrefs: 6CF4AE55
saved additional is newer: [%1%:%2%/%3%], my age = %4%, xrefs: 6CF4AC82
?, xrefs: 6CF4AC87
6, xrefs: 6CF4AC7B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CloseCreateH_prolog3_QueryValue
String ID: 6$?$saved additional is newer: [%1%:%2%/%3%], my age = %4%$saving additional [%1%]
API String ID: 2383818969-1590964199
Opcode ID: b3c263f72c64733bb7e8e188c0206a4be13b234421b4db0440854b516cf51711
Instruction ID: 470162c81039df674f0860f627706d08fc00e1ad237e0c206d4ad545084e23a6
Opcode Fuzzy Hash: b3c263f72c64733bb7e8e188c0206a4be13b234421b4db0440854b516cf51711
Instruction Fuzzy Hash: 40022E71D0435CDFEB15CFA4D884BDEBBB9EB08314F1041AAE019A7642DB719A89CF61

Function 6CF202B0 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 349COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF202BA

Strings

age, xrefs: 6CF2051A
small_info.gzt, xrefs: 6CF2035D
size, xrefs: 6CF204A7
file, xrefs: 6CF203A9
error_reporting, xrefs: 6CF202E5
total %1% to report of size %2%, xrefs: 6CF205F5

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: age$error_reporting$file$size$small_info.gzt$total %1% to report of size %2%
API String ID: 2427045233-3602459888
Opcode ID: a30d0f7deb633feee05225514c713e046782545f339aa68eb7905e3b878374b1
Instruction ID: b95be71f29d8f37acbb542c103d745ce26fce27c18fd4928481291c0b5ef4c87
Opcode Fuzzy Hash: a30d0f7deb633feee05225514c713e046782545f339aa68eb7905e3b878374b1
Instruction Fuzzy Hash: A6D10A72D01258DFDB14CFE8D891ADDBBB8FF18314F20415AE019EB691EB749A49CB60

Function 6CF1E5E9 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 106COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000006,00000001,00000004,00000004), ref: 6CF1E60F
setsockopt.WS2_32(?,0000FFFF,00001001,00000004,00000004), ref: 6CF1E677

Strings

setsockopt(TCP_NODELAY), xrefs: 6CF1E628
\trace.out, xrefs: 6CF1E6CA
set_nodelay, xrefs: 6CF1E62D
setsockopt(SO_SNDBUF), xrefs: 6CF1E690
set_sndbuf, xrefs: 6CF1E695

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: setsockopt
String ID: \trace.out$set_nodelay$set_sndbuf$setsockopt(SO_SNDBUF)$setsockopt(TCP_NODELAY)
API String ID: 3981526788-891839593
Opcode ID: 8b35478662c154ef7aaeb9c02810d39b73e8b0d47178c974cf73a925edfb21ec
Instruction ID: d47052172bebff0172950493756fe804cbaad2c95d9775e1638e4b6561e61d56
Opcode Fuzzy Hash: 8b35478662c154ef7aaeb9c02810d39b73e8b0d47178c974cf73a925edfb21ec
Instruction Fuzzy Hash: 8031C3B1608304ABD714DF64D805BAFB7F8EB49714F408A2DA85597F90EB34ED08CB92

Function 6CF1E948 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 94COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF1E94F

Part of subcall function 6CDCAE3A: __EH_prolog3_GS.LIBCMT ref: 6CDCAE41

GetCurrentProcessId.KERNEL32(?,?), ref: 6CF1EA03
OpenEventA.KERNEL32(00000002,00000000,00000000), ref: 6CF1EA1F
SetEvent.KERNEL32(00000000), ref: 6CF1EA34
CloseHandle.KERNEL32(00000000), ref: 6CF1EA43

Strings

ctrl_handler %1%, xrefs: 6CF1E984
ctrl_handler, xrefs: 6CF1E956

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: EventH_prolog3_$CloseCurrentHandleOpenProcess
String ID: ctrl_handler$ctrl_handler %1%
API String ID: 1353303950-1805094094
Opcode ID: a4eb9848414c526b0b96a857f51498470e9d4b75491b0ba2435cce1ef1e2aec7
Instruction ID: 6141e8accb39fc0b0244d726e5571d7a217cb23e95c3981996ad2a443feeeefc
Opcode Fuzzy Hash: a4eb9848414c526b0b96a857f51498470e9d4b75491b0ba2435cce1ef1e2aec7
Instruction Fuzzy Hash: FC319372905249DFDB05CFE8C589ADEBBB8FF05304F240529E501EBA90DB31DA49CBA1

Function 6CDE0CA6 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 31libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CDE0CAD
InitializeCriticalSection.KERNEL32(?,00000004,6CF1D26E,00000004,6CDC17D0,?,00000001), ref: 6CDE0CB8
LoadLibraryA.KERNEL32(Kernel32.dll,GetTickCount64,?,00000004,6CF1D26E,00000004,6CDC17D0,?,00000001), ref: 6CDE0CDD
GetProcAddress.KERNEL32(00000000), ref: 6CDE0CE4
GetTickCount.KERNEL32 ref: 6CDE0CFB

Strings

Kernel32.dll, xrefs: 6CDE0CC8
GetTickCount64, xrefs: 6CDE0CC3

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressCountCriticalH_prolog3InitializeLibraryLoadProcSectionTick
String ID: GetTickCount64$Kernel32.dll
API String ID: 781753304-784327107
Opcode ID: d1c9eac9daa241ab1405b7b15e14a18fc487a20e203c833a835801922a974a22
Instruction ID: 5d0a3183ee91a5e33c0e42c3b5210b5a5f19c25820af9fae82ff4aa889ca95ba
Opcode Fuzzy Hash: d1c9eac9daa241ab1405b7b15e14a18fc487a20e203c833a835801922a974a22
Instruction Fuzzy Hash: 9DF037B0801B018FDB618FB98A0874ABAF0BF49300760092EE98AC7A10EB30F140CB65

Function 6CE5E403 Relevance: 11.0, APIs: 3, Strings: 3, Instructions: 493COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CE5E40D
AcquireSRWLockShared.KERNEL32(00000004), ref: 6CE5E446

Part of subcall function 6CF29101: __EH_prolog3_GS.LIBCMT ref: 6CF29108

Part of subcall function 6CF1D3B5: ReleaseSRWLockShared.KERNEL32(?,48566DFF,?,00000004,00000000,?,00000000,6CFD529E,000000FF,?,6CE5E46A,6CD7AD8C), ref: 6CF1D3E4

AcquireSRWLockExclusive.KERNEL32(00000004,6CD7AD8C), ref: 6CE5E471

Strings

ISL Light, xrefs: 6CE5E89F
change, xrefs: 6CE5E77A, 6CE5E861
light, xrefs: 6CE5E796, 6CE5E880

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Lock$AcquireH_prolog3_Shared$ExclusiveRelease
String ID: ISL Light$change$light
API String ID: 4191190574-2559248181
Opcode ID: 2bfc51d03d9082df967b9af73fe04e186dd5dbf2393ba9fbc757652d7091241b
Instruction ID: ec096503a6073dacdc89234c7ce31bf2be7571940d0ce85d09671f411b3ef212
Opcode Fuzzy Hash: 2bfc51d03d9082df967b9af73fe04e186dd5dbf2393ba9fbc757652d7091241b
Instruction Fuzzy Hash: 18124971D057189FDB14CFA8C990AEDB7B9FF18304F60405EE019AB791DB34AA49CBA1

Function 6CDEF672 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE

Download Yara Rule

APIs

__RTC_Initialize.LIBCMT ref: 6CDEF6B9
___scrt_uninitialize_crt.LIBCMT ref: 6CDEF6D3

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: 91e6972d298259efeb4d304f0b3ea8b4e00fcee7005bca1ca01766902e2990fd
Instruction ID: 7f97aeb7dc37a6732011c79927800e4bd57fd5a2ef4bdbdb8203a59fa48968a6
Opcode Fuzzy Hash: 91e6972d298259efeb4d304f0b3ea8b4e00fcee7005bca1ca01766902e2990fd
Instruction Fuzzy Hash: 6441F672D00254EBDB20AF9AEC40BDE7BB5EB89758F118219E81467B70D7705D068BF0

Function 6CDF0C10 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 6CDF0C47
___except_validate_context_record.LIBVCRUNTIME ref: 6CDF0C4F
_ValidateLocalCookies.LIBCMT ref: 6CDF0CD8
__IsNonwritableInCurrentImage.LIBCMT ref: 6CDF0D03
_ValidateLocalCookies.LIBCMT ref: 6CDF0D58

Strings

csm, xrefs: 6CDF0CED

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: c0ace4d388000247411098e6770cc72c07bc54c82e1cea034b64df0bdcfa6fe2
Instruction ID: bc9782e764e03e9b16b11c088c6c1a8240c9e8b1fca9a06d35d2c526211ba11e
Opcode Fuzzy Hash: c0ace4d388000247411098e6770cc72c07bc54c82e1cea034b64df0bdcfa6fe2
Instruction Fuzzy Hash: 6241D234A00249DBCF00CF68C890BAEBBB5BF4535CF128155EC285B761D731E916CBA0

Function 6CF1BE1F Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 82threadCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF1BE29
GetCurrentThreadId.KERNEL32 ref: 6CF1BE7A
GetCurrentProcessId.KERNEL32(00000000,?,?,00000008,6CF1D121,?,00000040,6CDC1345,00000000,?,?,?,6CDDEA0F,?,00000000,00000000), ref: 6CF1BE81
GetCurrentProcessId.KERNEL32(00000120,6CF1BC16,?,?,00000008,6CF1D121,?,00000040,6CDC1345,00000000,?,?,?,6CDDEA0F,?,00000000), ref: 6CF1BE9E

Strings

[%lu] , xrefs: 6CF1BEAB
[%lu:%lu] , xrefs: 6CF1BE8E

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Current$Process$H_prolog3_Thread
String ID: [%lu:%lu] $[%lu]
API String ID: 3098960047-4232676289
Opcode ID: ed6ac638e6217219b216c5df59101bc08e42ebd342d1480b29d9b02e7648da62
Instruction ID: 0e97810880da711eb8fc3e786a4fca1e328a9bbaaa397edeea56f3a2f530d13c
Opcode Fuzzy Hash: ed6ac638e6217219b216c5df59101bc08e42ebd342d1480b29d9b02e7648da62
Instruction Fuzzy Hash: 9F2159B2900208DFCB14DFB8C805AEE7BB8AB09314F10469DE24997B90CB305B49CFB1

Function 6CF0AEB5 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 60libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF0AEBF
GetModuleHandleW.KERNEL32(ntdll.dll), ref: 6CF0AEF7
GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 6CF0AF03
GetVersion.KERNEL32 ref: 6CF0AF3A

Strings

RtlGetVersion, xrefs: 6CF0AEFD
ntdll.dll, xrefs: 6CF0AEF2

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressH_prolog3_HandleModuleProcVersion
String ID: RtlGetVersion$ntdll.dll
API String ID: 3207696815-1489217083
Opcode ID: d5f8686cf2f6f59a8eb34b097b3e4e8b92a4a630f8ab7d58dfd0e27d7d69f0fb
Instruction ID: 5af5362fe3e75a7b12c6e30395d5a79ff3b75c2dfd3d75a62d03e4e9cdfe4ee1
Opcode Fuzzy Hash: d5f8686cf2f6f59a8eb34b097b3e4e8b92a4a630f8ab7d58dfd0e27d7d69f0fb
Instruction Fuzzy Hash: 66112371F0012447FB24977ACC187ED7BB49BC578AF5040A8F549E2A94DF788A89CB70

Function 6CF96733 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 46libraryloaderCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 6CF96738
LoadLibraryA.KERNEL32(kernel32.dll,?,?,0000000F,?,6CF40904), ref: 6CF9675C
GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 6CF96770
FreeLibrary.KERNEL32(00000000,?,?,0000000F,?,6CF40904), ref: 6CF96784

Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000), ref: 6CF97261
Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000,4004667F,?), ref: 6CF97287

Strings

SetDllDirectoryW, xrefs: 6CF96767
kernel32.dll, xrefs: 6CF96757

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharLibraryMultiWide$AddressFreeH_prologLoadProc
String ID: SetDllDirectoryW$kernel32.dll
API String ID: 3387785455-3826188083
Opcode ID: 1cba1a56df43178587eba71072590e47feba58a326fd7e847c63a5efa3d5af6f
Instruction ID: 1c1f5998985d296011336020e25980ceff722af36e18bd559d7f530db48a89b0
Opcode Fuzzy Hash: 1cba1a56df43178587eba71072590e47feba58a326fd7e847c63a5efa3d5af6f
Instruction Fuzzy Hash: 65F0C8757023126BFF545BB64F88F9F3ABCAFC5659710052AB915E3A00CF34D90585B1

Function 6CF1EFCF Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 23libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(ws2_32.dll,6D032B78,00000000,6CF1F022,?,?,6CDC17E4,?,00000001), ref: 6CF1EFD8
GetProcAddress.KERNEL32(00000000,WSAStringToAddressA), ref: 6CF1EFEA
GetProcAddress.KERNEL32(00000000,WSAAddressToStringA), ref: 6CF1EFF8

Strings

WSAAddressToStringA, xrefs: 6CF1EFF0
WSAStringToAddressA, xrefs: 6CF1EFE4
ws2_32.dll, xrefs: 6CF1EFD1

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: WSAAddressToStringA$WSAStringToAddressA$ws2_32.dll
API String ID: 2238633743-1477019475
Opcode ID: ab3a93713666079620820f3d2b26ea1ee47d1f2c4c7b338f3401da4a1aae5626
Instruction ID: 722968d489cb179216f54b096e795652a7019d1f7df3328e5c3c10bfaa92fc7a
Opcode Fuzzy Hash: ab3a93713666079620820f3d2b26ea1ee47d1f2c4c7b338f3401da4a1aae5626
Instruction Fuzzy Hash: 10E0ECB6301302AF9B415BB98E8CE067BB8ABDA2163200835B609C3A01DB39D8148B30

Function 6CE06E17 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000001,00000000), ref: 6CE06E5F
__fassign.LIBCMT ref: 6CE0703E
__fassign.LIBCMT ref: 6CE0705B
WriteFile.KERNEL32(?,6CE00D84,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CE070A3
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 6CE070E3
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 6CE0718F

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 32692ccb5c99b5c56db60637af3b3081775215aa0dc7254b31cd9b6f1d3a37bf
Instruction ID: 6a89883f6c8c09d84fbe732508830e68d6ed19e665a041bef74397b51d652864
Opcode Fuzzy Hash: 32692ccb5c99b5c56db60637af3b3081775215aa0dc7254b31cd9b6f1d3a37bf
Instruction Fuzzy Hash: 55D1AD72E012599FCB15CFA8C880AEDBBB5BF49308F244159E855FB342D731A956CB90

Function 6CF28715 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 339COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF2871F

Strings

gui, xrefs: 6CF287BB
html, xrefs: 6CF2883A
txt, xrefs: 6CF28762
htmlattr, xrefs: 6CF28743

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: gui$html$htmlattr$txt
API String ID: 2427045233-2631202592
Opcode ID: 9ff4dd82cd43ab70c735f44b5d864dbd239f941c8f3f29b1da837789751e3a7e
Instruction ID: 467adb938b305424860610760c18bc002620252c2ed25b1c37019a9ad7801872
Opcode Fuzzy Hash: 9ff4dd82cd43ab70c735f44b5d864dbd239f941c8f3f29b1da837789751e3a7e
Instruction Fuzzy Hash: 0AD11C72E012099FDB08CFE8C890BDDBBB9EF49318F24411AD415BB795DB34AA45CB61

Function 6CF24C44 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF24C4E
MultiByteToWideChar.KERNEL32(?,00000000,?,?,?,000000FF,00000270,/xstd/convert,6CD7A9C0,?,?,00000000,00000000,00000000,00000000), ref: 6CF24C87
MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,000000FF,00000270,/xstd/convert,6CD7A9C0,?,?,00000000), ref: 6CF24CBA
MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,?,?,?,00000000,00000000,?,?,?,000000FF,00000270,/xstd/convert), ref: 6CF24CFC

Strings

/xstd/convert, xrefs: 6CF24D1E, 6CF24D71

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharMultiWide$H_prolog3_
String ID: /xstd/convert
API String ID: 3181109106-793830411
Opcode ID: 4a480dd6e9e13acbd546c8a4d03f39c3dab48a8ca972a7af80655e5c02fe38ed
Instruction ID: 0baac8847042fb2316ec8199b655987a4957bd0f75d35060e256902a9772ad82
Opcode Fuzzy Hash: 4a480dd6e9e13acbd546c8a4d03f39c3dab48a8ca972a7af80655e5c02fe38ed
Instruction Fuzzy Hash: 1251F431A01214ABDF20CFA4CC48FEEBB7DEF85704F500599F41597AA0DBB49A49CBA1

Function 6CF24AF0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF24AFA
WideCharToMultiByte.KERNEL32(?,00000000,?,?,?,000000FF,00000000,00000000,00000170,6CD7AD6C,6CFF38D8), ref: 6CF24B36
WideCharToMultiByte.KERNEL32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,000000FF,00000000,00000000,00000170,6CD7AD6C), ref: 6CF24B6B
WideCharToMultiByte.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?), ref: 6CF24BA8

Strings

/xstd/convert, xrefs: 6CF24BCA, 6CF24C21

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharMultiWide$H_prolog3_
String ID: /xstd/convert
API String ID: 3181109106-793830411
Opcode ID: 6f11855f6fd18609012cd46585cb8828b6d6798b6e0883333861be30c01690c9
Instruction ID: f4de3c8135cf00650f1cdf03fd93a9e6d1ccbd4637a7f8946edd00fbab93530c
Opcode Fuzzy Hash: 6f11855f6fd18609012cd46585cb8828b6d6798b6e0883333861be30c01690c9
Instruction Fuzzy Hash: 98319070500208AFEB248F64CD44AEEBBBDEF85708F50449DF005A7A60DB74AE588FB1

Function 6CF1AFDF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 89COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF1AFE6

Part of subcall function 6CF96AAC: SetCurrentDirectoryW.KERNEL32(00000000,?,?,00001000,6CF1B01E,0000002C), ref: 6CF96ABD

__EH_prolog3_GS.LIBCMT ref: 6CF1B051

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Strings

DeleteFileU, xrefs: 6CF1B09F

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$CurrentDeallocateDirectory
String ID: DeleteFileU
API String ID: 3381099376-2336341942
Opcode ID: d0128afd710d14baaaf4a9a3357751c752a15c349ef2ffdbd7831b6d1f2ce7cc
Instruction ID: d3763b61413639aa09ee5a36fc2d15b0f4d496ac4e094aac0ebf3ccbccf41ab3
Opcode Fuzzy Hash: d0128afd710d14baaaf4a9a3357751c752a15c349ef2ffdbd7831b6d1f2ce7cc
Instruction Fuzzy Hash: 92317E71610208EFEF00DFA5D844FDD7BB8EF14254FA08429F91997A90EB35E649CBA0

Function 6CF22A63 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3.LIBCMT ref: 6CF22A6A

Part of subcall function 6CF22C3D: __EH_prolog3.LIBCMT ref: 6CF22C44

Strings

' (called in ', xrefs: 6CF22ACD
': , xrefs: 6CF22AFB
'): , xrefs: 6CF22AE4
Error from ', xrefs: 6CF22AA1

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3
String ID: ' (called in '$'): $': $Error from '
API String ID: 431132790-163095684
Opcode ID: e6ec743c50ef3a9a885a3dd08c84952bec89ce3bcc61f9618282b700666b06d8
Instruction ID: ce37f0a9ee577be92b6fb73f0bdb64734cec12ff0fe2ad9f257bdd5d50a31b20
Opcode Fuzzy Hash: e6ec743c50ef3a9a885a3dd08c84952bec89ce3bcc61f9618282b700666b06d8
Instruction Fuzzy Hash: 6C11D2303106009FDF08CFE8C4A8AAC77A1BF45718F50455DE5069FBA1CF7A8A098B85

Function 6CDF2C42 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,6CDF2D03,00000000,?,00000001,00000000,?,6CDF2D7A,00000001,FlsFree,6CD51F10,FlsFree,00000000), ref: 6CDF2CD2

Strings

api-ms-, xrefs: 6CDF2C92

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 46bc80ab438b543906a5659ed733e75f7b1f8905253a22b84a16ba52ece74cd6
Instruction ID: 2ea61f15ff9b7450cb2fffb3a83392539542ec46c0c63b4793946bcfd96e30e9
Opcode Fuzzy Hash: 46bc80ab438b543906a5659ed733e75f7b1f8905253a22b84a16ba52ece74cd6
Instruction Fuzzy Hash: 0011CA31A41665DBDB215B698C5CB4A37B4BF42778F270210ED74EB790D720FD428AE1

Function 6CF401B2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 50libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(ntdll.dll), ref: 6CF401CB
GetProcAddress.KERNEL32(00000000,RtlGetVersion), ref: 6CF401D7
GetVersionExW.KERNEL32(?), ref: 6CF40236

Strings

RtlGetVersion, xrefs: 6CF401D1
ntdll.dll, xrefs: 6CF401C6

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressHandleModuleProcVersion
String ID: RtlGetVersion$ntdll.dll
API String ID: 3310240892-1489217083
Opcode ID: d0936056f84080e588a267551ef71b6c8ab23d6e9548230c36dd1230ba0895a6
Instruction ID: 9198270c11f5ab0a292ad0ec78262a08922a1ae8feef561b3f154fb6c1f3fba9
Opcode Fuzzy Hash: d0936056f84080e588a267551ef71b6c8ab23d6e9548230c36dd1230ba0895a6
Instruction Fuzzy Hash: F411C270D0122D97EF249BA59D49BED77B4AB45704F5044D9E905E2180EB78DB88CAA0

Function 6CDFBE18 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,6CDFBDCA,?,?,6CDFBD92,?,00000001,?), ref: 6CDFBE2D
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 6CDFBE40
FreeLibrary.KERNEL32(00000000,?,?,6CDFBDCA,?,?,6CDFBD92,?,00000001,?), ref: 6CDFBE63

Strings

mscoree.dll, xrefs: 6CDFBE26
CorExitProcess, xrefs: 6CDFBE38

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 8792db76ffad8891bb12619d169fe56396e9b3f4e87400cecb53ee2e47a9c670
Instruction ID: 94599a815368e9455c47aabb7edc253885476b626dd5307d626e831f01dbf836
Opcode Fuzzy Hash: 8792db76ffad8891bb12619d169fe56396e9b3f4e87400cecb53ee2e47a9c670
Instruction Fuzzy Hash: 3CF01C35501219FBDF029B91CA0DFAE7BB9FB4175AF210060BA15E25A0CB34DA05DAA0

Function 6CF73E50 Relevance: 7.6, APIs: 5, Instructions: 128memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(00DC0000,00000109,00000020,00000005), ref: 6CF73F8E
VirtualProtect.KERNEL32(?,00000005,00000000,00000000), ref: 6CF73FBC
VirtualProtect.KERNEL32(?,00000005,00000000,00000000), ref: 6CF73FFB
GetCurrentProcess.KERNEL32(00000000,00000000), ref: 6CF74001
FlushInstructionCache.KERNEL32(00000000), ref: 6CF74008

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
String ID:
API String ID: 4115577372-0
Opcode ID: 56695346109502dd3268abb2951e3e60c85251cbabc9730910f5c0ef6303f34d
Instruction ID: b360be456c02d44b224ac269966c53a32886e2ed505322b1e832a94a92a388dd
Opcode Fuzzy Hash: 56695346109502dd3268abb2951e3e60c85251cbabc9730910f5c0ef6303f34d
Instruction Fuzzy Hash: 14418F31A00219ABCF25DF20DC45BD9FBB5EF48308F1081A6D51997744DB70AE99CFA1

Function 6CF747D0 Relevance: 7.6, APIs: 5, Instructions: 120memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(7FFF0000,?,00000020,7FFF0000,?,6D0418D0,6D0418E8,00000000,00000000), ref: 6CF74846
VirtualProtect.KERNEL32(00000000,00000000,00000000,00000000,?,6D0418D0,6D0418E8,00000000,00000000), ref: 6CF7487F
VirtualProtect.KERNEL32(00000000,00000000,00000000,00000000,?,6D0418D0,6D0418E8,00000000,00000000), ref: 6CF748F4
GetCurrentProcess.KERNEL32(00000000,00000000,?,6D0418D0,6D0418E8,00000000,00000000), ref: 6CF748FA
FlushInstructionCache.KERNEL32(00000000,?,6D0418D0,6D0418E8,00000000,00000000), ref: 6CF74901

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ProtectVirtual$CacheCurrentFlushInstructionProcess
String ID:
API String ID: 4115577372-0
Opcode ID: f1317d4134c0391a0618f7825f09aeb0d186a26de25328b23e173f9e1bae3c6a
Instruction ID: 2fa483c08145c69c79b68a348797a4e1d22b5764bd2311633d580fd8de092871
Opcode Fuzzy Hash: f1317d4134c0391a0618f7825f09aeb0d186a26de25328b23e173f9e1bae3c6a
Instruction Fuzzy Hash: D4418E72E0021DABCF21CFA8D840AEEBBBDBF45308F104166E910A7A50D731DA15CFA5

Function 6CDEF722 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

dllmain_raw.LIBCMT ref: 6CDEF75F
dllmain_crt_dispatch.LIBCMT ref: 6CDEF776
dllmain_raw.LIBCMT ref: 6CDEF7BE
dllmain_crt_dispatch.LIBCMT ref: 6CDEF7D1
dllmain_raw.LIBCMT ref: 6CDEF7E4

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: 5ed6eab909e70a7220b4fa3d04fb3b9e47cde33538ded6ffbd85e2ce58f8860c
Instruction ID: 3e83e330836644ed91164610b6868e1562c6eae0cff4f69a92481fdca6abe635
Opcode Fuzzy Hash: 5ed6eab909e70a7220b4fa3d04fb3b9e47cde33538ded6ffbd85e2ce58f8860c
Instruction Fuzzy Hash: 4A21E7B2D01515EBDB219F55EC80AAF7B79EB89B98F118115FC1457A70C3318D018BF0

Function 6CF7455B Relevance: 7.6, APIs: 5, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?,00000000,6D0418D0), ref: 6CF745B1
VirtualProtect.KERNEL32(?,?,?,?,?,00000000,6D0418D0), ref: 6CF745DB
GetCurrentProcess.KERNEL32(00000000,00000000,?,00000000,6D0418D0), ref: 6CF745E3
FlushInstructionCache.KERNEL32(00000000,?,00000000,6D0418D0), ref: 6CF745EA
VirtualFree.KERNEL32(00DC0000,00000000,00008000,00000000,6D0418D0), ref: 6CF74604

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Virtual$Protect$CacheCurrentFlushFreeInstructionProcess
String ID:
API String ID: 888189788-0
Opcode ID: be62bf0bd26122927b0967757f7b57fdec9e95bf439726ba59de409155b99c10
Instruction ID: f11ee59cdb5bb24eb9db52ad5766500972c83019cc3332affb42d8990b0acf61
Opcode Fuzzy Hash: be62bf0bd26122927b0967757f7b57fdec9e95bf439726ba59de409155b99c10
Instruction Fuzzy Hash: F4214F75801604EFCF228F95E904D9EFFB4FF85704720856FE96192920D731A604DF61

Function 6CF4F9E2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF4FA54
__aulldiv.LIBCMT ref: 6CF4FAB2
__aulldvrm.LIBCMT ref: 6CF4FAD7

Strings

1.2.8, xrefs: 6CF4FA0C

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3___aulldiv__aulldvrm
String ID: 1.2.8
API String ID: 2254777727-509886058
Opcode ID: 4c71dc626414e93a1030e296fedf0a183df6d225d9b0af15a2582bd6d5e2e8be
Instruction ID: b970eee4380d3b60d3e9694fa48059fefce64001735277f042745729bf49496f
Opcode Fuzzy Hash: 4c71dc626414e93a1030e296fedf0a183df6d225d9b0af15a2582bd6d5e2e8be
Instruction Fuzzy Hash: BF41C132A01218AFEB14DFA8CC44BDDBBB5EF48318F54402AF505A7790DB70AE0ACB51

Function 6CF3CEDD Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 138COMMON

Download Yara Rule

APIs

__EH_prolog3_catch_GS.LIBCMT ref: 6CF3CEE4

Part of subcall function 6CDD359B: __EH_prolog3.LIBCMT ref: 6CDD35A2
Part of subcall function 6CDD359B: EnterCriticalSection.KERNEL32(00F11AC0,00000008,6CF3CF00,?,0000004C,6CF647CC,?,?,?,00000030,6CF68CA7), ref: 6CDD35C0

Part of subcall function 6CDE4C8F: __EH_prolog3.LIBCMT ref: 6CDE4C96
Part of subcall function 6CDE4C8F: EnterCriticalSection.KERNEL32(00F11AC0,00000008,6CF3CF0F,?,?,0000004C,6CF647CC,?,?,?,00000030,6CF68CA7), ref: 6CDE4CB4

Part of subcall function 6CDE24A3: __EH_prolog3.LIBCMT ref: 6CDE24AA

EnterCriticalSection.KERNEL32(00F11AC0,?,?,0000004C,6CF647CC,?,?,?,00000030,6CF68CA7), ref: 6CF3CF47

Part of subcall function 6CDC3036: __EH_prolog3_GS.LIBCMT ref: 6CDC303D
Part of subcall function 6CDC3036: EnterCriticalSection.KERNEL32(00F11AC0,0000003C,6CDC699F,48566DFF,00000000,6CFB4513,000000FF,?,6CDC710B,6CDB1570,?,?,6CF24DBC,00000000,00000000), ref: 6CDC3054

Strings

MUXV, xrefs: 6CF3CF69
disconnect, xrefs: 6CF3CF80

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalEnterSection$H_prolog3$H_prolog3_H_prolog3_catch_
String ID: MUXV$disconnect
API String ID: 2199793347-397699876
Opcode ID: e224a3f2c435c73b24f81129d9c656475446a072d4c7a0514e177dfeeff59d07
Instruction ID: 53623840285764586760b9b528820a0145498208897d1fe1df9f61c32eebac44
Opcode Fuzzy Hash: e224a3f2c435c73b24f81129d9c656475446a072d4c7a0514e177dfeeff59d07
Instruction Fuzzy Hash: 65514C71D12258EFDB05DFA4C584BDDBBB4BF18308F10415AE405A7BA0DB74AA49CBA1

Function 6CF999B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 102COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF999B7
InitializeCriticalSection.KERNEL32(00000000,00000028,6CF99BF0,?,00000004,6CF9812E,ISL Light v3\flags,00000012,00000024,6CF97915,00000004,6CF97567,LdrLoadDll,6CF4186A), ref: 6CF999CE

Strings

development_mode, xrefs: 6CF99A82
exe, xrefs: 6CF99A50

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalH_prolog3_InitializeSection
String ID: development_mode$exe
API String ID: 135040229-4291802027
Opcode ID: 2f93dff332a02526f56fdc2e7c1f0cd5f6e494f6a2715c3f9945012a3f9e3978
Instruction ID: 112aea761afe7cc1f939be36f19df44ee58a58b790bf36e0757273a4187d8602
Opcode Fuzzy Hash: 2f93dff332a02526f56fdc2e7c1f0cd5f6e494f6a2715c3f9945012a3f9e3978
Instruction Fuzzy Hash: 1B4114B19056489FDB09DFA9D08169DBFF9EF49300F2081AAE8189F766D771CA05CF90

Function 6CDE9413 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 67COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CDE941A

Part of subcall function 6CDE9CC2: EnterCriticalSection.KERNEL32(00000020,?,?,6CDE9447,?,00000034,6CF64494,6CD8F8DC,00000002,00000000,6CD8F8DC,00000002,00000004,6CD8F8DC,0000FFFF), ref: 6CDE9CD3

Strings

/, xrefs: 6CDE9480
", xrefs: 6CDE9474
critical: socket ref count invalid, xrefs: 6CDE947B

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalEnterH_prolog3_Section
String ID: "$/$critical: socket ref count invalid
API String ID: 2596243218-1377333803
Opcode ID: 1c7b5200d59430500ef59ab41f1ed236f9c61b72536e08962029fe74f43883ce
Instruction ID: c2706c1cbb1899502f40eb7f10f61bc17268865f3d52297147ff9bf7feb790cf
Opcode Fuzzy Hash: 1c7b5200d59430500ef59ab41f1ed236f9c61b72536e08962029fe74f43883ce
Instruction Fuzzy Hash: 0E21C2B1D013089FDB05DFA4D491ADEBBB4EF08304F50412EE051ABB90DB74AA49CF54

Function 6CF64506 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF6450D
GetVersion.KERNEL32(?), ref: 6CF6455C

Strings

HEFAEXIT_, xrefs: 6CF64530
Global\, xrefs: 6CF64572

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_Version
String ID: Global\$HEFAEXIT_
API String ID: 3152847492-3094926270
Opcode ID: f66caa91aed128e8f63a212bfede6368981ba2e9aaa7d885f8644995c57c6d30
Instruction ID: 04eb92bf30b99f20ca561f0b692f0c351c9e9593daa9b7ad07a052dd595e1856
Opcode Fuzzy Hash: f66caa91aed128e8f63a212bfede6368981ba2e9aaa7d885f8644995c57c6d30
Instruction Fuzzy Hash: 6E017575A111089FDB04EBD4C894AECBFB9AF88314FA48019D402B7B94DF349A4DDF21

Function 6CDF0746 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

std::invalid_argument::invalid_argument.LIBCONCRT ref: 6CDF0752

Part of subcall function 6CDF06EC: std::exception::exception.LIBCONCRT ref: 6CDF06F9

Part of subcall function 6CDF158A: KiUserExceptionDispatcher.NTDLL(E06D7363,00000001,00000003,6CDC1249,?,?,?,6CDC1249,?,6CFF3920), ref: 6CDF15EA

Part of subcall function 6CDDC91C: InitializeCriticalSectionEx.KERNEL32(?,00000000,00000000,?,6CDF0795,?,?,6CFF301C,?), ref: 6CDDC922
Part of subcall function 6CDDC91C: GetLastError.KERNEL32(?,6CDF0795,?,?,6CFF301C,?), ref: 6CDDC92C

IsDebuggerPresent.KERNEL32(?,?,6CFF301C,?), ref: 6CDF0799
OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule), ref: 6CDF07A8

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 6CDF07A3

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalDebugDebuggerDispatcherErrorExceptionInitializeLastOutputPresentSectionStringUserstd::exception::exceptionstd::invalid_argument::invalid_argument
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 2083594896-631824599
Opcode ID: 622d1458daabee89ce64c348b3a3b07f575c8e3164f6ec430effc628f0da9217
Instruction ID: 246d92c0c0162b88e995ed6846b2814837c89601b70ad473f9699f2da7f457f7
Opcode Fuzzy Hash: 622d1458daabee89ce64c348b3a3b07f575c8e3164f6ec430effc628f0da9217
Instruction Fuzzy Hash: 6DF062B44003449FCB10AFA4E504B8A7BF8AF04244F41885DD966C7B61E7B4F9498FA1

Function 6CF12418 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF1241F
setsockopt.WS2_32(?,00000029,0000001B,6CFF38D8,00000004), ref: 6CF12436
WSAGetLastError.WS2_32(?,00000029,0000001B,6CFF38D8,00000004,00000044,?,6CFF38D8,?,0000FFFF,?,?,00000004,00000078,?,6CFF38D8), ref: 6CF12446

Strings

setsockopt_IPV6_V6ONLY, xrefs: 6CF1245E

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorH_prolog3_Lastsetsockopt
String ID: setsockopt_IPV6_V6ONLY
API String ID: 9313246-3560456837
Opcode ID: af9aa9ee1c77b4c140a08d3c3df598654e5667583378e578d1781aee7352f8b9
Instruction ID: 233d0c356df5df482b85a3188bc08d9ebddf7fda20f91bc679acb3be80649445
Opcode Fuzzy Hash: af9aa9ee1c77b4c140a08d3c3df598654e5667583378e578d1781aee7352f8b9
Instruction Fuzzy Hash: 46F0A7B1A11208BEEB14DBE0CC49FED7378EB04715F204419BA109AA84DBB9DA0DCA11

Function 6CDFD8AA Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 6CDFD931

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 178b68f1b728e55651e4583c49a6d8999393b9024cce35bffecc5e23a5a1ca47
Instruction ID: 2f8eedd5820f97553c21ff28eaf91a0b888083b1a9f80df87fea25a919ade667
Opcode Fuzzy Hash: 178b68f1b728e55651e4583c49a6d8999393b9024cce35bffecc5e23a5a1ca47
Instruction Fuzzy Hash: E5B11432A05245DFDB01CF68C8807AEBBF5FF56344F2681AAD8A49B751D3358903CB61

Function 6CDFD59C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,6CE0725D,00000000,00000001,6CE00DF5,?,6CE0771C,00000001,?,?,?,6CE00D84,?,00000000), ref: 6CDFD5A1
_free.LIBCMT ref: 6CDFD5FE
_free.LIBCMT ref: 6CDFD634
SetLastError.KERNEL32(00000000,00000006,000000FF,?,6CE0771C,00000001,?,?,?,6CE00D84,?,00000000,00000000,6CFF3418,0000002C,6CE00DF5), ref: 6CDFD63F

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 2d7d17b95413d02007c27b8b4d62aee6e1b898e1a6ae6ebdcb573231165f6211
Instruction ID: dffa1b5eea72c02beba32c2ecfaaf28e5a2ac2b5c479d56a0065e75d7cd8ecb8
Opcode Fuzzy Hash: 2d7d17b95413d02007c27b8b4d62aee6e1b898e1a6ae6ebdcb573231165f6211
Instruction Fuzzy Hash: 6B11C476245205AADA222FB69C84F5E326AB7C366CB374225E63487FF1DF61880B4570

Function 6CDFD6F3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000001,6CDFCA16,6CDFCBBB,?,?,6CDFC6E5), ref: 6CDFD6F8
_free.LIBCMT ref: 6CDFD755
_free.LIBCMT ref: 6CDFD78B
SetLastError.KERNEL32(00000000,00000006,000000FF,?,00000001,6CDFCA16,6CDFCBBB,?,?,6CDFC6E5), ref: 6CDFD796

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 531be354efa58253475fd59e78c3b49331c6c3da7ef54282ff6cc9af6641bd72
Instruction ID: 809f98eb03cd25346955cabb45119e275f6a1a2dc163463e19116d03e0f9d4ee
Opcode Fuzzy Hash: 531be354efa58253475fd59e78c3b49331c6c3da7ef54282ff6cc9af6641bd72
Instruction Fuzzy Hash: 59110A36245201AAD7113FB69CC4F5A2269B7C36BC7334325E5359FAF1DB21880B8570

Function 6CF1D70A Relevance: 6.0, APIs: 4, Instructions: 33threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(00000000,6D032B78,00000000,00000000,?,?,?,6CDC17C1,?,00000001), ref: 6CF1D720
GetCurrentThreadId.KERNEL32 ref: 6CF1D736
GetCurrentProcessId.KERNEL32(?,?,?,6CDC17C1,?,00000001), ref: 6CF1D73E
GetTickCount.KERNEL32 ref: 6CF1D746

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: Current$CountCriticalInitializeProcessSectionThreadTick
String ID:
API String ID: 1673846168-0
Opcode ID: ab72e52bea062577183b839576c2911d37fa8f77853225de181ca86f541fb1ae
Instruction ID: 9e4b3a71d21ee7c393e3529048a0a8e7b0eca198ef870001b4b7f7de26a9912d
Opcode Fuzzy Hash: ab72e52bea062577183b839576c2911d37fa8f77853225de181ca86f541fb1ae
Instruction Fuzzy Hash: 4DF0EC715002146BDF045BF8D94DFAE3778EBC6658B140415F90187340EB706D058BF1

Function 6CE0A9BE Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,6CE00DF5,00000000,?,?,6CE09965,?,00000001,?,00000001,?,6CE071EC,00000000,00000000,00000001), ref: 6CE0A9D5
GetLastError.KERNEL32(?,6CE09965,?,00000001,?,00000001,?,6CE071EC,00000000,00000000,00000001,00000000,00000001,?,6CE07740,6CE00D84), ref: 6CE0A9E1

Part of subcall function 6CE0A9A7: CloseHandle.KERNEL32(FFFFFFFE,6CE0A9F1,?,6CE09965,?,00000001,?,00000001,?,6CE071EC,00000000,00000000,00000001,00000000,00000001), ref: 6CE0A9B7

___initconout.LIBCMT ref: 6CE0A9F1

Part of subcall function 6CE0A969: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,6CE0A998,6CE09952,00000001,?,6CE071EC,00000000,00000000,00000001,00000000), ref: 6CE0A97C

WriteConsoleW.KERNEL32(?,?,6CE00DF5,00000000,?,6CE09965,?,00000001,?,00000001,?,6CE071EC,00000000,00000000,00000001,00000000), ref: 6CE0AA06

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: e1cafedb0f4c82d3f78835b4c737fb5dda0eb1960c68abb1ba9c670e2558dafe
Instruction ID: e3d4683932c9ec2a68162f66e4a61ffb192fc7ba5773a63654d6153dca9ab50a
Opcode Fuzzy Hash: e1cafedb0f4c82d3f78835b4c737fb5dda0eb1960c68abb1ba9c670e2558dafe
Instruction Fuzzy Hash: D1F01C37641219BBCF221FE5CC08E893F36FB0A3A4B264411FE0895220C732D820EBD0

Function 6CDEFC94 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,6CDEFC31,00000064), ref: 6CDEFCB7
LeaveCriticalSection.KERNEL32(6D03E12C,?,?,6CDEFC31,00000064,?,6CF97902,6D059290,00000004,6CF97567,LdrLoadDll,6CF4186A,?,?,6CF1BAF7), ref: 6CDEFCC1
WaitForSingleObjectEx.KERNEL32(?,00000000,?,6CDEFC31,00000064,?,6CF97902,6D059290,00000004,6CF97567,LdrLoadDll,6CF4186A,?,?,6CF1BAF7), ref: 6CDEFCD2
EnterCriticalSection.KERNEL32(6D03E12C,?,6CDEFC31,00000064,?,6CF97902,6D059290,00000004,6CF97567,LdrLoadDll,6CF4186A,?,?,6CF1BAF7), ref: 6CDEFCD9

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 40f90bab6887af682c7551e912daf6b9677e80ccda73389cb8dd227f63328208
Instruction ID: 11a19deb9a35075eed005b79dc3941489adedbfbba0b66b08bda1dd3d545acad
Opcode Fuzzy Hash: 40f90bab6887af682c7551e912daf6b9677e80ccda73389cb8dd227f63328208
Instruction Fuzzy Hash: A8E06D36501125ABCF112B908E08FAA3F3AEB4E754B110610BF099715187357C009BE1

Function 6CF6B159 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF6B163

Strings

Decode error, xrefs: 6CF6B38C, 6CF6B3C2
/xstd/base64/decode, xrefs: 6CF6B3A6, 6CF6B3D2

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: /xstd/base64/decode$Decode error
API String ID: 2427045233-3541169599
Opcode ID: 8fad87787000b212fba92e71e3ce26430e9917e01fc23866117de828c957cd3f
Instruction ID: fb1f4c8db2ca3c7dd88b9f0c7f8fcbea24f0faa2d6e8acb1e23fea5b32e30187
Opcode Fuzzy Hash: 8fad87787000b212fba92e71e3ce26430e9917e01fc23866117de828c957cd3f
Instruction Fuzzy Hash: C881F471A08168AFCB15CB24CC65BDDBBB9AF4A304F4444C8D54967B52DB705F88CFA1

Function 6CF25DE1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 150COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF25DE8

Strings

System_, xrefs: 6CF25E5C
User_, xrefs: 6CF25E61

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: System_$User_
API String ID: 2427045233-2948008356
Opcode ID: f2fd8b1c536ceed19cbca284ca20ec728f91d5c16c3b5fc989e3fef39a93befc
Instruction ID: fe3c6a1bea5415f302352d9919b4b10be23d7bddbb6c5a7c67744d7a606af5d7
Opcode Fuzzy Hash: f2fd8b1c536ceed19cbca284ca20ec728f91d5c16c3b5fc989e3fef39a93befc
Instruction Fuzzy Hash: 40514B71E046089FEF24CFE8C490BDDBBB4AF08708F20412EE025AB691DB759A49CF54

Function 6CE01E0A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 6CE01BB3: GetOEMCP.KERNEL32(00000000,6CE01E25,6CE06E73,00000000,00000000,00000000,00000000,?,6CE06E73), ref: 6CE01BDE

_free.LIBCMT ref: 6CE01E82

Strings

snl, xrefs: 6CE01E3C

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: _free
String ID: snl
API String ID: 269201875-1325859365
Opcode ID: 345b3abb997baf5b78c584aad8d971a9ddab14769744ff03fad1535e02635ecb
Instruction ID: c047ff021c74d3781c70ff2dafde5c2328d60265da239386313bdaaca4f97983
Opcode Fuzzy Hash: 345b3abb997baf5b78c584aad8d971a9ddab14769744ff03fad1535e02635ecb
Instruction Fuzzy Hash: 4331B072A04209AFDB01DFA8C840BDE77B5FF4431CF250169E8209B7A0E731D966CBA0

Function 6CF2B9F2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 92COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF2B9F9

Strings

_AFTER, xrefs: 6CF2BA58
9?, xrefs: 6CF2BA05, 6CF2BA2B, 6CF2BA08

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: 9?$_AFTER
API String ID: 2427045233-1422857126
Opcode ID: f1bb3c00ea9d395ecdb76cf5f04c0579eeddff0e16bfd927ea80ffb65a90ff47
Instruction ID: 39435284bf3d3fa7c6a40671ea9bface90b24651e79341ccc260c760e56db74b
Opcode Fuzzy Hash: f1bb3c00ea9d395ecdb76cf5f04c0579eeddff0e16bfd927ea80ffb65a90ff47
Instruction Fuzzy Hash: D1311B71E102089FDB08DFA8D9909DDBBF5EF58304F20841AE416A7790DB35AA49CF60

Function 6CF467D1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF467D8

Part of subcall function 6CDC79E2: __EH_prolog3_GS.LIBCMT ref: 6CDC79E9

Part of subcall function 6CF2DC24: __EH_prolog3_GS.LIBCMT ref: 6CF2DC2B

Part of subcall function 6CDC33A5: _Deallocate.LIBCONCRT ref: 6CDC33B4

Strings

force, xrefs: 6CF46818
,;, xrefs: 6CF46801

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_$Deallocate
String ID: ,;$force
API String ID: 953458638-2905744297
Opcode ID: 05d5657cf5a2f22e8f5cafc4121d3886ca35b47f35f63eef352dfc882a5edc8f
Instruction ID: 945870916d3d2619029d09ea059addd4775f5306b512c05c4e3e7e99f9fe0a16
Opcode Fuzzy Hash: 05d5657cf5a2f22e8f5cafc4121d3886ca35b47f35f63eef352dfc882a5edc8f
Instruction Fuzzy Hash: B9312672D042489FDB09CFE8C491ADDFBB5AF18304F64801ED015AB794DB74AA49CB65

Function 6CF84FB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 81COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF84FB7

Part of subcall function 6CDED09D: __EH_prolog3_GS.LIBCMT ref: 6CDED0A4

Strings

protocol=[%1%] ciphers=[%2%], xrefs: 6CF8503A
SSL params, xrefs: 6CF85013

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: SSL params$protocol=[%1%] ciphers=[%2%]
API String ID: 2427045233-2518420294
Opcode ID: ec039374370b943fe2345e83e74bce517f1a902903f19f6a8ea3d9c9c0e1b00b
Instruction ID: 4596dafeb587d531c976d2ad2a7a47976d399f9926ca476dc73515577284c942
Opcode Fuzzy Hash: ec039374370b943fe2345e83e74bce517f1a902903f19f6a8ea3d9c9c0e1b00b
Instruction Fuzzy Hash: 9D319171E012089FEF05DFA4D480BEE7BB9AF08308F10402AE412EB791DB75D949CBA1

Function 6CF23029 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 77COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF23030

Part of subcall function 6CDD5EFF: __EH_prolog3_GS.LIBCMT ref: 6CDD5F06

Strings

socket, xrefs: 6CF23062
socket objects count: %1%, xrefs: 6CF2309D

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: socket$socket objects count: %1%
API String ID: 2427045233-119685394
Opcode ID: b686febb5da6ef6f925ae57ea9f86063a9d743467ef0351b148629d43621e6ef
Instruction ID: 2ba2216dae6456bb1c0f7515c23515c5e3835abc7d205774f7d45a9f5eee10a7
Opcode Fuzzy Hash: b686febb5da6ef6f925ae57ea9f86063a9d743467ef0351b148629d43621e6ef
Instruction Fuzzy Hash: 96312871A042089FDB04DFA8D481ADEBBF5EF0C314F64842AE155EB790DB75E984CB60

Function 6CF23105 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF2310C

Strings

socket, xrefs: 6CF23128
exception: %1%, xrefs: 6CF23152

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: exception: %1%$socket
API String ID: 2427045233-2515560813
Opcode ID: 8ecd767da42a2c03663b6385f683fca70d6dee2e50358a68dfa8192d2aabb599
Instruction ID: 492e8b2ae9c0ee64c8561c845bea5c46305dcb4e8397b3fbfabfc75f86c38169
Opcode Fuzzy Hash: 8ecd767da42a2c03663b6385f683fca70d6dee2e50358a68dfa8192d2aabb599
Instruction Fuzzy Hash: 6B213BB1D11218AFDB05DFE8E880ADDFBB9EF18304F60401EE010EB690CB749A49CB91

Function 6CF97120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56registryCOMMON

Download Yara Rule

APIs

RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,?,00000010,saving additional [%1%],00000000,?,6CF4AF0B,?,00000001,?,?,?), ref: 6CF9718C

Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000), ref: 6CF97261
Part of subcall function 6CF97242: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,0000000F,000000FF,00000000,00000000,?,0000000F,?,6CF9635A,0000000F,?,?,00000000,4004667F,?), ref: 6CF97287

RegSetValueExW.ADVAPI32(?,00000000,00000000,00000001,00000000,00000000,?,?,00000010,saving additional [%1%],00000000,?,6CF4AF0B,?,00000001,?), ref: 6CF97167

Strings

saving additional [%1%], xrefs: 6CF97128

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: ByteCharMultiValueWide
String ID: saving additional [%1%]
API String ID: 2676526956-632221285
Opcode ID: 5692b4cacc4c087b2594cf6e8d5b4af500ec3511c217fff98b4b9b1f3fbe7024
Instruction ID: d6804814103af8207decd62e4c950c17dbff6db5543d81ff9ebf5b3af79c02d7
Opcode Fuzzy Hash: 5692b4cacc4c087b2594cf6e8d5b4af500ec3511c217fff98b4b9b1f3fbe7024
Instruction Fuzzy Hash: 7B01F2722153147BEF185BAA9C44FAF36BDEBC8328F11042AFA09C3661EF7198558770

Function 6CE5B475 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CE5B47C

Part of subcall function 6CDC358D: __EH_prolog3_GS.LIBCMT ref: 6CDC3594

Strings

dialog, xrefs: 6CE5B49B
%1%, xrefs: 6CE5B496

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: %1%$dialog
API String ID: 2427045233-225672207
Opcode ID: d7743e3ada08d4d78524150819a681798e551b9c67b36b2e52f7b738868bcc97
Instruction ID: 331523ffcdf7b8176d40d943d4056d2f8cb5cff406dac58e2b3e9795f42b5f64
Opcode Fuzzy Hash: d7743e3ada08d4d78524150819a681798e551b9c67b36b2e52f7b738868bcc97
Instruction Fuzzy Hash: E4114C71D10248AFDF05DFE8D4C1ADDBBB8AF08314FA0841EE115A7690DB759648CF61

Function 6CF1FC2B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF1FC32

Part of subcall function 6CDC13B0: __EH_prolog3_GS.LIBCMT ref: 6CDC13B7

Strings

received pong, xrefs: 6CF1FC48
error_reporting, xrefs: 6CF1FC39

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: error_reporting$received pong
API String ID: 2427045233-721156197
Opcode ID: 2826a8107a39a697d9246f5fba48ea56857298eaf4b96ea5e94bbfc8ac3a558a
Instruction ID: 94383841d4b76f037ee11988150f52d5320e16ea19b50d3ba854d1302bbf2908
Opcode Fuzzy Hash: 2826a8107a39a697d9246f5fba48ea56857298eaf4b96ea5e94bbfc8ac3a558a
Instruction Fuzzy Hash: 70014071D15208AEDB05DFE8E4C1ADDBBB8EF08314F64401EE110B7690DB359648CB65

Function 6CF6AFBF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 6CF6AFC6

Strings

Decode error, xrefs: 6CF6AFDD
/xstd/base64/decode, xrefs: 6CF6AFF1

Memory Dump Source

Source File: 00000001.00000002.1831960116.000000006CD51000.00000020.00000001.01000000.00000006.sdmp, Offset: 6CD50000, based on PE: true

Associated: 00000001.00000002.1831944884.000000006CD50000.00000002.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832173354.000000006D032000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832191829.000000006D036000.00000008.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832211139.000000006D03D000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832229087.000000006D046000.00000004.00000001.01000000.00000006.sdmpDownload File
Associated: 00000001.00000002.1832247446.000000006D05A000.00000002.00000001.01000000.00000006.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_6cd50000_ISL_Light_Client_4_4_2332_44 49919761.jbxd

Similarity

API ID: H_prolog3_
String ID: /xstd/base64/decode$Decode error
API String ID: 2427045233-3541169599
Opcode ID: ac29e81659a2ec82394d7141c49475a17a1d0323ca9e8f781c844e0e0694bb34
Instruction ID: ed83bc072bc69b67ade4eb0aec7dd2df2b1dcd0f4f760e4d7f97f165e40be582
Opcode Fuzzy Hash: ac29e81659a2ec82394d7141c49475a17a1d0323ca9e8f781c844e0e0694bb34
Instruction Fuzzy Hash: ADE0D8314121148DDF01EBA0C444AEC77B4AF1520CFE4444CC0413BEA1CB319A0EDB32

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the Windows service control manager to execute malicious commands or payloads. The Windows service control manager ( `services.exe` ) is an interface to manage and manipulate services.The service control manager is accessible to users via GUI components as well as system utilities such as `sc.exe` and Net .
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: Process Creation, Service: Service Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify Windows services to repeatedly execute malicious payloads as part of persistence. When Windows boots up, it starts programs or applications called services that perform background system functions.Windows service configuration information, including the file path to the service's executable or recovery programs/commands, is stored in the Windows Registry.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Driver: Driver Load, File: File Metadata, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Service: Service Creation, Service: Service Modification, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report $RMH4FA8.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Privilege Escalation

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLClient.out

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf\ISLConfiguration.ini

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf\cmdline.txt

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\ISLStaticConfiguration.ini

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\icon.ico

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\conf_static\logo.bmp

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\datachannel.dll

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\isllight.exe

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\mailopen.exe

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\shellsendto.exe

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\VNC-blue-ikone.bmp

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\background.bmp

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-ctrl-dsk-small.bmp

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-dsk-vnc-ex.bmp

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-dsk-vnc.bmp

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btn-vnc-top.bmp

C:\Users\user\AppData\Local\ISL Online Cache\ISL Light Client\1\skin\btns-ft.bmp

Windows Analysis Report
$RMH4FA8.exe

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre