Edit tour

Windows Analysis Report
QuickTextPaste (2).exe

Overview

General Information

Sample name:	QuickTextPaste (2).exe
Analysis ID:	1562565
MD5:	4bc6dc45d87f46354cf96b0d60d849e5
SHA1:	2af2591cf4fa6a2625f99012c24377378143010d
SHA256:	e58e9f7cce5acebd12f2fbe7a8f4da092982291f0cf553066e515359ec71af81
Tags:	Compilazioneprotetticopyrightexeuser-JAMESWT_MHT
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Detected unpacking (creates a PE file in dynamic memory)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains very large array initializations

AI detected suspicious sample

Allocates memory in foreign processes

Contains functionality to register a low level keyboard hook

Drops large PE files

Injects a PE file into a foreign processes

Machine Learning detection for sample

Queries memory information (via WMI often done to detect virtual machines)

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Tries to harvest and steal Bitcoin Wallet information

Writes to foreign memory regions

AV process strings found (often used to terminate AV products)

Abnormal high CPU Usage

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Compiles C# or VB.Net code

Contains functionality for read data from the clipboard

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the clipboard data

Contains functionality to retrieve information about pressed keystrokes

Contains functionality to simulate keystroke presses

Contains long sleeps (>= 3 min)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found evasive API chain (date check)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

Internet Provider seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Sigma detected: CurrentVersion Autorun Keys Modification

Stores large binary data to the registry

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

QuickTextPaste (2).exe (PID: 7112 cmdline: "C:\Users\user\Desktop\QuickTextPaste (2).exe" MD5: 4BC6DC45D87F46354CF96B0D60D849E5)

csc.exe (PID: 6812 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)

cleanup

Sigma Signatures

System Summary

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Pictures\DesktopInfo\Bin\DesktopInfo.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\QuickTextPaste (2).exe, ProcessId: 7112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DesktopInfo

Suricata Signatures

ET MALWARE Generic AsyncRAT Style SSL Cert

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-11-25T18:03:34.268004+0100	2035595	1	Domain Observed Used for C2 Detected	64.95.10.19	56001	192.168.2.12	49719	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: QuickTextPaste (2).exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\Pictures\DesktopInfo\Bin\DesktopInfo.exe

Avira: detection malicious, Label: TR/Crypt.XPACK.Gen2

Multi AV Scanner detection for submitted file

Source: QuickTextPaste (2).exe

ReversingLabs: Detection: 68%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: QuickTextPaste (2).exe

Joe Sandbox ML: detected

Compliance

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Unpacked PE file: 0.2.QuickTextPaste (2).exe.730000.2.unpack

Source: QuickTextPaste (2).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 64.95.10.19:56001 -> 192.168.2.12:49719

Source: global traffic

TCP traffic: 192.168.2.12:49719 -> 64.95.10.19:56001

Source: Joe Sandbox View

ASN Name: BRAHMAN-NYUS BRAHMAN-NYUS

Source: csc.exe, 00000004.00000003.2796297037.0000000004B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: csc.exe, 00000004.00000003.2796297037.0000000004B70000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality to register a low level keyboard hook

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_00426601 SetWindowsHookExW 0000000D,0041ED8B,00000000,00000000

0_2_00426601

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_00433F0D OpenClipboard,RegisterClipboardFormatW,GetClipboardData,GlobalLock,CloseClipboard,

0_2_00433F0D

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_00433F0D OpenClipboard,RegisterClipboardFormatW,GetClipboardData,GlobalLock,CloseClipboard,

0_2_00433F0D

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_004324DC IsWindow,GetKeyboardState,GetKeyboardState,keybd_event,keybd_event,SetForegroundWindow,GetKeyboardState,keybd_event,

0_2_004324DC

System Summary

.NET source code contains very large array initializations

Source: 0.2.QuickTextPaste (2).exe.49eb26.1.raw.unpack, RegistryRefExpression.cs

Large array initialization: ManageRule: array initializer size 298256

Drops large PE files

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

File dump: DesktopInfo.exe.0.dr 979567349

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Process Stats: CPU usage > 49%

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00416231 NtQueryDefaultLocale,lstrlenW,GetDlgItem,	0_2_00416231
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00416F82 NtQueryDefaultLocale,	0_2_00416F82
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00416087 NtQueryDefaultLocale,	0_2_00416087
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0041616C NtQueryDefaultLocale,	0_2_0041616C
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00416473 NtQueryDefaultLocale,	0_2_00416473
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004157C3 NtQueryDefaultLocale,	0_2_004157C3

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00416231	0_2_00416231
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00416F82	0_2_00416F82
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0040287C	0_2_0040287C
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00407801	0_2_00407801
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004028C2	0_2_004028C2
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004020C4	0_2_004020C4
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004028CD	0_2_004028CD
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004020D3	0_2_004020D3
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004020F9	0_2_004020F9
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0040288F	0_2_0040288F
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0041E95A	0_2_0041E95A
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0040F165	0_2_0040F165
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0040497C	0_2_0040497C
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0051D18E	0_2_0051D18E
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00404A72	0_2_00404A72
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004072C9	0_2_004072C9
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0051DB4C	0_2_0051DB4C
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0040EBC7	0_2_0040EBC7
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0041E397	0_2_0041E397
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0040745E	0_2_0040745E
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004074DD	0_2_004074DD
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00402DAB	0_2_00402DAB
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0041EE59	0_2_0041EE59
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00407639	0_2_00407639
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004026E3	0_2_004026E3
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_0041E6EC	0_2_0041E6EC
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004046F0	0_2_004046F0
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004026F5	0_2_004026F5
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00402682	0_2_00402682
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004046B0	0_2_004046B0
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00406EBE	0_2_00406EBE
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00401F52	0_2_00401F52
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004157C3	0_2_004157C3
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004027A7	0_2_004027A7
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_004027B2	0_2_004027B2

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: String function: 00437C80 appears 39 times

Source: QuickTextPaste (2).exe	Binary or memory string: OriginalFilename vs QuickTextPaste (2).exe
Source: QuickTextPaste (2).exe, 00000000.00000002.2541169472.000000000078A000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameCjmjchusqsd.exe" vs QuickTextPaste (2).exe
Source: QuickTextPaste (2).exe	Binary or memory string: OriginalFilenameQuickTextPaste.exe( vs QuickTextPaste (2).exe

Source: QuickTextPaste (2).exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 0.2.QuickTextPaste (2).exe.49eb26.1.raw.unpack, RegistryRefExpression.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.QuickTextPaste (2).exe.49eb26.1.raw.unpack, ConnectionSerializerModel.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.QuickTextPaste (2).exe.49eb26.1.raw.unpack, ConnectionSerializerModel.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.QuickTextPaste (2).exe.49eb26.1.raw.unpack, ConnectionSerializerModel.cs

Task registration methods: 'RegisterRule'

Source: classification engine

Classification label: mal100.spyw.evad.winEXE@3/1@0/1

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_00426601 GetModuleHandleW,SetWindowsHookExW,GetLastError,FormatMessageW,MessageBoxW,LocalFree,

0_2_00426601

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

File created: C:\Users\user\Pictures\DesktopInfo

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Mutant created: NULL
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Mutant created: \Sessions\1\BaseNamedObjects\86e9217bf3f8

Source: QuickTextPaste (2).exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: QuickTextPaste (2).exe

ReversingLabs: Detection: 68%

Source: QuickTextPaste (2).exe	String found in binary or memory: <!--StartFrag
Source: QuickTextPaste (2).exe	String found in binary or memory: <!--StartFragment-->
Source: QuickTextPaste (2).exe	String found in binary or memory: EndSelectionStartSelection<!--EndFragEndFragment<!--StartFragStartFragmentEndHTML%08u<html>StartHTML<!--EndFragment--></body>
Source: QuickTextPaste (2).exe	String found in binary or memory: <!--StartFragment-->HTML Format

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

File read: C:\Users\user\Desktop\QuickTextPaste (2).exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\QuickTextPaste (2).exe "C:\Users\user\Desktop\QuickTextPaste (2).exe"
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"	Jump to behavior

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Section loaded: k7rn7l32.dll	Jump to behavior
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Section loaded: ntd3ll.dll	Jump to behavior
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Section loaded: windowscodecs.dll	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: QuickTextPaste (2).exe

Static file information: File size 1363968 > 1048576

Data Obfuscation

Detected unpacking (creates a PE file in dynamic memory)

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Unpacked PE file: 0.2.QuickTextPaste (2).exe.730000.2.unpack

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.QuickTextPaste (2).exe.49eb26.1.raw.unpack, ConnectionSerializerModel.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"			Jump to behavior

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_00434350 LoadLibraryW,GetProcAddress,

0_2_00434350

Source: QuickTextPaste (2).exe

Static PE information: real checksum: 0x844df should be: 0x1515bf

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00437C80 push eax; ret		0_2_00437C9E
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: 0_2_00437CA0 push eax; ret		0_2_00437CCE

Source: QuickTextPaste (2).exe	Static PE information: section name: .text entropy: 6.867077590981686
Source: DesktopInfo.exe.0.dr	Static PE information: section name: .text entropy: 6.867077590981686

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

File created: C:\Users\user\Pictures\DesktopInfo\Bin\DesktopInfo.exe

Jump to dropped file

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DesktopInfo			Jump to behavior
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run DesktopInfo			Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value created or modified: HKEY_CURRENT_USER\SOFTWARE\15036547B1E75A4B687ED1F301A71B42 4555936c9bfd67fc4c92d88fec2bb6b0

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Queries memory information (via WMI often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')

Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive

Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 67C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 6AB0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Memory allocated: 8AB0000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Window / User API: threadDelayed 3243			Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Window / User API: threadDelayed 6548			Jump to behavior

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Dropped PE file which has not been started: C:\Users\user\Pictures\DesktopInfo\Bin\DesktopInfo.exe

Jump to dropped file

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Evasive API call chain: GetLocalTime,DecisionNodes

graph_0-11557

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

API coverage: 0.6 %

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 5248

Thread sleep time: -31359464925306218s >= -30000s

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: csc.exe, 00000004.00000003.2796297037.0000000004B70000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

API call chain: ExitProcess graph end node

graph_0-11535

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_00434350 LoadLibraryW,GetProcAddress,

0_2_00434350

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Allocates memory in foreign processes

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4A40000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4A40000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4A40000			Jump to behavior
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 476E008			Jump to behavior

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_004324DC IsWindow,GetKeyboardState,GetKeyboardState,keybd_event,keybd_event,SetForegroundWindow,GetKeyboardState,keybd_event,

0_2_004324DC

Source: QuickTextPaste (2).exe	Binary or memory string: Shell_TrayWnd
Source: QuickTextPaste (2).exe, DesktopInfo.exe.0.dr	Binary or memory string: WidthBytes: %d bmWidth:%d bmBitsPixel:%d hb:%dNo-HBitmap<br>0};%d,UCHAR img_data[]={int ys=%d;int xs=%d;No HBITMAPShell_TrayWndTrayNotifyWndC:\shell32SetMenuInfoNULL
Source: QuickTextPaste (2).exe, DesktopInfo.exe.0.dr	Binary or memory string: GDtGDXGDHGDWorkerWSysListView32SHELLDLL_DefViewProgram ManagerUniformResourceLocatorToolbarWindow32SHAutoCompleteSHLWAPI.DLLBackInternet Explorer_Server

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: GetLocaleInfoW,		0_2_0043271F
Source: C:\Users\user\Desktop\QuickTextPaste (2).exe	Code function: GetLocaleInfoW,		0_2_004327AB

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\QuickTextPaste (2).exe

Code function: 0_2_00421838 __EH_prolog,GetLocalTime,

0_2_00421838

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: csc.exe, 00000004.00000003.2796297037.0000000004B70000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	321 Windows Management Instrumentation	1 Scheduled Task/Job	32 Process Injection	1 Masquerading	111 Input Capture	1 System Time Discovery	Remote Services	111 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 Registry Run Keys / Startup Folder	1 Scheduled Task/Job	1 Modify Registry	LSASS Memory	431 Security Software Discovery	Remote Desktop Protocol	11 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 Scheduled Task/Job	1 DLL Side-Loading	1 Registry Run Keys / Startup Folder	11 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	2 Clipboard Data	Steganography	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	2 Native API	Login Hook	1 DLL Side-Loading	341 Virtualization/Sandbox Evasion	NTDS	341 Virtualization/Sandbox Evasion	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	32 Process Injection	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	11 Deobfuscate/Decode Files or Information	Cached Domain Credentials	224 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	3 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	21 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 DLL Side-Loading	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
QuickTextPaste (2).exe	68%	ReversingLabs	Win32.Trojan.Generic
QuickTextPaste (2).exe	100%	Avira	TR/Crypt.XPACK.Gen2
QuickTextPaste (2).exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Pictures\DesktopInfo\Bin\DesktopInfo.exe	100%	Avira	TR/Crypt.XPACK.Gen2

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
64.95.10.19	unknown	United States		31982	BRAHMAN-NYUS	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1562565
Start date and time:	2024-11-25 18:02:08 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 8m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	QuickTextPaste (2).exe
Detection:	MAL
Classification:	mal100.spyw.evad.winEXE@3/1@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
VT rate limit hit for: QuickTextPaste (2).exe

Simulations

Behavior and APIs

Time	Type	Description
12:03:33	API Interceptor	7197609x Sleep call for process: csc.exe modified
18:03:29	Autostart	Run: HKCU\Software\Microsoft\Windows\CurrentVersion\Run DesktopInfo C:\Users\user\Pictures\DesktopInfo\Bin\DesktopInfo.exe
18:03:38	Autostart	Run: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run DesktopInfo C:\Users\user\Pictures\DesktopInfo\Bin\DesktopInfo.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BRAHMAN-NYUS	http://elizgallery.com/js.php	Get hash	malicious	Unknown	Browse	64.95.11.184
	https://elizgallery.com/nazvanie.js	Get hash	malicious	Unknown	Browse	64.95.11.184
	#U2749Factura_#U2749_#U2462#U2465#U2460#U2463#U2463#U2460#U2462#U2461.hta	Get hash	malicious	Unknown	Browse	64.95.10.38
	#U2749Factura_#U2749_#U2466#U2461#U2466#U2462#U2467#U2465#U2465#U2465.hta	Get hash	malicious	Unknown	Browse	64.95.10.38
	6723653391970.vbs	Get hash	malicious	Unknown	Browse	64.95.10.38
	672365339196e.vbs	Get hash	malicious	Unknown	Browse	64.95.10.38
	v.ps1	Get hash	malicious	PureLog Stealer	Browse	64.95.11.29
	p.exe	Get hash	malicious	Unknown	Browse	64.95.10.162
	p.exe	Get hash	malicious	Unknown	Browse	64.95.10.162
	file.exe	Get hash	malicious	Unknown	Browse	64.95.13.143

Process:	C:\Users\user\Desktop\QuickTextPaste (2).exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	979567349
Entropy (8bit):	0.023647584229054917
Encrypted:	false
SSDEEP:
MD5:	905B69AEE10ACEB242AD7F218E615809
SHA1:	048A1862B9DB812ED8AFCB0BCDEE6735C3DEBB54
SHA-256:	269CE61F65E973A36576224F6364ED7CF0286939F0FD53DCA54F18304F49FCD7
SHA-512:	605942EE996518BF660332DD391E7B023EF45F584F7FDF0989AC66F0398CA30B6FFC905460A38E5D604D9B949FA042449F3B25B0EDF1FE69748575954D139ED2
Malicious:	true
Antivirus:	Antivirus: Avira, Detection: 100%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........................................................9......._.....Rich...................PE..L.....7g.....................(.......~............@..................................D..................................................h............"...)..............................................................4............................text.............................. ..`.rdata...w.......x..................@..@.data........@..."... ..............@....rsrc...h............B..............@..@................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.31815796011667
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	QuickTextPaste (2).exe
File size:	1'363'968 bytes
MD5:	4bc6dc45d87f46354cf96b0d60d849e5
SHA1:	2af2591cf4fa6a2625f99012c24377378143010d
SHA256:	e58e9f7cce5acebd12f2fbe7a8f4da092982291f0cf553066e515359ec71af81
SHA512:	821e127a75609cbd83d076eaac6dd2f3c9b75378d699ab143cdc4f80f913285a6d877168ce9590149d3abd7557b7207587500b32fe65a101cf7a5e1bc9203e47
SSDEEP:	24576:QsV37etHLvLRhQEjhmeHziIA01B5lfYeXEgDm1mTn:QU6tXRhmqzSw5lJE+T
TLSH:	3255BE01FF47C9DED692183DAA0A6141E1859FB83817980731DF7B5F7B38AC62D19E22
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........................................................................9..........._.......Rich....................PE..L.....7g...

File Icon


Icon Hash:	0f2fcaabb0aaf830

Static PE Info

General

Entrypoint:	0x437ee0
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:
Time Stamp:	0x67371DD6 [Fri Nov 15 10:09:26 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	e65d5d56989c1441945255d78668884e

Authenticode Signature

Signature Valid:
Signature Issuer:
Signature Validation Error:
Error Number:
Not Before, Not After
Subject Chain
Version:
Thumbprint MD5:
Thumbprint SHA-1:
Thumbprint SHA-256:
Serial:

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push FFFFFFFFh
push 0043D1E8h
push 00438066h
mov eax, dword ptr fs:[00000000h]
push eax
mov dword ptr fs:[00000000h], esp
sub esp, 68h
push ebx
push esi
push edi
mov dword ptr [ebp-18h], esp
xor ebx, ebx
mov dword ptr [ebp-04h], ebx
push 00000002h
pop edi
push edi
call 00007F7378C62641h
nop
pop ecx
or dword ptr [004808F4h], FFFFFFFFh
or dword ptr [004808F8h], FFFFFFFFh
call dword ptr [0043C330h]
mov ecx, dword ptr [004808C8h]
mov dword ptr [eax], ecx
call dword ptr [0043C2ACh]
mov ecx, dword ptr [004808C4h]
mov dword ptr [eax], ecx
mov eax, dword ptr [0043C234h]
mov eax, dword ptr [eax]
mov dword ptr [004808F0h], eax
call 00007F7378C9964Dh
cmp dword ptr [00456140h], ebx
jne 00007F7378C9950Eh
push 00438096h
call dword ptr [0043C238h]
pop ecx
call 00007F7378C9961Fh
push 004440ECh
push 004440E8h
call 00007F7378C9960Ah
mov eax, dword ptr [004808C0h]
mov dword ptr [ebp-6Ch], eax
lea eax, dword ptr [ebp-6Ch]
push eax
push dword ptr [004808BCh]
lea eax, dword ptr [ebp-64h]
push eax
lea eax, dword ptr [ebp-70h]
push eax
lea eax, dword ptr [ebp-60h]
push eax
call dword ptr [0043C240h]
push 004440E4h
push 00444000h

Rich Headers

Programming Language:

[C++] VS98 (6.0) SP6 build 8804
[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x418e8	0xdc	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x81000	0xf8d68	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x72200	0x2908	.data
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x3c000	0x634	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x3a2ea	0x3a400	979724df3711a870677cfb26c430abd1	False	0.5212957685085837	data	6.867077590981686	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x3c000	0x77cc	0x7800	91c6ff2fd3bb8dc0dd623e04098000ef	False	0.3382161458333333	data	4.707298007686286	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x44000	0x3c8fc	0x12200	044dced594e170048a01f833f33579cd	False	0.8952586206896552	data	7.634244653448693	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x81000	0xf8d68	0xf8e00	626056e55bb235472731bc6f5fa2a38b	False	0.6497883051858363	data	7.300439922564435	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
PNG	0x81f6c	0xefec	data			0.9566916313904266
TEXTINCLUDE	0x90f58	0x49	ASCII text, with CRLF line terminators			1.0136986301369864
RT_BITMAP	0x90fa4	0x3668	Device independent bitmap graphic, 512 x 54 x 4, image size 13824, 16 important colors	German	Germany	0.16082711085582999
RT_BITMAP	0x9460c	0xe8	Device independent bitmap graphic, 16 x 16 x 4, image size 128	German	Germany	0.3620689655172414
RT_BITMAP	0x946f4	0xd4	Device independent bitmap graphic, 18 x 9 x 4, image size 108	German	Germany	0.42924528301886794
RT_BITMAP	0x947c8	0x158	Device independent bitmap graphic, 32 x 15 x 4, image size 240	German	Germany	0.3081395348837209
RT_BITMAP	0x94920	0xd4	Device independent bitmap graphic, 18 x 9 x 4, image size 108, resolution 2867 x 2867 px/m, 16 important colors	German	Germany	0.6132075471698113
RT_BITMAP	0x949f4	0x3e8	Device independent bitmap graphic, 112 x 16 x 4, image size 896	German	Germany	0.303
RT_BITMAP	0x94ddc	0x4e8	Device independent bitmap graphic, 48 x 48 x 4, image size 1152	German	Germany	0.04856687898089172
RT_BITMAP	0x952c4	0x4e8	Device independent bitmap graphic, 48 x 48 x 4, image size 1152	German	Germany	0.04856687898089172
RT_BITMAP	0x957ac	0x4e8	Device independent bitmap graphic, 48 x 48 x 4, image size 1152	German	Germany	0.04856687898089172
RT_BITMAP	0x95c94	0x4e8	Device independent bitmap graphic, 48 x 48 x 4, image size 1152	German	Germany	0.04856687898089172
RT_BITMAP	0x9617c	0x1aa8	Device independent bitmap graphic, 128 x 105 x 4, image size 6720	German	Germany	0.011137162954279016
RT_BITMAP	0x97c24	0x4e8	Device independent bitmap graphic, 48 x 48 x 4, image size 1152	English	United States	0.04856687898089172
RT_BITMAP	0x9810c	0xd10	Device independent bitmap graphic, 144 x 45 x 4, image size 3240	German	Germany	0.0215311004784689
RT_BITMAP	0x98e1c	0x4e8	Device independent bitmap graphic, 48 x 48 x 4, image size 1152	German	Germany	0.04856687898089172
RT_ICON	0x99304	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	German	Germany	0.3398014440433213
RT_ICON	0x99bac	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	German	Germany	0.24783236994219654
RT_ICON	0x9a114	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 192	German	Germany	0.3783783783783784
RT_ICON	0x9a23c	0x2e8	Device independent bitmap graphic, 32 x 64 x 4, image size 640	German	Germany	0.1827956989247312
RT_ICON	0x9a524	0x128	Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colors	German	Germany	0.2668918918918919
RT_ICON	0x9a64c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	German	Germany	0.7322695035460993
RT_ICON	0x9aab4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	German	Germany	0.4294090056285178
RT_ICON	0x9bb5c	0x368	Device independent bitmap graphic, 16 x 32 x 24, image size 832	German	Germany	0.6353211009174312
RT_ICON	0x9bec4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	German	Germany	0.5032833020637899
RT_ICON	0x9cf6c	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	German	Germany	0.3432080924855491
RT_DIALOG	0x9d4d4	0xbc	data	German	Germany	0.7287234042553191
RT_DIALOG	0x9d590	0x98	data	German	Germany	0.7763157894736842
RT_DIALOG	0x9d628	0x5a	data	German	Germany	0.8111111111111111
RT_DIALOG	0x9d684	0xa4	data	German	Germany	0.7012195121951219
RT_DIALOG	0x9d728	0xa8	data	German	Germany	0.7797619047619048
RT_DIALOG	0x9d7d0	0x3b6	data	German	Germany	0.4610526315789474
RT_DIALOG	0x9db88	0x36	data	German	Germany	0.7962962962962963
RT_DIALOG	0x9dbc0	0xca	data	German	Liechtenstein	0.6782178217821783
RT_DIALOG	0x9dc8c	0xb6	data	German	Germany	0.6813186813186813
RT_DIALOG	0x9dd44	0x80	data	German	Germany	0.796875
RT_DIALOG	0x9ddc4	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9de54	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9dee4	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9df74	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9e004	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9e094	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9e124	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9e1b4	0xa6	data	German	Germany	0.7469879518072289
RT_DIALOG	0x9e25c	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9e2ec	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9e37c	0x90	data	German	Germany	0.7361111111111112
RT_DIALOG	0x9e40c	0xf2	data			0.6776859504132231
RT_STRING	0x9e500	0x80	data	German	Germany	0.453125
RT_STRING	0x9e580	0x50	data	German	Germany	0.6625
RT_GROUP_ICON	0x9e5d0	0x22	data	German	Germany	0.9705882352941176
RT_GROUP_ICON	0x9e5f4	0x14	data	German	Germany	1.25
RT_GROUP_ICON	0x9e608	0x14	data	German	Germany	1.2
RT_GROUP_ICON	0x9e61c	0x14	data	German	Germany	1.2
RT_GROUP_ICON	0x9e630	0x14	data	German	Germany	1.25
RT_GROUP_ICON	0x9e644	0x14	data	German	Germany	1.25
RT_GROUP_ICON	0x9e658	0x14	data	German	Germany	1.2
RT_GROUP_ICON	0x9e66c	0x14	data	German	Germany	1.25
RT_GROUP_ICON	0x9e680	0x14	data	German	Germany	1.25
RT_VERSION	0x9e694	0x45c	data			0.3888888888888889
RT_VXD	0x9eaf0	0x57a36	PC bitmap, Windows 3.x format, 45030 x 2 x 53, image size 359391, cbSize 358966, bits offset 54			0.9471816272293198
RT_ANIICON	0xf6528	0xcc4b	PC bitmap, Windows 3.x format, 7458 x 2 x 49, image size 52506, cbSize 52299, bits offset 54			0.42759899806879675
RT_ANIICON	0x103174	0x8993	PC bitmap, Windows 3.x format, 5185 x 2 x 43, image size 35726, cbSize 35219, bits offset 54			0.4152872029302365
RT_ANIICON	0x10bb08	0xbdb9	PC bitmap, Windows 3.x format, 6970 x 2 x 44, image size 48619, cbSize 48569, bits offset 54			0.349914554551257
RT_ANIICON	0x1178c4	0x34e8c	PC bitmap, Windows 3.x format, 27810 x 2 x 43, image size 217639, cbSize 216716, bits offset 54			0.472466269218701
RT_ANIICON	0x14c750	0x2d14e	PC bitmap, Windows 3.x format, 23452 x 2 x 48, image size 184806, cbSize 184654, bits offset 54			0.498548636910113
RT_MANIFEST	0x1798a0	0x334	XML 1.0 document, ASCII text, with CRLF line terminators			0.4975609756097561
None	0x179bd4	0xaa	data	German	Germany	0.40588235294117647
None	0x179c80	0xaa	data	German	Germany	0.40588235294117647
None	0x179d2c	0xc	Windows metafile	German	Germany	1.5
None	0x179d38	0xc	data	German	Germany	1.6666666666666667
None	0x179d44	0x22	data	German	Germany	1.0

Imports

DLL	Import
KERNEL32.dll	GetStartupInfoW, CreateThread, TerminateThread, FindFirstFileW, FindClose, FormatMessageW, GetEnvironmentVariableW, GetComputerNameW, GetLocaleInfoW, Sleep, LocalFree, CreateMutexW, MulDiv, lstrcpynW, OutputDebugStringA, GetLocalTime, GetPrivateProfileStringW, WritePrivateProfileStringW, CreateDirectoryW, GetUserDefaultLangID, GetFileAttributesW, InitializeCriticalSection, DeleteCriticalSection, GlobalHandle, FreeResource, DeleteFileW, lstrcmpW, lstrcatW, CopyFileW, GetTempPathW, GetTimeZoneInformation, GetModuleFileNameW, GetModuleHandleW, GetCurrentThreadId, GetVersionExW, GlobalReAlloc, FindResourceW, LoadResource, LockResource, FreeLibrary, LoadLibraryW, GetProcAddress, lstrlenA, InterlockedDecrement, InterlockedIncrement, GetLastError, WriteFile, CreateFileW, GetFileSize, ReadFile, CloseHandle, OutputDebugStringW, lstrcmpiW, GlobalSize, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, EnterCriticalSection, LeaveCriticalSection, lstrlenW, GetCurrentProcess, FlushInstructionCache, lstrcpyW, InterlockedExchange
USER32.dll	GetWindowRect, IsWindowVisible, FindWindowExW, PtInRect, GetCursorPos, ScreenToClient, GetWindowTextW, GetDlgCtrlID, GetScrollPos, SetWindowTextW, GetKeyState, SetFocus, LoadCursorW, SendMessageW, RegisterClassExW, CreateWindowExW, LoadImageW, GetWindowLongW, GetSysColor, DefWindowProcW, CallWindowProcW, SetMenuItemInfoW, EndDialog, SystemParametersInfoW, CharNextW, EnumClipboardFormats, GetClipboardFormatNameW, GetClipboardData, MessageBoxW, RegisterClipboardFormatW, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, SetWindowLongW, EnumChildWindows, CharLowerW, SetParent, CopyRect, DestroyWindow, PostQuitMessage, KillTimer, GetActiveWindow, SetTimer, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, CreateDialogParamW, GetSystemMetrics, MapWindowPoints, GetSysColorBrush, ReleaseDC, GetDC, GetClientRect, GetDlgItem, LoadBitmapW, SetWindowPos, ShowWindow, IsDialogMessageW, GetParent, IsChild, GetFocus, TrackPopupMenuEx, DestroyMenu, GetWindow, CreateDialogIndirectParamW, GetClassInfoExW, RegisterWindowMessageW, GetWindowTextLengthW, EndPaint, FillRect, BeginPaint, IsWindow, RedrawWindow, GetClassNameW, GetDesktopWindow, CreateAcceleratorTableW, wsprintfW, LoadStringW, ReleaseCapture, GetIconInfo, SetCapture, DrawAnimatedRects, DestroyIcon, CopyImage, GetKeyboardState, MessageBoxA, DrawEdge, GetCapture, SetCursor, GetMessagePos, GetSubMenu, SetRectEmpty, GetWindowPlacement, RegisterHotKey, UnregisterHotKey, UnhookWindowsHookEx, SetDlgItemTextW, GetDlgItemTextW, EnableWindow, IsCharLowerW, SendMessageA, EnableMenuItem, CheckMenuItem, GetForegroundWindow, GetWindowThreadProcessId, AttachThreadInput, GetCaretPos, SetRect, SetForegroundWindow, SetActiveWindow, GetMenuItemRect, GetMenuItemCount, GetMenuState, GetMenuItemID, CreatePopupMenu, CharUpperW, keybd_event, MapVirtualKeyW, DialogBoxParamW, GetDlgItemInt, UpdateWindow, LoadIconW, LoadAcceleratorsW, EnumWindows, SendMessageTimeoutW, AppendMenuW, DrawFocusRect, InflateRect, IntersectRect, IsRectEmpty, ClientToScreen, MoveWindow, PostMessageW, SetWindowsHookExW, CallNextHookEx, GetWindowDC, GetMenuItemInfoW, OffsetRect, SetPropW, InvalidateRgn, DrawTextW, InvalidateRect, CreateIconIndirect
GDI32.dll	LPtoDP, RestoreDC, LineTo, MoveToEx, CreatePen, SaveDC, DPtoLP, CreatePatternBrush, SetBitmapBits, GetBitmapBits, SetPixel, GetPixel, SetWindowOrgEx, GetBkColor, ExcludeClipRect, SetPixelV, GetTextExtentPoint32W, OffsetWindowOrgEx, GetClipBox, CreateSolidBrush, GetDeviceCaps, CreateDCW, CreateEnhMetaFileW, CloseEnhMetaFile, SelectPalette, RealizePalette, CreateCompatibleBitmap, GetCurrentObject, CreateBitmap, GetStockObject, SetBkMode, SetTextColor, GetDIBits, GetObjectW, CreateDIBSection, CreateCompatibleDC, SelectObject, SetBkColor, ExtTextOutW, CreateFontIndirectW, DeleteObject, BitBlt, DeleteDC, PatBlt
comdlg32.dll	GetOpenFileNameW
ADVAPI32.dll	CryptAcquireContextW, CryptDestroyHash, CryptReleaseContext, CryptHashData, CryptGetHashParam, RegDeleteValueW, RegSetValueExW, RegCloseKey, RegCreateKeyExW, RegQueryValueExW, RegOpenKeyW, GetUserNameW, CryptCreateHash, OpenProcessToken, GetTokenInformation, RegOpenKeyExW
SHELL32.dll	SHGetFileInfoW, SHAppBarMessage, Shell_NotifyIconW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, SHGetSpecialFolderPathW, ShellExecuteW, ShellExecuteExW
ole32.dll	RegisterDragDrop, CreateStreamOnHGlobal, CoInitialize, CoCreateInstance, OleInitialize, OleUninitialize, CLSIDFromProgID, CLSIDFromString, StringFromCLSID, OleLockRunning, CoTaskMemAlloc, DoDragDrop, CoTaskMemFree
OLEAUT32.dll	VariantTimeToSystemTime, OleCreateFontIndirect, SysAllocStringLen, SafeArrayDestroy, VariantInit, SafeArrayCreateVector, SafeArrayAccessData, SafeArrayUnaccessData, SysAllocString, SysStringLen, LoadRegTypeLib, DispCallFunc, VariantClear, SysFreeString, SystemTimeToVariantTime
COMCTL32.dll	ImageList_ReplaceIcon, ImageList_GetIcon, ImageList_GetImageCount, ImageList_Create, ImageList_Add, ImageList_Draw, ImageList_LoadImageW, InitCommonControlsEx, ImageList_DrawEx

Possible Origin

Language of compilation system	Country where language is spoken	Map
German	Germany
English	United States
German	Liechtenstein

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-11-25T18:03:34.268004+0100	2035595	ET MALWARE Generic AsyncRAT Style SSL Cert	1	64.95.10.19	56001	192.168.2.12	49719	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 25, 2024 18:03:32.747004032 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:32.874039888 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:32.874139071 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:32.879654884 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:33.000081062 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:33.085032940 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:33.205506086 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:34.141583920 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:34.141661882 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:34.141735077 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:34.147566080 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:34.268003941 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:34.574831009 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:34.750193119 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:35.538220882 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:35.658703089 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:35.658756971 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:35.779825926 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:39.669173956 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:39.859616995 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:39.870390892 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:39.881263971 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.001909971 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.002182007 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.126776934 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.404522896 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.404917002 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.404928923 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.404941082 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.405153990 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.405153990 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.405168056 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.413611889 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.413691044 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.413952112 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.421787024 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.421900988 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.422060966 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.430330038 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.430444002 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.430535078 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.438827038 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.438843966 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.438904047 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.447359085 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.447372913 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.447468042 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.712291956 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.712308884 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.712380886 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.813601971 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813621044 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813632965 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813644886 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813657045 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813668013 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813724995 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813735962 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813786030 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813785076 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.813785076 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.813786030 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.813800097 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813811064 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813822985 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813843012 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813853979 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813858986 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.813874960 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813889027 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813904047 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.813904047 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.813916922 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813927889 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813939095 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813949108 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813960075 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813972950 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.813987017 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.813987017 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.814006090 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.814018965 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.814117908 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.814130068 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.814173937 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.814173937 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.814173937 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.814173937 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.839143991 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.839178085 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.839591026 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.842701912 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.842763901 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.842895031 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.934875011 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.935005903 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.935868025 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.938535929 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.938638926 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.938898087 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.946331978 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.946408987 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.946496010 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.954071045 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.954279900 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.954381943 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.961780071 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.961905956 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.961966038 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.970561028 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.970673084 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.970814943 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.976957083 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.977030993 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.978898048 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.982574940 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.982682943 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.982897997 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.988020897 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.988136053 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.988403082 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.993732929 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.993956089 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.994261026 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:40.999746084 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.999914885 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:40.999984980 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.005825043 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.005948067 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.006361008 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.010962009 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.011044979 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.011188030 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.015964985 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.016084909 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.017143011 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.021080971 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.021429062 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.021487951 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.026716948 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.026793003 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.026875019 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.032182932 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.032268047 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.033463001 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.037718058 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.037930012 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.038113117 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.043150902 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.043297052 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.044255972 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.048747063 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.048856020 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.051343918 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.054300070 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.054371119 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.054546118 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.060132980 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.060182095 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.060666084 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.065291882 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.065382957 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.065428972 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.070797920 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.070899963 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.073693037 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.076387882 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.076553106 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.077023983 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.081830978 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.081897974 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.083331108 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.087418079 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.087518930 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.087702036 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.092819929 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.092945099 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.093015909 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.098407030 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.098747969 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.098906994 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.104218006 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.104305029 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.104723930 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.109368086 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.109469891 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.109569073 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.115004063 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.115221977 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.115304947 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.120649099 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.120712042 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.120809078 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.126003027 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.126089096 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.126152039 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.131582022 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.131716013 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.131791115 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.136841059 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.136951923 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.137044907 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.141815901 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.141866922 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.141949892 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.146640062 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.146779060 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.146882057 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.151267052 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.151412964 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.151488066 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.155786037 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.155831099 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.155934095 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.160847902 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.160861969 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.160933971 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.164808035 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.164879084 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.164978027 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.168272018 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.168339968 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.168457985 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.172705889 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.172765970 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.172816038 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.176422119 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.176537037 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.176601887 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.180639029 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.180777073 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.181046963 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.184223890 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.184370995 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.184468985 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.187621117 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.187665939 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.187778950 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.191066027 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.191287994 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.191332102 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.194797039 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.194940090 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.196827888 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.196928024 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.196949005 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.196997881 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.198987961 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.199115038 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.199189901 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.201133966 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.201280117 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.201745033 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.203522921 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.203605890 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.203689098 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.205432892 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.205534935 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.205795050 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.207582951 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.207809925 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.207869053 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.209671974 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.209790945 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.209986925 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.211807966 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.211919069 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.211986065 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.213923931 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.214030981 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.214155912 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.216068983 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.216176033 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.216231108 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.219615936 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.245243073 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.245351076 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.245409012 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.246175051 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.246234894 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.246411085 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.248202085 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.248311996 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.248387098 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.250273943 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.250339031 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.250380993 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.252403975 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.252480030 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.252540112 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.254276037 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.254390001 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.254390001 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.256309986 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.256366968 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.256393909 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.258569956 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.258621931 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.258686066 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.260782957 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.260795116 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.260850906 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.262377977 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.262420893 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.262434959 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.264494896 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.264606953 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.264681101 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.266437054 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.266449928 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.266520977 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.268418074 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.268529892 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.268614054 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.270428896 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.270451069 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.270529985 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.272612095 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.272696018 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.272758007 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.274419069 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.274528027 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.274579048 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.276443958 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.276623011 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.276730061 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.278403044 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.278456926 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.278536081 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.280353069 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.280459881 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.280544996 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.282341957 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.282423019 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.282437086 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.284399033 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.284451962 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.284503937 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.286300898 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.286410093 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.286458969 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.288160086 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.288261890 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.288333893 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.290476084 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.290518999 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.290555000 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.292768955 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.292789936 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.292836905 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.294753075 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.294840097 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.294898987 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.297135115 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.297230959 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.297431946 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.298626900 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.298737049 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.298774958 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.300090075 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.300147057 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.300239086 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.301605940 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.301817894 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.301826954 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.303423882 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.303517103 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.303520918 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.305166960 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.305269957 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.305392981 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.307039022 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.307143927 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.307239056 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.308840990 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.308927059 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.308959007 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.310651064 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.310772896 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.310853958 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.312670946 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.312772036 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.312829018 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.314311028 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.314517021 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.314573050 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.316065073 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.316344023 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.316414118 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.317909002 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.318017960 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.318123102 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.319658041 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.319807053 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.319874048 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.321650982 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.321722031 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.321813107 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.323611975 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.323745966 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.323833942 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.324960947 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.325037956 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.325123072 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.326555014 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.326630116 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.326703072 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.328310013 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.328363895 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.328419924 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.329936028 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.329993963 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.330136061 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.331582069 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.331684113 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.331801891 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.333246946 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.333316088 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.333343029 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.334836006 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.334887028 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.334939003 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.336596966 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.336653948 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.336682081 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.338411093 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.338423967 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.338489056 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.339674950 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.342528105 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.448884964 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.448923111 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.449161053 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.449229956 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.449238062 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.450045109 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.450128078 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.450236082 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.450865984 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.450941086 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.451091051 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.451412916 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.451740026 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.451801062 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.451853037 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.452584982 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.452686071 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.453418016 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.453560114 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.453566074 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.453629017 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.454333067 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.454540014 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.454942942 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.455159903 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.455214024 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.455279112 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.456018925 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.456207037 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.456276894 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.456824064 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.456929922 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.457010031 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.457690954 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.457751036 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.457828045 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.458916903 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.458937883 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.458993912 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.459494114 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.459584951 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.459640980 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.460170984 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.460313082 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.461055994 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.461097002 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.461180925 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.461261034 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.461894989 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.461949110 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.462682009 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.462728977 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.462764978 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.462960958 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.463725090 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.463900089 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.464013100 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.464572906 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.464651108 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.464782953 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.465239048 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.465356112 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.465426922 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.466136932 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.466358900 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.466413021 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.466932058 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.467068911 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.467148066 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.467689991 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.467781067 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.468489885 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.468553066 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.468646049 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.469495058 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.469562054 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.469634056 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.469679117 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.470202923 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.470300913 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.470360041 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.470988989 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.471084118 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.471211910 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.471803904 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.471836090 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.471899033 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.472657919 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.472788095 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.472877979 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.473402977 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.473465919 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.473563910 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.474268913 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.474348068 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.474459887 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.475081921 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.475183010 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.475433111 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.475893974 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.476053953 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.476102114 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.476846933 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.476897955 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.476969004 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.477580070 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.477720976 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.477813005 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.478363991 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.478492022 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.478940964 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.479147911 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.479280949 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.479332924 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.480072021 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.480181932 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.480247021 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.480874062 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.480988026 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.481405020 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:41.481580973 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:41.547090054 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:48.826325893 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:48.947148085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:48.947341919 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:48.948405027 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:49.069540977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:49.070935011 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:49.198147058 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:50.133071899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:50.133711100 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:50.254276037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:50.254699945 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:50.375118017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.252513885 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:51.252913952 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:51.376322031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376699924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376740932 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376830101 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376838923 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376955032 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376965046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376972914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376974106 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:51.376982927 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.376993895 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.377002001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.497833014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.525681019 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:51.525801897 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:51.652920961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.652935982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.652947903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.653022051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.653202057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.653211117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.653310061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.653318882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.852335930 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:51.852442026 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:51.973064899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.973259926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.973294973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.973373890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.973475933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:51.973505020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.083178997 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:52.083178997 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:52.204226971 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.204297066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.204329967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.204463959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.204498053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.204590082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.530078888 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:52.530498981 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:52.650590897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651019096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651035070 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651146889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651158094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651174068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651452065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651462078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651473045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651547909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651556969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:52.651566982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.230195999 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:53.230243921 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:53.350704908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.350713968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.350840092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.350843906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.350939989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.350990057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.351052999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.351094961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.351269007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.351273060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.351372957 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:53.351411104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.068202972 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:54.068202972 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:54.189003944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189026117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189150095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189189911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189222097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189299107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189393044 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189404011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189439058 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189448118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189475060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.189534903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.336642981 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:54.336642981 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:54.457571030 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.457597017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.457606077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.457700968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.457751036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.457879066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.457887888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.457951069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.457995892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.458041906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.458075047 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.458162069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.585741043 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:54.585880041 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:54.710031033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710139036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710169077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710185051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710263014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710300922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710347891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710356951 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710536957 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710546970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710647106 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.710656881 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.784310102 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:54.784410954 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:54.904927015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.904968977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905036926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905066013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905114889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905143023 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905193090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905221939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905249119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905298948 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905325890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:54.905353069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.042485952 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:55.042639017 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:55.164419889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.164527893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.164674997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.164710045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.164737940 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.164843082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.164870977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.164896965 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.164988995 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.165154934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.165182114 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.165209055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.587522030 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:55.587522030 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:55.712106943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712152958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712233067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712265968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712330103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712363005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712476015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712503910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712599039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712650061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.712965965 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:55.713011026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.030653954 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.033786058 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.151350021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154267073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154303074 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154360056 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154371023 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154380083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154599905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154609919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154817104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.154917002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.155042887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.155051947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.357043982 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.357172966 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.480096102 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.480566025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.480618954 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.480787039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.480834007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.480938911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.480957031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.481004000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.481040955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.481065035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.481096029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.481151104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.604391098 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.604473114 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.729423046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729480028 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729490042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729501963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729561090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729569912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729649067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729667902 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729720116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729758978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729809046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.729850054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.832773924 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.832835913 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.953172922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953290939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953299999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953478098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953522921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953743935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953752995 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953761101 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953769922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953778982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953794003 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.953804016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:56.991252899 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:56.991328955 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.111903906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.111918926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.111931086 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.111989975 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.111999035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.112051010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.112148046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.112158060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.112165928 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.112214088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.112224102 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.112271070 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.112283945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.147025108 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.147202969 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.267410040 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.267597914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.267662048 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.267672062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.267883062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.267977953 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.268142939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.268182993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.268322945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.268378019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.268493891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.268587112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.268595934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.302737951 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.302830935 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.423729897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.423862934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.423904896 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.423974991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.424020052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.424052000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.424099922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.424149036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.424175024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.424257994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.424329996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.424362898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.443887949 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.444010019 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.565903902 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.565952063 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566008091 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566040039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566138029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566297054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566323996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566442966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566471100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566587925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566811085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.566915035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.584696054 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.584805012 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.706922054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.706983089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707063913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707110882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707192898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707237005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707289934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707357883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707442045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707496881 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707722902 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.707751036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.741703033 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.741802931 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.865892887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.865977049 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866151094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866245985 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866296053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866344929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866457939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866581917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866610050 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866641998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866672039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.866719961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:57.883467913 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:57.883697033 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.004937887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005109072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005206108 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005390882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005399942 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005459070 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005469084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005475998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005486012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005616903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005625963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.005635023 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.021651983 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.021760941 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.142232895 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142250061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142268896 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142277002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142359018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142471075 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142510891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142550945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142601013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142649889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142735958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.142755032 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.164324999 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.164499998 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.286973000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287048101 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287098885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287151098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287179947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287206888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287286043 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287336111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287388086 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287437916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287575006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.287604094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.318412066 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.318492889 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.460076094 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.578063011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578219891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578248978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578373909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578402042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578486919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578514099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578630924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578680992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.578999043 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.579025984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.598109961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.600123882 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.666928053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.670030117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.670067072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.672993898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.673023939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.673055887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.678503036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.698113918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.698131084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.698328018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721025944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721049070 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721194029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721255064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721263885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721304893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721380949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721390963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721443892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721452951 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.721493006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.756609917 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.756736994 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.877290010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877506971 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877558947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877573967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877580881 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877583027 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877665997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877731085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877882004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.877927065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.878062963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.878082991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:58.895261049 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:58.895359993 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.017826080 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.017900944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.017910004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018060923 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018069983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018184900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018193960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018203974 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018253088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018369913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018378973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.018388987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.036287069 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.036287069 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.158154964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158181906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158237934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158294916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158392906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158401966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158559084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158571959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158598900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158727884 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.158737898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.177752972 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.177886963 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.304951906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305021048 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305149078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305270910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305320024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305468082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305479050 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305567026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305651903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305738926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305818081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.305927992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.333870888 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.333997011 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.458682060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.458777905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.458787918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.458839893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.458921909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.458931923 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.458942890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.459069967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.459079981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.459220886 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.459229946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.459295988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.490375042 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.490520000 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.611399889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.611464024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.611515999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.611613035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.611622095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.611643076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.611891031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.611900091 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.612037897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.612047911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.612225056 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.612234116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.630609035 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.630791903 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.751158953 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751194000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751293898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751485109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751497984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751535892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751655102 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751688004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751730919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751770020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751818895 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.751877069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.787667036 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.787806988 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.908046007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908200026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908267021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908319950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908382893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908395052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908552885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908597946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908735037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908824921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908970118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.908979893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:03:59.943331003 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:03:59.943485022 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.064102888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064255953 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064383984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064393997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064567089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064598083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064691067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064734936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064867020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.064928055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.065030098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.130986929 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.131030083 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.251725912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.251744032 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.251831055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.251980066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.252125978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.252224922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.252361059 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.252399921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.252448082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.252496004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.252561092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.287503004 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.287697077 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.408190966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408277035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408287048 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408349037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408359051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408413887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408422947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408507109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408515930 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408629894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408639908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.408647060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.444104910 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.444252968 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.565901041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.565943956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.565999985 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566030025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566059113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566086054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566137075 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566179991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566230059 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566256046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566304922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.566332102 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.600145102 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.600362062 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.722366095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722532034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722599030 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722652912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722714901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722743034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722793102 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722821951 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722853899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722902060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.722997904 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.723026037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.739603996 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.739701986 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.860812902 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.860867977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.860929012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861049891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861058950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861107111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861125946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861191988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861218929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861232996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861279964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.861321926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:00.896975040 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:00.897231102 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.018630028 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.018867970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.018909931 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.018922091 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.019012928 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.019020081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.019167900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.019180059 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.019200087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.019208908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.019256115 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.019268036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.037559032 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.037707090 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.159779072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.159797907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.159817934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.159827948 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.159892082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.159950018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.160048962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.160072088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.160196066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.160217047 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.160314083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.182241917 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.182379007 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.310097933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310132027 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310143948 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310247898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310257912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310379028 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310430050 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310535908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310545921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310583115 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310592890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.310601950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.332910061 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.333092928 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.479732990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.479788065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.479798079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.479940891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.479960918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.480000973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.480024099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.480118036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.480171919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.480205059 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.480257988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.521622896 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.521789074 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.643228054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643310070 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643424034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643471956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643600941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643666029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643771887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643790007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643949032 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643959999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.643968105 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.662564993 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.662699938 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.802771091 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:01.829463005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829478025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829488993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829493999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829497099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829504967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829514980 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829521894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829530954 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829540014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829549074 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.829556942 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:01.942894936 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.033556938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033571005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033576012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033584118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033593893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033601999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033612013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033622026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033629894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033638954 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.033653975 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.063901901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064001083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064009905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064059973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064125061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064136028 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064209938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064218998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064311981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064320087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.064382076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.083029985 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.083194971 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.205178022 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205221891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205248117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205338001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205348969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205419064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205427885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205471992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205482960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205532074 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205564022 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.205574989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.227157116 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.227246046 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.350779057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.350806952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.350856066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.350866079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.350951910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.350960970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.350980997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.350990057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.351083994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.351092100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.351182938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.365869045 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.366087914 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.486499071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486565113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486578941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486649990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486663103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486685038 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486696959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486788034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486808062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486888885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.486901045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.709605932 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.709717035 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.850868940 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.850899935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.854445934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.854489088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.854614973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.854676008 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.854687929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.866020918 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:02.885097027 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.885143042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.888870001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.888906956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.889373064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.989993095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.990089893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.990103960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.990150928 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.990175962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.990267992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.990293026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:02.994422913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.007905006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.007939100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.011663914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.056216955 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.056406021 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.177473068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.177637100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.177746058 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.177757025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.177829981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.177843094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.177890062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.177901030 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.177973986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.178046942 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.178061962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.178066015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.178127050 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.251071930 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.251230001 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.371797085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.371834993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.371845961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.371855021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.371864080 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.371896982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.371968031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.371977091 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.372109890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.372131109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.372226954 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.372279882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.372318983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.398930073 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.399115086 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.520121098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520179987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520231009 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520299911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520309925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520409107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520430088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520603895 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520770073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.520809889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.557718992 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.557810068 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.678318977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.678356886 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.678417921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.678514957 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.678601980 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.678802013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.678812027 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.706315041 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.734915972 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.735032082 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.828949928 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.829114914 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.856054068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.856132984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.856317043 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.856328011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.856417894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.856607914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:03.885220051 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.885334015 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:03.949600935 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.005846977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.005865097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.005892992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.006027937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.006110907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.006155968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.006186008 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.037197113 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.037303925 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.157891035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.157921076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.158071041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.158212900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.158288956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.158334970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.158410072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.176821947 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.176959991 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.226366043 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.281618118 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.298341990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.298547983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.298741102 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.298921108 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.298983097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.299057007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.299067020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.339890003 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.340034008 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.427334070 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.432260036 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.462631941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.462966919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.463057041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.463157892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.463166952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.463213921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.463231087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.489767075 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.489908934 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.554286957 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.554470062 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.611047983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.611085892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.611279011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.611427069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.611578941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.611728907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.611763000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.631367922 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.633049965 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.674930096 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.753089905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.754643917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.754699945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.754991055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.755328894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.772181034 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.772315979 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.892544985 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.892818928 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.892910004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.892971992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.893078089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.893130064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.893191099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:04.913288116 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:04.913403988 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.033885956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.033904076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.033919096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.034061909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.034104109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.034187078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.034291029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.062397957 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.062508106 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.182861090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.182987928 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.183082104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.183183908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.183293104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.183398008 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.183413029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.223964930 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.224087954 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.344829082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.344870090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.345005035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.345071077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.345082998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.345133066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.345145941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.381268978 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.381391048 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.502933025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.503170967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.503257990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.503451109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.503563881 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.503705978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.521064997 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.521163940 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.641679049 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.641798019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.641900063 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.641942024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.642034054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.642115116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.642127037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.678308010 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.678405046 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.799308062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.799427986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.799506903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.799585104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.799631119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.799738884 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.799751997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.817851067 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.817967892 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.938556910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.938628912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.938749075 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.938847065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.938870907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.939090967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:05.990462065 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:05.990609884 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.112683058 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.112735987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.112967014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.113204956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.113284111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.152739048 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.152873039 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.277137041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.277674913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.334932089 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.335078955 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.467552900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.467566013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.467680931 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.467689991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.467730999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.467847109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.473295927 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.473444939 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.597347021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.597369909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.598546028 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.599710941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.600833893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.602217913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.602256060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.614710093 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.614852905 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.744504929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.745110989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.779747963 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.892860889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.893027067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.893172026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.893367052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.893410921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.900404930 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.933217049 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:06.979923010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:06.986455917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.000375032 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.002974033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.003031969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.097245932 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.100236893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.121267080 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.121293068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.123368979 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.130544901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.133120060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.220596075 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.228924990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.239803076 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.241565943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.243609905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.250895977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.251111031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.361882925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.363883018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.371862888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.372082949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.375047922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.375854969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.380842924 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.380984068 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.513319969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.513391972 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.520149946 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.529647112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.533305883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.538429976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.547245026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.547255993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.640767097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.640897989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.640927076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.649878979 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.649905920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.663047075 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.663204908 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.784622908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.794661999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.798249960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.804708004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.818840027 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.837194920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.841895103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.842221022 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.957864046 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:07.971440077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.987070084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:07.993192911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.027167082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.032392979 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.032603025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.080703974 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.083306074 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.089592934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.092288017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.116441965 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.116552114 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.240303993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.240340948 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.240381956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.240499973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.242039919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.268873930 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.274164915 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.277642012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.396533966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.396626949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.396641016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.396650076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.396795034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.396924973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.412090063 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.412204027 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.533070087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.533128977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.533152103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.533346891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.533421993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.533505917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.533526897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.551808119 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.551964998 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.679086924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.679277897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.679380894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.679435015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.679544926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.679670095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.679712057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.709889889 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.710033894 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.837126970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.837325096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.837414026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.837483883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.837600946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.837697029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.837708950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.858000040 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.858000040 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:08.983627081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.983645916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.983685970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.983752012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.983845949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:08.983855963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.006316900 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.006316900 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.132657051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.132807016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.132823944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.133032084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.133109093 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.133673906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.133699894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.149333000 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.149543047 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.276329041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.276539087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.276961088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.276982069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.276992083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.277000904 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.277009964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.317833900 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.317997932 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.444742918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.444979906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.445007086 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.445086002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.445184946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.445265055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.445297003 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.538635969 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.538741112 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.659058094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.659209967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.659385920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.659456015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.659590006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.659720898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.659872055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.809999943 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.810138941 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.939743996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.946186066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.963217974 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.967072964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.968668938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.969036102 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:09.981441975 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:09.981590033 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.104264021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.104422092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.104433060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.104444027 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.115169048 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.115573883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.179747105 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.179917097 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.300302982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.300393105 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.300503969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.300764084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.300874949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.300954103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.301024914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.318497896 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.318638086 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.445771933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.445895910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.445960999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.446043015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.483019114 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.487024069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.613703012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.613743067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.629874945 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.734644890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.771851063 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.781831026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.850915909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.856695890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.856837988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.857003927 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.857095003 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.857131004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.857228994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.857345104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.857491016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.857517958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.897015095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.902168036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.912153959 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:10.971558094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.977500916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.977514982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:10.977598906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.033143997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.033200026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.033210993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.033238888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.052027941 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.052177906 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.175743103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.175759077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.175776958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.175786018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.176083088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.193818092 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.193926096 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.319681883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.319699049 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.319746017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.319782019 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.319823980 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.319834948 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.319895983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.319950104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.332114935 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.440879107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.452981949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.453001022 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.453082085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.453114033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.453218937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.514461994 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.514544010 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.637125015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.637142897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.637367010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.637490034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.637600899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.637674093 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.637717962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.662796974 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.662915945 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.783552885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.783663988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.783747911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.783858061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.783925056 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.784065962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.784100056 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.818937063 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.819022894 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.939743042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.939785004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.939924002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.940001965 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.940151930 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.940366030 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.940376997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:11.977283955 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:11.977407932 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:12.159692049 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:12.212313890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.212512970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.212600946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.212941885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.280256987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.301043987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.302234888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.321394920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.321434975 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.321541071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.596268892 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:12.599119902 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:12.736975908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.737006903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.737247944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.757919073 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:12.781456947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.781478882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.781636953 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.781646967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.785787106 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.785798073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.786263943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.786273956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.786389112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.885255098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.885272026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.885292053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.885301113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.885308981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.908866882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.908901930 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.908911943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:12.971800089 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:12.971949100 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.093585968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.093599081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.093688011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.093815088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.093856096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.093924999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.093982935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.118741989 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.118864059 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.239557981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.239682913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.239820004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.239932060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.239940882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.240008116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.240016937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.260474920 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.260601044 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.385055065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.385072947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.385082006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.385090113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.385159016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.385324001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.385333061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.413732052 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.413875103 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.537522078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.537540913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.537755966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.537915945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.538034916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.538115978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.538141012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.571118116 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.571275949 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.691653967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.691687107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.691809893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.691926956 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.691993952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.692234993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.692244053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.711819887 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.711978912 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.835978031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.836280107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.836436987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.836910963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.837177992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.837187052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.854635000 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.854779005 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:13.975681067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.975802898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.975920916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.976082087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.976145983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.976241112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:13.976250887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.023983002 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.024116993 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.151218891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.151240110 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.151252031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.151838064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.151905060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.151966095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.151976109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.164365053 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.164530993 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.290328026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.290549994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.290664911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.290676117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.296509981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.315160990 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.318015099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.327800989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.435833931 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.435956001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.436098099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.436196089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.436296940 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.436306000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.466305971 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.466492891 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.587671995 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.588001013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.588057995 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.588067055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.588076115 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.588084936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.588093996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.619153023 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.619283915 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.740428925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.740624905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.740694046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.740853071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.741061926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.741071939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.741080999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.773372889 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.773507118 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.895710945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.896810055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.896842003 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.897583961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.897658110 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.897809982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.897850990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:14.931348085 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:14.931505919 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.051949024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.051956892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.051997900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.052071095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.052186966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.052259922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.052345037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.087641954 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.087785959 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.208225012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.208270073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.208312035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.208475113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.208517075 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.208652020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.208724976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.245254040 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.245390892 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.366040945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.366085052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.366091013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.366345882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.366482973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.366622925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.366672993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.450282097 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.450453043 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.570935011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.570952892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.571038008 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.571139097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.571269035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.571368933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.571382046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.767909050 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.768074989 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.888535023 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.888813972 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.888894081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.889015913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.889164925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.889231920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.889259100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:15.928082943 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:15.928246975 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.048604012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.048743010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.048831940 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.048940897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.049087048 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.049105883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.049114943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.119869947 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.119988918 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.242068052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.242291927 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.242389917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.242487907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.242640972 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.242767096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.242841005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.289803982 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.290015936 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.412740946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.412894011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.413007021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.413065910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.413173914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.413213968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.413331985 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.427550077 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.427643061 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.549348116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.549397945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.549462080 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.549519062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.549556971 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.549742937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.549846888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.567677021 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.567786932 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.688388109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.688669920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.688730955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.688882113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.689022064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.689157963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.725087881 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.725177050 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.845498085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.845693111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.845814943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.846899986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.847434998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.865504980 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:16.870158911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.872844934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.986152887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.986311913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.986323118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.986463070 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.990664005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:16.993314981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.020206928 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.020306110 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.140682936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.140727997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.140872002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.140978098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.141105890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.141231060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.141258001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.178453922 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.178565025 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.303720951 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.303858042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.304194927 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.317862034 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.324011087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.444165945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.444256067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.444382906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.444470882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.447551966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.450545073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.474839926 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.474961042 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.595457077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.595485926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.595599890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.595608950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.595643997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.595721960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.614105940 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.614238977 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.734921932 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.734961033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.734971046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.735281944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.735414982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.735460043 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.804734945 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.804861069 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.928917885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.928940058 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.929056883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.929131031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.929233074 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.929399967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:17.959287882 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:17.959466934 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.080199957 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.080246925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.080307961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.080337048 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.080363989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.080399036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.080425024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.124670029 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.124670029 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.248696089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.248724937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.248858929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.248958111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.249041080 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.249119043 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.249191046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.287795067 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.287955046 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.415436029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.416419029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.478290081 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.478394032 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.601047993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.601069927 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.601252079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.601330042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.601449013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.601587057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.601596117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.639946938 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.640108109 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.760773897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.760821104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.760832071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.761089087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.761157036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.761188030 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.873728991 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.873892069 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:18.994158030 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.994250059 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.994419098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.994544983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.994640112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:18.994693995 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.036062956 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.036180973 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.158384085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.158528090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.158663034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.158756018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.158826113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.159008026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.159029007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.187087059 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.187251091 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.308393002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.308609962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.308756113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.309078932 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.309135914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.309163094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.309190989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.335221052 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.335359097 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.455904007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.455945969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.456007004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.456091881 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.456222057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.456291914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.456309080 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.506448984 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.506616116 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.627018929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.627157927 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.627245903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.627479076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.627510071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.627614021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.627641916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.661914110 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.662163973 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.782599926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.782700062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.782751083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.782943964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.782995939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.783196926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.783231020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.819365978 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.819457054 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.942634106 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.942780018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.942790031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.943099976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.943110943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.943239927 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.943594933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:19.959965944 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:19.961083889 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.083343029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.084363937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.084393978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.084630013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.084641933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.084737062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.114751101 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.114861012 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.239247084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.239336014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.239471912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.239516020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.239618063 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.240073919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.240207911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.256293058 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.256400108 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.382160902 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.382277966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.382334948 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.382369995 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.382420063 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.382493973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.382525921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.396085978 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.396198034 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.516664028 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.516869068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.517033100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.517191887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.517338991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.517410994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.517438889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.553071976 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.553214073 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.674388885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.674560070 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.674645901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.674664021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.674731970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.674825907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.674837112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.708448887 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.708584070 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.829129934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.829158068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.829236984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.829329014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.829360962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.829430103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.829462051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:20.897878885 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:20.898029089 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.018563032 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.018593073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.018723965 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.018781900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.018824100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.018904924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.018989086 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.086400986 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.086517096 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.207437992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.207457066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.207556009 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.207650900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.207773924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.207829952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.207865000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.231193066 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.231416941 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.351634026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.351914883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.351950884 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.352026939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.352108002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.352247000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.352349997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.638340950 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.639031887 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.759001970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760063887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760155916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760164976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760202885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760214090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760219097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760266066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760405064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760421991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760438919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.760483980 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:21.818543911 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.818639040 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:21.961687088 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.020322084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.020339012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.020348072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.020356894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.020366907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.085047007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.085199118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.124772072 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.141879082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.141935110 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.248977900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.248999119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.249090910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.250488043 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.283502102 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.283667088 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.409982920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.410085917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.410098076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.410160065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.410278082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.410391092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.410399914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.444566965 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.444832087 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.565217018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.565440893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.565500975 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.565574884 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.565643072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.565788984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.565799952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.621870041 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.621988058 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.742418051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.742454052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.742589951 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.742837906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.743045092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.743139029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.743170023 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.791527033 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.791635036 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.912693977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.912713051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.912720919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.912859917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.912966013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.912981987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.913069010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:22.944596052 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:22.944700003 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.065375090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.065408945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.065448046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.065525055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.065646887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.065948963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.084805965 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.084911108 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.205537081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.205573082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.205643892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.205682039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.205773115 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.205853939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.205918074 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.223510027 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.223618031 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.344078064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.344099045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.344130039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.344255924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.344259977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.344392061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.344487906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.365859032 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.365968943 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.487155914 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.491812944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.521593094 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.521704912 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.642222881 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.642267942 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.642393112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.642486095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.642544031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.642643929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.642693043 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.663214922 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.663361073 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.783987999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.784012079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.784023046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.784091949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.784183025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.784410000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.784415007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.818558931 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.818558931 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:23.939523935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.939591885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.939656019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.939721107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.939786911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.939912081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:23.939958096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.007260084 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.007415056 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.130697966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.130713940 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.130722046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.130826950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.130892038 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.131007910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.131016970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.162075043 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.162237883 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.287599087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.287786961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.287798882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.288207054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.288250923 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.288846970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.288882017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.518503904 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.518774033 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.640758038 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.640837908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.640892029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.640994072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.641041040 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.641120911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.641161919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.729209900 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.729335070 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.854085922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.854104996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.854154110 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.854219913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.854289055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.854440928 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.854525089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:24.881303072 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:24.881401062 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.003978014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.004010916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.004056931 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.004122019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.004246950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.004369974 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.004400015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.041542053 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.041688919 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.162322044 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.162338972 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.162478924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.162827969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.162940979 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.163053989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.163141966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.210680008 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.210933924 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.331737041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.331851959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.331891060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.331954002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.331996918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.332189083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.332231998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.367331982 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.367466927 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.494661093 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.494741917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.494823933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.495172024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.495290041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.526290894 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.539114952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.651843071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.652101040 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.652224064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.652327061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.652422905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.652592897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.703847885 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.704008102 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.824662924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.824700117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.824762106 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.824887991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.824908972 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.824985981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.824997902 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.850821018 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.851000071 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.971482992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.971751928 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.971831083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.971878052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.971977949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.972037077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.972048044 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:25.996444941 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:25.996551991 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.118345022 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.118443966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.118614912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.118654013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.118777990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.118838072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.169379950 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.169518948 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.295001030 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.295047998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.295192003 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.295264006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.295424938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.295458078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.295615911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.318339109 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.318483114 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.445465088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.445848942 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.445938110 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.445993900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.462090015 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.468935013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.476027012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.490722895 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.599126101 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.654381990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.654812098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.733020067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.733112097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.740972042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.741063118 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.774494886 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.774585009 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.863209009 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.863256931 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.863286018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.863358974 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.863387108 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:26.880961895 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:26.881109953 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.001585960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.001614094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.001719952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.001889944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.001974106 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.002034903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.022058010 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.022172928 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.142503023 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.142637014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.142692089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.142703056 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.142764091 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.142895937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.142904997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.164069891 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.164185047 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.284996986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.285034895 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.285044909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.285140038 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.285279989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.285438061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.285456896 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.333832026 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.333959103 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.454808950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.454826117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.454927921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.455106020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.455214977 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.455290079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.455372095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.477279902 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.477380991 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.598452091 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.598479986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.598627090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.598877907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.599020958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.599287033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.599344015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.614834070 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.614988089 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.737291098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.737309933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.737323999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.737371922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.737488031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.737579107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.737586021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.763417006 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.763539076 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.890743971 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.890804052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.890925884 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.890976906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.891058922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.891180038 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.891207933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:27.911952972 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:27.912035942 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.039539099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.039572001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.039649010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.039927959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.040023088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.040118933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.040146112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.052119017 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.052216053 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.172518969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.172719955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.172909021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.173034906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.173073053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.173197031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.210387945 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.210510969 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.332407951 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.332653046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.332686901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.332731009 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.332869053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.332956076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.333058119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.349618912 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.349772930 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.471725941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.471849918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.471904993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.471915960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.472027063 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.472146988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.490822077 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.490967035 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.611679077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.612354040 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.613415003 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.629345894 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.629632950 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.750255108 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.750577927 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.750664949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.750829935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.751138926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.751189947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.751218081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.805551052 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.805663109 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.926270962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.926326990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.926390886 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.926593065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.926786900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.926815033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.926846981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:28.959785938 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:28.961117983 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.080800056 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.082495928 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.082542896 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.082592964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.082624912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.082802057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.082834959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.100712061 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.100828886 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.223242998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.223571062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.223606110 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.223875046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.223908901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.224069118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.240598917 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.240719080 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.361155033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.361190081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.361305952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.361394882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.361444950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.361500025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.361525059 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.381376028 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.381519079 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.503108978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.503318071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.503482103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.503829002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.503878117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.503936052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.503945112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.522567034 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.522677898 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.644076109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.644093037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.644105911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.644207001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.644217968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.644227982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.676958084 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.677077055 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.799863100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.799983978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.800040007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.800523996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.800534964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.801042080 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.850246906 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.850409985 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:29.971309900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.971332073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.971430063 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.971512079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.971581936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.971647978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:29.971699953 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.005250931 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.005347013 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.131877899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.131953001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.132091045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.132404089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.132474899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.132519960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.132529974 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.185535908 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.185693026 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.306790113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.306919098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.307035923 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.307188034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.307212114 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.307373047 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.307418108 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.349267006 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.349406004 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.470314980 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.470438957 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.470534086 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.470609903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.470717907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.470773935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.470793009 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.523766994 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.523886919 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.647669077 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.647751093 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.647784948 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.648108959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.648205042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.648493052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.665924072 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.666023970 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.835542917 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:30.914030075 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.914347887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.914417982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.914557934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.962224960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.967912912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.976146936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:30.994851112 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.009680033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.009737968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.009797096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.115613937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.115848064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.115894079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.115991116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.130332947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.130446911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.147192001 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.147321939 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.267987013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.268002033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.268013000 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.268079042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.268148899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.268167019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.268229961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.303013086 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.303154945 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.423935890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.424257994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.473906994 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.474013090 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.594403982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.594521999 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.594655037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.594664097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.594737053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.594815016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.594826937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.616899967 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.617058039 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.737536907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.737680912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.737730026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.737956047 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.737996101 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.771163940 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.771267891 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.891916037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.892172098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.892230034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.892327070 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.892406940 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.892862082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.892901897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:31.912313938 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:31.912410975 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.033607006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.033678055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.033833981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.033843994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.033931971 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.034085035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.034094095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.067341089 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.067462921 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.188074112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.188131094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.188215971 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.188349009 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.188399076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.188452005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.188461065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.277679920 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.277931929 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.405114889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.405234098 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.405318975 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.405385017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.405466080 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.427577019 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.451095104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.558123112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.558440924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.558630943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.558748960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.558962107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.559081078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.559216976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.559294939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.599569082 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.599683046 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.704421997 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.720458984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.720479965 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.720608950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.720693111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.720705986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.739738941 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.751535892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.751682997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.825171947 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.825213909 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.863684893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.863833904 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.863846064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.863892078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.864061117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.864073038 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:32.909715891 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.909809113 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:32.948860884 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.034720898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.034738064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.034753084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.034914970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.034950972 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.053117037 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.068913937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.068948984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.191234112 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.194571972 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.234730005 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.299124002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.299246073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.299340963 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.299423933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.299664974 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.299676895 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.324503899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.324537992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.335567951 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.369817019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.392533064 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.394253016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.395227909 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.403295994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.403368950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.473500013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.491794109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.495412111 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.513277054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.525679111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.541714907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.541917086 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.541954041 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.541997910 CET	49719	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.616099119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.616238117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.616395950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.616523981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.616720915 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.616770983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.647219896 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.647219896 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.665286064 CET	56001	49719	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.791950941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.795974016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.807687044 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.807727098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.812427998 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.873518944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.877069950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.935991049 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.936003923 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.936145067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.936153889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.962543011 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:33.983063936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:33.993849993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.083549023 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.083599091 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.083631992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.083776951 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.083832979 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.083877087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.102463007 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.102608919 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.223078966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.223279953 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.223484039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.223577023 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.223683119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.223823071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.223833084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.245134115 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.245290041 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.369040966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.369126081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.369173050 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.369427919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.369600058 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.369807959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.369860888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.398865938 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.399102926 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.526225090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.526351929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.526441097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.526649952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.526755095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.526885986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.526900053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.557636976 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.557780981 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.680187941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.680306911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.680424929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.680526018 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.680680990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.680814981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.680952072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.725114107 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.725224018 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.845582008 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.845726013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.845763922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.845861912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.845904112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.845992088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.846013069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:34.880506992 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:34.880621910 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.001238108 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.001646996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.001811981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.002098083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.002176046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.002372026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.002381086 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.021846056 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.021958113 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.142514944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.142589092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.142637014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.142671108 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.146835089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.156452894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.156471968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.193455935 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.193592072 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.314817905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.314829111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.314949989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.315095901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.315104961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.315224886 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.315232992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.334086895 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.334275961 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.454843998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.454958916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.455077887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.455104113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.455151081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.455185890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.455255985 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.474131107 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.474318981 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.597114086 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.597284079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.597369909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.597461939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.614685059 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.627466917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.646867037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.677052021 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.735544920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.735589981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.735701084 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.735752106 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.735879898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.735888958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.772419930 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.772536039 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.893668890 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.893785954 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.893805027 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.893914938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.893949986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.894045115 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.894088984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:35.927397966 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:35.927570105 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.051662922 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.051951885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.055349112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.068658113 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.111141920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.113662004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.116463900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.116528988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.190511942 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.190670967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.190768957 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.190778971 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.190846920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.190879107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.224378109 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.224488974 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.348012924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.348028898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.348233938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.348355055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.348407984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.348540068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.348658085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.366033077 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.366189957 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.492126942 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.528115988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.535837889 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.536150932 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.656255007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.656616926 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.656733990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.656795979 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.656831026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.656902075 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.656944990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.730581999 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.730740070 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.850992918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.851146936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.851222038 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.851413012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.851444960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.851516962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.851576090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:36.886706114 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:36.886894941 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.007810116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.008280039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.008416891 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.008446932 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.008554935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.008584976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.008613110 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.042624950 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.042738914 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.163352013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.163520098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.163646936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.163774967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.163875103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.163980007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.163989067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.193897963 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.193996906 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.314407110 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.314467907 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.314506054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.314577103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.314611912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.314734936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.314745903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.365542889 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.365641117 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.486267090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.493611097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.508856058 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.508970976 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.629679918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.629884958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.629935026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.630007029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.630090952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.630172968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.630319118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.645560980 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.645678043 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.770584106 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.770939112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.771233082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.771302938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.771384001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.771516085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.771528006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.802236080 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.802236080 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.923105001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.923141003 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.923177958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.925331116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.935461998 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.937810898 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.937824011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:37.941654921 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:37.941757917 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.063827991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.063883066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.064069986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.064140081 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.064219952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.064274073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.100238085 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.100383043 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.227550983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.271063089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.285763025 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.391849041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.391875029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.391949892 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.392016888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.414623022 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.418849945 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.427751064 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.471183062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.480526924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.502054930 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.515171051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.515289068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.566756964 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.599101067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.600959063 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.622644901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.635658026 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.635795116 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.655486107 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.687342882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.687436104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.708739996 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.711837053 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.721427917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.743649006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.830251932 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.830455065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.830674887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.830832005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.831012011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.864945889 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.864947081 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:38.985862970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.985991955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.986078024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.986162901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.986279011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:38.986408949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.020670891 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.020828009 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.142445087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.142570019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.142616987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.142761946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.142925978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.143028975 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.143073082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.193772078 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.193934917 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.317027092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.317238092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.317365885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.317470074 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.317558050 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.317679882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.317718983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.336838007 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.336947918 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.457461119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.457515955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.457639933 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.457649946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.457760096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.457827091 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.457874060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.602029085 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.602293015 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.727797031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.727925062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.728054047 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.728207111 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.728326082 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.728415012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.728431940 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.868824959 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.869195938 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:39.989264965 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.989633083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.989734888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.989818096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.990005970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.990031958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:39.990097046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.039499998 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.039653063 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.160851955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.161036015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.161078930 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.161221027 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.161267996 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.168477058 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.168560982 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.183630943 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.183734894 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.304295063 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.304348946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.304462910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.304603100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.304611921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.304702044 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.304713011 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.349792004 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.349912882 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.470634937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.470905066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.471038103 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.471193075 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.471203089 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.471287012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.515635967 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.515788078 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.636221886 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.636308908 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.636415005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.636679888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.636755943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.636806965 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.636818886 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.661243916 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.661350965 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.782109976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.782130957 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.782221079 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.782366991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.782490969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.782808065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.805471897 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.805577040 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.926249981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.926265001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.926373959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.926445961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.926568985 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.926635981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.926645994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:40.962980032 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:40.963103056 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.083456039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.083647966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.083795071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.083935976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.083992004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.084054947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.084074020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.130909920 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.131079912 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.251580954 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.251813889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.251904964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.252049923 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.252110004 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.252180099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.252305984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.273679972 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.273844004 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.394185066 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.394385099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.394948959 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.395052910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.395093918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.395179033 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.395195007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.411005974 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.411154032 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.531779051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.531804085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.531923056 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.532269955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.532357931 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.552644968 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.565617085 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.575937986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.675076962 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.675185919 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.675272942 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.675335884 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.675453901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.675463915 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.692653894 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.692770958 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.813215017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.813290119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.813339949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.813406944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.813498020 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.813541889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.813616991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.832484961 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.832633972 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.953429937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.953444958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.953614950 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.953775883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.953869104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.953947067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.953963995 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:41.975786924 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:41.975908995 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.096554041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.096600056 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.096647024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.096831083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.096946001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.097012997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.097023964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.131473064 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.131606102 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.253086090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.253448009 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.253586054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.253710985 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.253842115 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.253937960 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.254002094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.272161961 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.272279024 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.393064976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.393141031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.393351078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.393395901 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.393520117 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.393574953 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.393604994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.522898912 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.523046970 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.668000937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.673319101 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.680469990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.680907965 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.686285019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.688220024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.834887981 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.834995985 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:42.955653906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.955686092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.955740929 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.955972910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.956100941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.956145048 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:42.956172943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.002234936 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.002558947 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.122590065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.123066902 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.133677006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.138164997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.139277935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.139472008 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.139482975 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.149286032 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.149439096 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.269927979 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.270869017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.302376032 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.302520990 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.424300909 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.424479961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.424531937 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.424705029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.424833059 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.424916029 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.424962044 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.449414968 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.449574947 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.570013046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.570056915 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.570147991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.570308924 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.570322990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.570475101 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.570485115 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.598120928 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.598261118 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.718535900 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.718676090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.718811989 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.718951941 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.718991041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.719099045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.719115019 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.747071028 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.747226954 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.869400024 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.869497061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.869658947 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.869791031 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.869801044 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.869956017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.869966030 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:43.923927069 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:43.924078941 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.044533968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.044712067 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.044842958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.044929981 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.045017958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.045133114 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.045145988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.084271908 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.084423065 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.206298113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.206310034 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.206319094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.254290104 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.254398108 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.374922037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.374948025 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.375022888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.375149012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.375195980 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.375338078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.375346899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.412767887 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.412888050 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.538687944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.538984060 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.539072037 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.539160013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.539254904 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.539305925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.539347887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.552141905 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.552268982 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.677011967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.677023888 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.677032948 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.677126884 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.678137064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.678145885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.678153992 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.696175098 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.696302891 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.816803932 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.816920042 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.817035913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.817174911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.817462921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.817666054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.817709923 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.835285902 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.835742950 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:44.957156897 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.957324028 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.957586050 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.959374905 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.959384918 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.959638119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:44.959647894 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.006309986 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.006468058 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.147608995 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.201271057 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.201284885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.201298952 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.201308012 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.201317072 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.201325893 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.201334953 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.302599907 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.322220087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.322237968 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.322247028 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.322256088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.322259903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.322269917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.424762964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.424958944 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.424968958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.424977064 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.425403118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.637339115 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.637496948 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.757925987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.758086920 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.758235931 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.758362055 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.758483887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.758583069 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.758610964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.827584028 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.827739954 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.951488972 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.951508045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.951636076 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.951726913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.951773882 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.951858997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.951879978 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:45.959932089 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:45.960074902 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.080465078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.080831051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.080940008 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.081077099 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.081123114 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.081192970 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.081203938 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.123811007 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.123964071 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.244465113 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.244630098 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.244725943 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.244736910 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.244781017 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.244903088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.245012045 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.256594896 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.256700039 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.377374887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.377568007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.377641916 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.377763987 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.377844095 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.378021002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.378030062 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.417771101 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.417927027 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.544891119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.544945955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.545027971 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.545197010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.545229912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.545479059 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.545505047 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.573410988 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.573560953 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.700841904 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.701133013 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.701255083 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.701431990 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.701658964 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.701767921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.701777935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.716259956 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.716368914 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.842152119 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.842168093 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.842181921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.842323065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.842427015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.842516899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.870168924 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.870275974 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:46.990685940 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.990832090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.990911961 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.991031885 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.991069078 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.991163969 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:46.991173983 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.016844034 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.016951084 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.138008118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.138065100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.138107061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.138210058 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.138300896 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.138382912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.138402939 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.164850950 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.164968014 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.285371065 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.285401106 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.285454035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.285598040 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.285706997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.285815001 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.285825014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.305077076 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.305175066 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.425796986 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.425820112 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.425911903 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.426105976 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.426155090 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.426215887 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.426239014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.443165064 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.443268061 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.563755035 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.563772917 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.563837051 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.563910007 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.563930988 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.564024925 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.564045906 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.608982086 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.609270096 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.729938984 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.730412006 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.730426073 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.730549097 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.730628014 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.730647087 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.740403891 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.740546942 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.863001108 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.863267899 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.863404036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.863651991 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.863986015 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:47.897384882 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:47.897531986 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.018146038 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.018182039 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.018222094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.018233061 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.018369913 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.018378973 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.054759979 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.054872990 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.175699949 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.175738096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.175945997 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.176403046 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.176443100 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.176645041 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.176762104 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.213097095 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.213217020 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.333782911 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.334053993 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.334116936 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.334238052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.334299088 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.334414005 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.334456921 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.410936117 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.411134958 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.536623955 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.536744118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.536757946 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.537089109 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.537237883 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.537429094 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.537517071 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.628015041 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.628106117 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.749174118 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.749599934 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.749608994 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.749838114 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.750103951 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.750185966 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.750288010 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.807559967 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.807714939 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.928102016 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.928245068 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.928292036 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.928339958 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.928632975 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.928790092 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.928802967 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:48.943914890 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:48.944077969 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:49.064327002 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:49.064611912 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:49.064735889 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:49.064892054 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:49.064958096 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:49.065242052 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:49.065295935 CET	56001	49721	64.95.10.19	192.168.2.12
Nov 25, 2024 18:04:49.067147970 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:49.067282915 CET	49721	56001	192.168.2.12	64.95.10.19
Nov 25, 2024 18:04:49.189635992 CET	56001	49721	64.95.10.19	192.168.2.12

Target ID:	0
Start time:	12:03:05
Start date:	25/11/2024
Path:	C:\Users\user\Desktop\QuickTextPaste (2).exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\QuickTextPaste (2).exe"
Imagebase:	0x400000
File size:	1'363'968 bytes
MD5 hash:	4BC6DC45D87F46354CF96B0D60D849E5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	12:03:23
Start date:	25/11/2024
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
Imagebase:	0x100000
File size:	2'141'552 bytes
MD5 hash:	EB80BB1CA9B9C7F516FF69AFCFD75B7D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	0.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	6.8%
Total number of Nodes:	1282
Total number of Limit Nodes:	1

Executed Functions

Function 00416231 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 345
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B

Strings

6@FF, xrefs: 00416AFE
r, xrefs: 00416C13
R, xrefs: 0041673B
L, xrefs: 00416BFE
y, xrefs: 00416C28
i, xrefs: 00416C05
W, xrefs: 00416C2F
b, xrefs: 00416C0C
r, xrefs: 00416C21
d, xrefs: 00416BF7
o, xrefs: 00416BE9
a, xrefs: 00416C1A
a, xrefs: 00416BF0
L, xrefs: 00416BE2

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: DefaultLocaleQuery
String ID: 6@FF$L$L$R$W$a$a$b$d$i$o$r$r$y
API String ID: 2949231068-2404036922
Opcode ID: 49a117ec42e6be9d70c53d8c85f8541a0e54a36f076249b0e0ab38ded7a95451
Instruction ID: d5ae0920ea012b07947300cbe02f03d75d78b263460189df19597f606348f5fc
Opcode Fuzzy Hash: 49a117ec42e6be9d70c53d8c85f8541a0e54a36f076249b0e0ab38ded7a95451
Instruction Fuzzy Hash: 43E16CB5D052688BEB20CB14CC90BEAB7B6FB94300F1541EAD44DA7281D7399ED1CF5A

Function 0041E397 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 188
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 0041F488

Strings

o, xrefs: 0041E54D
d, xrefs: 0041E55B
L, xrefs: 0041E546
r, xrefs: 0041E577
b, xrefs: 0041E570
a, xrefs: 0041E57E
a, xrefs: 0041E554
i, xrefs: 0041E569
W, xrefs: 0041E593
L, xrefs: 0041E562
y, xrefs: 0041E58C
r, xrefs: 0041E585

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ExitProcess
String ID: L$L$W$a$a$b$d$i$o$r$r$y
API String ID: 621844428-4069139063
Opcode ID: e79f1a19910d078ddfbbefa0f6b513eb2636e8118e2c895131a6048afb768943
Instruction ID: 49179e029358c601d47194dacace062c049735f8aecbd42803199bba024e841f
Opcode Fuzzy Hash: e79f1a19910d078ddfbbefa0f6b513eb2636e8118e2c895131a6048afb768943
Instruction Fuzzy Hash: 188108B1E096689AF720CB24CC447DA7B75EF51304F1480FAD84D57282D67A8FC68F66

Function 00406EBE Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 404
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: a08cf8bb7cd2ddb8e3db18e3285b1c5efe6b94d46a05dd2cc52c5cfee547a24a
Instruction ID: f9d7f76e105ba9ec23288e54f2168d33306c1fdfaa71867662fccb09afdb378b
Opcode Fuzzy Hash: a08cf8bb7cd2ddb8e3db18e3285b1c5efe6b94d46a05dd2cc52c5cfee547a24a
Instruction Fuzzy Hash: 9AF140B1D092289FEB24CA14DC90AEA77B5FB84315F1441FAD80DA6381D6396FC2CF56

Function 00407639 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 266
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 1499177d04bdb0b7de258b5a9adcbce1dba7413f00b3c56ee1a7d0f1be14552c
Instruction ID: ff19a6a794caca9f36b485849c86c3e98ebfbdd90ea5acac48a41dba6744c2bd
Opcode Fuzzy Hash: 1499177d04bdb0b7de258b5a9adcbce1dba7413f00b3c56ee1a7d0f1be14552c
Instruction Fuzzy Hash: B491B3B1D091289FE7248B14DC95AFB7779FB84310F1481FAD80EA6640E6396FC2CE56

Function 0040745E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 238
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 971599d62c420ffd857181e2df79501690e941cc3b263029244f33c74aa9cc1d
Instruction ID: d0bd618aa4abcdc725c8c0843f41bb372d76ea4ad1b638039c3cef773761e815
Opcode Fuzzy Hash: 971599d62c420ffd857181e2df79501690e941cc3b263029244f33c74aa9cc1d
Instruction Fuzzy Hash: 5C8193B1D052289FE7248B14DC91AFB7779FB84310F1481FAD80DA6640E6396FC2DE56

Function 0041616C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 235
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B

Strings

CHBN, xrefs: 00415F80

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: DefaultLocaleQuery
String ID: CHBN
API String ID: 2949231068-2236069287
Opcode ID: b2f523e7b804df57e6ed936d313a9a0c5eca27da16a78216aca96fd30fe003f9
Instruction ID: 04d73ac622c8c4df271df2face53621d1108fa9b226eeb702b577e7dfd4595f9
Opcode Fuzzy Hash: b2f523e7b804df57e6ed936d313a9a0c5eca27da16a78216aca96fd30fe003f9
Instruction Fuzzy Hash: 2D91EFB2E056648FEB208B25DC507EAB771FF90304F1540EAD84DA7381E2789AD1CF5A

Function 00407801 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 206
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 17f315cc95e151f82c3b473b692960eb13991f7c5bbb63149c606de0d2d103d1
Instruction ID: 30b0aacf52a8e76521650779860081edab429cad673e273aa3984f156d36a9ad
Opcode Fuzzy Hash: 17f315cc95e151f82c3b473b692960eb13991f7c5bbb63149c606de0d2d103d1
Instruction Fuzzy Hash: D08184B0D091689FEB24CB14CC90AEEB7B5EB85315F1481FAD80E66281D6397F81CF56

Function 004072C9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 204
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 98d5a846181471a45dc11672bd8f83c0911fca266973cbffe948b0cca086c95d
Instruction ID: 610ab468b58192c3189706f6687b98f4dbe9cd49af046ab5ee6ff6639577a70c
Opcode Fuzzy Hash: 98d5a846181471a45dc11672bd8f83c0911fca266973cbffe948b0cca086c95d
Instruction Fuzzy Hash: AA71C8F2D05225AFF7148A14DC95AEB7778EB80310F1441FAD80DA6280D63D6FC68E97

Function 004074DD Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 194
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: a14e6f918cefa51a6cd2096712322b0ca075e8dc4ebb32e45b8619b6473020dc
Instruction ID: 1c3fdb83f76fd4713bf4ac7fb4d6521306fd84a6beb700205a5a101a1e7f4e85
Opcode Fuzzy Hash: a14e6f918cefa51a6cd2096712322b0ca075e8dc4ebb32e45b8619b6473020dc
Instruction Fuzzy Hash: 3961A4B1D091299FE7248B14DC90AFB7778EB84310F1481FAD80DA6680E6396FC2DF56

Function 004157C3 Relevance: 2.1, APIs: 1, Instructions: 568COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b74ed3697608e9d9680f3a16b73e633387e8aa4e3c2394a282703c425610ef2
Instruction ID: 13e48e2b5fcf3385ba1db89c52148cac321fc759d0082e9ff8c951c1f028f19d
Opcode Fuzzy Hash: 8b74ed3697608e9d9680f3a16b73e633387e8aa4e3c2394a282703c425610ef2
Instruction Fuzzy Hash: 9132BDB1E046688FEB248B14DC94BEAB7B5FF85304F1441EAD84DA6280E7385ED1CF56

Function 00416F82 Relevance: 1.9, APIs: 1, Instructions: 422nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000000,?), ref: 00417B2D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: d23aecb0fb5311833bc28086b1c90d52e6342863050b6acf700b07f89787beeb
Instruction ID: df600775225a6817876abde58dfde50fa76c99a76918264543c8ecb8572ef3d8
Opcode Fuzzy Hash: d23aecb0fb5311833bc28086b1c90d52e6342863050b6acf700b07f89787beeb
Instruction Fuzzy Hash: C6F19DB1D081289BEB24CA14DD54BEBBBB5EB85311F1481EAD80E62780D7395FC2CE56

Function 0041E95A Relevance: 1.8, APIs: 1, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ee8d9896f4ecf9f7bea1daa69362319a6e2796517543bf7c43944efe203e9df
Instruction ID: 9402d941ed495bfb9d6ed6a04fa52e9281188681cbf316ddffb0d21103877390
Opcode Fuzzy Hash: 5ee8d9896f4ecf9f7bea1daa69362319a6e2796517543bf7c43944efe203e9df
Instruction Fuzzy Hash: EFB192B5E042688FEB24CF25CC94BEABB75AB85314F1441EAD84D67341DA396EC2CF44

Function 00416087 Relevance: 1.7, APIs: 1, Instructions: 212nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 85b42d9292f86df5e44036e3a8ff8d6731a36614fcd0537ad636c032b0d5548e
Instruction ID: 3a36954a66d454c42916218c4210eab62e27d3a9c54c485993be85de79f8367a
Opcode Fuzzy Hash: 85b42d9292f86df5e44036e3a8ff8d6731a36614fcd0537ad636c032b0d5548e
Instruction Fuzzy Hash: 1D8104B1E056648BEB208B25CC507EAB771FF90305F1544EAD84DA6381E3789ED1CF16

Function 0041EE59 Relevance: 1.7, APIs: 1, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: e1c4b1d18263297bba4ed9b19f6d9cce977bc7d2f0cde00f20d14f931fd392e7
Instruction ID: 072424375afe5719ce0ed9bd983d6f87274ebe52f5c45c9e506659b2f7d4e5c1
Opcode Fuzzy Hash: e1c4b1d18263297bba4ed9b19f6d9cce977bc7d2f0cde00f20d14f931fd392e7
Instruction Fuzzy Hash: 8471DEB2C052298BEB248B20DD54BFAB779FF84310F0481FAD80DA6281D6794EC2DF55

Function 00416473 Relevance: 1.6, APIs: 1, Instructions: 106nativeCOMMON

Download Yara Rule

APIs

NtQueryDefaultLocale.NTDLL(00000001,?), ref: 0041656B

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: DefaultLocaleQuery
String ID:
API String ID: 2949231068-0
Opcode ID: 75da59268204de599cf2586ca18f7f196409d44e5bc3e2f90d5b665346992c1f
Instruction ID: 853808276b5e699154ab914f1fb5dc5320e0742362ee59ffdd4d7813341c293c
Opcode Fuzzy Hash: 75da59268204de599cf2586ca18f7f196409d44e5bc3e2f90d5b665346992c1f
Instruction Fuzzy Hash: 204108B2D06564DAEB208B14DC54BEA77B2AB50311F1641FBD80E52284E7389ED1CE0A

Function 0040759C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 224
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: f9fd11e66a84a254f599fc0ffb9e93a0d8e6a408dfa821dbeb128120272c5d36
Instruction ID: 4e8a0a1bd5a253ca80542a41813d2f0dc9e9d6d315fe07cb04aec797d4c8eb46
Opcode Fuzzy Hash: f9fd11e66a84a254f599fc0ffb9e93a0d8e6a408dfa821dbeb128120272c5d36
Instruction Fuzzy Hash: 0581D5B1D091299EE7248B14DC90AFB7774FF84310F1081FAE80DA6680E6396FC2DE56

Function 004074AA Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: H
API String ID: 0-2852464175
Opcode ID: 86eb16e4e543703e8d4f0e386f813d8a62f634e5ddba1fbe2cef4de7436b48b3
Instruction ID: 7266076c22d33dbcd3d460919e61438b02f46b0ba71f1cd36bc3dae2c6948d68
Opcode Fuzzy Hash: 86eb16e4e543703e8d4f0e386f813d8a62f634e5ddba1fbe2cef4de7436b48b3
Instruction Fuzzy Hash: 3471A3B1D091299FE7248A14DC91AFB7778FF84310F1481FAE80D66680E6396FC29E56

Function 0041F108 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 158
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(00000000), ref: 0041F488

Strings

, xrefs: 0041F48F

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-399585960
Opcode ID: 8002f9402aba40aafd2fba85f5b281f473503177a592bfb786efc3e854b775e8
Instruction ID: 0b4824487f3c728ee9c662490b723a58eb1aa87252caefc7b5d42a3b4197818a
Opcode Fuzzy Hash: 8002f9402aba40aafd2fba85f5b281f473503177a592bfb786efc3e854b775e8
Instruction Fuzzy Hash: 537116B4E052289BDB24CF04CC80BEAB7B2BB94304F1481EAD90D67351D735AED68F95

Function 00407613 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 140
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 6015b82533b7f610c2c73a979d6fea363be3760dabb677e4999851231bf80c8d
Instruction ID: b417e04b3d9ddb8d06de6a12b714577bfda655022e7d1f97473579596280aab9
Opcode Fuzzy Hash: 6015b82533b7f610c2c73a979d6fea363be3760dabb677e4999851231bf80c8d
Instruction Fuzzy Hash: 0941B5F1D091289FE714CA14DC90AEB7778EB81310F1441FAD80DA6281E63D6FC29E97

Function 00407444 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: d5c29f456008fc39e03b5a3a81da9088eb27dc3b49f6f580f9445385e0e1a6dc
Instruction ID: af48dcd4f2a87e001c4b46b9f46951c050cf013d36c329360d614cdb825f8f8e
Opcode Fuzzy Hash: d5c29f456008fc39e03b5a3a81da9088eb27dc3b49f6f580f9445385e0e1a6dc
Instruction Fuzzy Hash: 9941A6B1D091249FE7148A14DC90AEB7778EB81314F1441FAE90D66281E63D7FC29E57

Function 0040769B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: dec1911309d4a842ab4f1626ab04342edd648cdcc954b2feb7ceeac58d20b615
Instruction ID: e8ccf5d480e83ec867e754c98d6c853492001177e50d87dc0211a3c396fe67a2
Opcode Fuzzy Hash: dec1911309d4a842ab4f1626ab04342edd648cdcc954b2feb7ceeac58d20b615
Instruction Fuzzy Hash: A541C6B1D091689FEB14CA14DC90AEB7778EB80314F1441FAE80DA6241E6397FC2DF96

Function 004076AE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 4447908ef74ba9905ddc4a311aa98b489c35001bd9e4064aa4f77981129bc740
Instruction ID: 73efcb83b2863d4cf423dd5588cc10b36a13336c3ad767a7a79311ff9b8be201
Opcode Fuzzy Hash: 4447908ef74ba9905ddc4a311aa98b489c35001bd9e4064aa4f77981129bc740
Instruction Fuzzy Hash: 0541B6B1D051289FEB14CA14DC90AEB7778EB80314F1441FAE90D66240E6396FC2DE92

Function 00406EA7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: ac1ac4bb0b4ca1cb5d5645629d8f26322a3a00166c50e7650a9324f8d491c348
Instruction ID: 277bed2a504a2796f184e30173585ece7987f9d763c9e763ae497bc256b0d4e6
Opcode Fuzzy Hash: ac1ac4bb0b4ca1cb5d5645629d8f26322a3a00166c50e7650a9324f8d491c348
Instruction Fuzzy Hash: E44126B1D0A1586FE7148A14DC91AEB7778EB41310F1441FAE80DA1281E639BF828F63

Function 00407941 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 1f91561356005e667435b17a819342285c020b18c1ecc7bcc787f064c1a18858
Instruction ID: 8be0473e92fddc4f14d80ce078066611cd9bafe221272112a10b665520aacd60
Opcode Fuzzy Hash: 1f91561356005e667435b17a819342285c020b18c1ecc7bcc787f064c1a18858
Instruction Fuzzy Hash: C541D3B0E092699FEB24CB14DC90AEE77B8EF41304F1441EAD80DA6241D6397F82DF56

Function 00407956 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 110memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 6678ca18948b46d413ad09823ee6d94edf0c567ea9bb93316525c19f977e043d
Instruction ID: 60a2621da1b56ab119aa25e709ee37b68f17acee351728cc11af7046f9681cc3
Opcode Fuzzy Hash: 6678ca18948b46d413ad09823ee6d94edf0c567ea9bb93316525c19f977e043d
Instruction Fuzzy Hash: BD41B2B1E091699FEB24CA14DC90AEE77B4EB41305F1081FAD80EA6241E6397F81CF56

Function 004079BE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 109memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: f03273828f681186c8950a68f284f06bd2f3a25c5cd7a0f2d890186ba70f2ada
Instruction ID: 960d91b94dab4f106e6928c9ddb03575bf937047b650a9051660eff6727b19b7
Opcode Fuzzy Hash: f03273828f681186c8950a68f284f06bd2f3a25c5cd7a0f2d890186ba70f2ada
Instruction Fuzzy Hash: CF41A3B1E091699FEB24CA14DC90AEE77B4EB81315F1081FAD80DA6281D6397F81CF56

Function 00407317 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 99memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 61b2760506ec70c5ec84ad93d298fe7fb3076edec4bce2cc3c2e18d5e514af9b
Instruction ID: 92d0103eb18a1e76b5481516b90cfa86c3549c03294cb060e38f0e120bc04a60
Opcode Fuzzy Hash: 61b2760506ec70c5ec84ad93d298fe7fb3076edec4bce2cc3c2e18d5e514af9b
Instruction Fuzzy Hash: DF31D4B1D0A158AFEB14CA14DC91AEB7778EB45310F1441FAE80DA6241E6397F828F57

Function 0040774E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 97201ee44a25bcd450d0e1f4cde20caf39a827bae7579ad191896343caec7c82
Instruction ID: 7d1c454c5b950b1e57697d63005640282dfeaf72a4e15ddf7828b6cb7fc4dc5e
Opcode Fuzzy Hash: 97201ee44a25bcd450d0e1f4cde20caf39a827bae7579ad191896343caec7c82
Instruction Fuzzy Hash: 3C31D6B1E0A2199FEB24CA14DC90AEA7778FF40300F1041FAE90DA6241E6397F81DF56

Function 00407780 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 449bc52b915bf145490852db6d0f2f93bb2d7ba8236e070378f01086d075cd6e
Instruction ID: 2846fa902ca4226644e8a2f555184b2706cb79ca6f5f8dce94dc74bf5cb8b9e1
Opcode Fuzzy Hash: 449bc52b915bf145490852db6d0f2f93bb2d7ba8236e070378f01086d075cd6e
Instruction Fuzzy Hash: 1631D8B1D0A1199FEB24CA14DC90AEA7778FF40300F1041FAE90DA6241D6397F81DF56

Function 004077A5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 92memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

Strings

H, xrefs: 00407A4D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ProtectVirtual
String ID: H
API String ID: 544645111-2852464175
Opcode ID: 4fcdc64351e8df6c23ced275e42695f717f6d10942deda2d7e8f7d0b4153137e
Instruction ID: 193d8c63bde9533668196809bbe6eb9e6b26840c109239b67e8259f3b6349b66
Opcode Fuzzy Hash: 4fcdc64351e8df6c23ced275e42695f717f6d10942deda2d7e8f7d0b4153137e
Instruction Fuzzy Hash: DC31C7B1D0A1199FEB24CA14DC90AEA7778FB40300F1041FAE90D66241D6397F81DF56

Function 0041ED25 Relevance: 1.6, APIs: 1, Instructions: 105COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0041F488

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: a7c34388d5c1b6b4368e11ce4884d358167a177d668945abd098b4c01b585d05
Instruction ID: 3a3b27fcdc6e0e9487cf4a583e364f49f90c56feb2a2619b3bad8aa9e4db4507
Opcode Fuzzy Hash: a7c34388d5c1b6b4368e11ce4884d358167a177d668945abd098b4c01b585d05
Instruction Fuzzy Hash: 9A41E4F1D082649BE721CB25CC40AEBBB75AF95310F1441FBD84D56242D2399EC68F51

Function 0041F32D Relevance: 1.6, APIs: 1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dccea7a367e3dc70280df16af602df9db468873541c93d05aa68d785749eb70
Instruction ID: ffe6de3eec2d126d21a28da204ff4b36b96a5810d9efcfb99902ccff63e2b5fa
Opcode Fuzzy Hash: 6dccea7a367e3dc70280df16af602df9db468873541c93d05aa68d785749eb70
Instruction Fuzzy Hash: 4A31A07090556C8BDB24CA14CC94BFEB771AF82306F1881FBD95956241D6385ECA8E85

Function 0041EE02 Relevance: 1.6, APIs: 1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 1a6693ac9e61a8bf3d39731885ba805fe6780daa38466a2a15a68fe5a79f8265
Instruction ID: c81233945c9861f4815f9eb02bc9d9685d192c67d303bc9ea4503e520eacb760
Opcode Fuzzy Hash: 1a6693ac9e61a8bf3d39731885ba805fe6780daa38466a2a15a68fe5a79f8265
Instruction Fuzzy Hash: 0E21C3B1D082249FE710CA21CC84BEAB774EB85310F1480FAD84D6B242D6399EC78F52

Function 0041F392 Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0041F488

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 948669ceeb7d593b52a6a9867f3915be6aea56f4e9a1b7b9df9b584f26a3f62b
Instruction ID: 55d4853ac3aa8a7145631c2a201c474dcb17500aa77c7843a2b4a3a38e4c882e
Opcode Fuzzy Hash: 948669ceeb7d593b52a6a9867f3915be6aea56f4e9a1b7b9df9b584f26a3f62b
Instruction Fuzzy Hash: BF21A171E055288AF7308A15CC44BFFB7B5BB81316F1481FBD85D16280D6785EC68E86

Function 0041E8F6 Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0041F488

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: caf6c0e6217912197b0ebe9eb745821d919d6ec91bcfdb22834cee2722bbc0f4
Instruction ID: b4fca4cc9ec6f815d32bb83eadcd98ccf7ba7e03b08137156071876ef69c00c9
Opcode Fuzzy Hash: caf6c0e6217912197b0ebe9eb745821d919d6ec91bcfdb22834cee2722bbc0f4
Instruction Fuzzy Hash: EBF02BF6D586859DF3900226EC8ABFE3A18EBD1324F2444A3D84E5404283BD4DC75917

Function 0041ED5A Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32(00000000), ref: 0041F488

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 31838ce29b33f74e7019effa3b6e287278325d4490a9d986535c6a7e2179b1c1
Instruction ID: 4be4bd858b879d0d19ee76e687e38f06f510cffb33485c6eeb26029f097084e7
Opcode Fuzzy Hash: 31838ce29b33f74e7019effa3b6e287278325d4490a9d986535c6a7e2179b1c1
Instruction Fuzzy Hash: 44D012F5C0804595F2144A01FD067BA21789B05705F24417BE44B14180956A1DC71D57

Non-executed Functions

Function 0051DB4C Relevance: 14.1, Strings: 11, Instructions: 306COMMON

Download Yara Rule

Strings

e, xrefs: 0051DEC7
i, xrefs: 0051DE9D
P, xrefs: 0051DEAB
s, xrefs: 0051DECE
E, xrefs: 0051DE8F
s, xrefs: 0051DED5
o, xrefs: 0051DEB9
t, xrefs: 0051DEA4
r, xrefs: 0051DEB2
c, xrefs: 0051DEC0
x, xrefs: 0051DE96

Memory Dump Source

Source File: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: E$P$c$e$i$o$r$s$s$t$x
API String ID: 0-3128998556
Opcode ID: fac42b0b9a34db9555197cc561fed94994c518efbb238c4f9bfd77243e9fb354
Instruction ID: d0ace87170fddc32e34cccd2ed46240b8afc2ca99b5f74f66e11354aa27d436a
Opcode Fuzzy Hash: fac42b0b9a34db9555197cc561fed94994c518efbb238c4f9bfd77243e9fb354
Instruction Fuzzy Hash: 1BB135A2C085649FF7248A24EC98BEA7B75FB90300F1442F9D44EAB280D67D5FD18F61

Function 00433F0D Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 49clipboardregistryCOMMON

Download Yara Rule

APIs

OpenClipboard.USER32(00000000), ref: 00433F17
RegisterClipboardFormatW.USER32(Shell IDList Array), ref: 00433F36
GetClipboardData.USER32 ref: 00433F47
GlobalLock.KERNEL32(00000000), ref: 00433F52
CloseClipboard.USER32 ref: 00433F8B

Strings

Shell IDList Array, xrefs: 00433F31
4AD, xrefs: 00433F69

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Clipboard$CloseDataFormatGlobalLockOpenRegister
String ID: 4AD$Shell IDList Array
API String ID: 1151311956-2489082455
Opcode ID: 48519a98ff51355961bb7effbf8569a47d7a7025d9368877acad64ed744704c4
Instruction ID: 3f644c05e47439fdc23d2c824a1c84af3f17edb4169f705e82ac8151b23e47f1
Opcode Fuzzy Hash: 48519a98ff51355961bb7effbf8569a47d7a7025d9368877acad64ed744704c4
Instruction Fuzzy Hash: D2019231704204ABDB109F25EC49B6A3BA8EF0875AF04543DFC45EB2A0DB79DA40CB5C

Function 00426601 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 40windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0042666F: UnhookWindowsHookEx.USER32(?), ref: 00426679

GetModuleHandleW.KERNEL32(00000000), ref: 00426616
SetWindowsHookExW.USER32(0000000D,0041ED8B,00000000,00000000), ref: 00426625
GetLastError.KERNEL32 ref: 00426634
FormatMessageW.KERNEL32(00001100,00000000,00000000,00000000,?,00000000,00000000), ref: 00426648
MessageBoxW.USER32(00000000,?,Error hooking keyboard,00000010), ref: 0042665D
LocalFree.KERNEL32(?), ref: 00426666

Strings

Error hooking keyboard, xrefs: 00426654

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: HookMessageWindows$ErrorFormatFreeHandleLastLocalModuleUnhook
String ID: Error hooking keyboard
API String ID: 3539256350-2780107085
Opcode ID: fba2087d46c83467c84a28cd1e6aaa1c58a2a6ec1ea7a2086610efa25594ff7a
Instruction ID: f5ea2c017abb1ba6b0e2630cac6da38f566bcf030e92f02af746c3b95a68221d
Opcode Fuzzy Hash: fba2087d46c83467c84a28cd1e6aaa1c58a2a6ec1ea7a2086610efa25594ff7a
Instruction Fuzzy Hash: AEF09672501130FBDB201BA1AC4DEEF3E6DEF09751F101026F506A0091DBB45940EBF8

Function 0043271F Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 33COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000400,7123456,00000000,000001F3), ref: 00432790

Strings

2, xrefs: 00432764
7123456, xrefs: 00432787
5, xrefs: 00432779
4, xrefs: 00432772
6, xrefs: 00432780
3, xrefs: 0043276B

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: InfoLocale
String ID: 2$3$4$5$6$7123456
API String ID: 2299586839-3626163788
Opcode ID: 4da3740a6d9d69a3e11bd58766d14d6da9d5a0c6efc4164ef08d50fbd1901268
Instruction ID: df135c90cf4fd96ecc2958faa78990d9e9a54762d9a1c2938bb780a1a1e2f662
Opcode Fuzzy Hash: 4da3740a6d9d69a3e11bd58766d14d6da9d5a0c6efc4164ef08d50fbd1901268
Instruction Fuzzy Hash: 03014BB1800209EBEF11CF88C9497EEBBB8BB04348F504069A700BB2C0D7B95B4ACF54

Function 004327AB Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 33COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000400,0*+,-./,00000000,000001F3), ref: 0043281C

Strings

., xrefs: 00432805
-, xrefs: 004327FE
0*+,-./, xrefs: 00432813
/, xrefs: 0043280C
,, xrefs: 004327F7
+, xrefs: 004327F0

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: InfoLocale
String ID: +$,$-$.$/$0*+,-./
API String ID: 2299586839-396296672
Opcode ID: 5ca085d7eb37483b56b1ad4c0e2bd3df6a5eb46fe1b38734cf8d6047dd07eeff
Instruction ID: 182194e9b7aa74f1834d65153d6b30cc8a34f0bf16cbddff9d07cac1a8773447
Opcode Fuzzy Hash: 5ca085d7eb37483b56b1ad4c0e2bd3df6a5eb46fe1b38734cf8d6047dd07eeff
Instruction Fuzzy Hash: 06014BB5900209ABEF10DF98D9497EEBBB4BB04308F104069E700B72C0D7B95A4ACF58

Function 004046B0 Relevance: 10.2, Strings: 8, Instructions: 189COMMON

Download Yara Rule

Strings

, xrefs: 004047F4
Z, xrefs: 00404802
, xrefs: 004047FB
Z, xrefs: 0040479F
, xrefs: 004047ED
R, xrefs: 00404775
R, xrefs: 004047D8
, xrefs: 004047E6

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: $ $ $ $R$R$Z$Z
API String ID: 0-1123633900
Opcode ID: 88d95301f31a3f2d1ac066832d38047e6eca74c7e85de6611da3cf95abc830b9
Instruction ID: 0aa3e5cf93b86c8bf9c708f3687d348dc8937b572e33e8e33403907fd9fc1d08
Opcode Fuzzy Hash: 88d95301f31a3f2d1ac066832d38047e6eca74c7e85de6611da3cf95abc830b9
Instruction Fuzzy Hash: 3D6159E2C082555FF720C638DC84BEB7B68EBD1318F0841BAD84D666C1C73D5BC58A62

Function 004046F0 Relevance: 10.2, Strings: 8, Instructions: 171COMMON

Download Yara Rule

Strings

, xrefs: 004047F4
Z, xrefs: 00404802
, xrefs: 004047FB
Z, xrefs: 0040479F
, xrefs: 004047ED
R, xrefs: 00404775
R, xrefs: 004047D8
, xrefs: 004047E6

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: $ $ $ $R$R$Z$Z
API String ID: 0-1123633900
Opcode ID: 1823fc6854f9887763c4a800522b0609b5583cf8a0d032699d89ce2a1922d650
Instruction ID: 38492d2f8ba99f7311084cf982407855f2863f9a99877e6bc574de0e46fa5f5e
Opcode Fuzzy Hash: 1823fc6854f9887763c4a800522b0609b5583cf8a0d032699d89ce2a1922d650
Instruction Fuzzy Hash: 12515CE2C082955AF7248638DC84BEB7F6CDBD1318F0841FAD84D666C1C77D4BC58A62

Function 004324DC Relevance: 9.1, APIs: 6, Instructions: 52keyboardCOMMON

Download Yara Rule

APIs

IsWindow.USER32(?), ref: 004324EA
GetKeyboardState.USER32(?), ref: 0043251A
keybd_event.USER32(00000012,00000000,00000001,00000000), ref: 00432535
SetForegroundWindow.USER32(?), ref: 0043253A
GetKeyboardState.USER32(?), ref: 00432547
keybd_event.USER32(00000012,00000000,00000003,00000000), ref: 0043255D

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: KeyboardStateWindowkeybd_event$Foreground
String ID:
API String ID: 3738427976-0
Opcode ID: 2c72c861c302e1139b07c97f33455dde5ae2a2ab37e195d2adcee556ea12027a
Instruction ID: 94379a26eef160f79566083ef4e3578c49d00e1bcfa1839136e3bbe5105c761c
Opcode Fuzzy Hash: 2c72c861c302e1139b07c97f33455dde5ae2a2ab37e195d2adcee556ea12027a
Instruction Fuzzy Hash: 1E01B131A002AD7EEF219B74DD44BAB3B6CAB48754F0010B6EA44F21D1D7B09F418E68

Function 00434350 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(USER32.DLL), ref: 00434390
GetProcAddress.KERNEL32(?,VkKeyScanW), ref: 004343AD

Strings

VkKeyScanW, xrefs: 004343A8, 004343AB
yScanW, xrefs: 004343C1
USER32.DLL, xrefs: 0043438B

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: USER32.DLL$VkKeyScanW$yScanW
API String ID: 2574300362-2509131655
Opcode ID: f33a238c0a0008be8fa80d9092039b86b37356b8e18231454f539763cbe0bda6
Instruction ID: 00ef8408c9c2cd366938f6668c4c85d73a7131af4500c8c6c3acde0d2035717b
Opcode Fuzzy Hash: f33a238c0a0008be8fa80d9092039b86b37356b8e18231454f539763cbe0bda6
Instruction Fuzzy Hash: F3018030908388EEEB5197B4D80938E7FF19B15308F0480ECD44467292D3FA5658DF69

Function 00421838 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53timeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042183D
GetLocalTime.KERNEL32(00000002,?,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 0042184E

Part of subcall function 00424156: __EH_prolog.LIBCMT ref: 0042415B
Part of subcall function 00424156: GetLocalTime.KERNEL32(?), ref: 0042416C
Part of subcall function 00424156: CopyFileW.KERNEL32(?,00000000,?,00000000,?,?,0048039C,00000000,00445508), ref: 00424207

Strings

last_backup, xrefs: 00421866

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: H_prologLocalTime$CopyFile
String ID: last_backup
API String ID: 2992466287-3052884854
Opcode ID: 4e366ab625fe2227e8f56ac358aab6d24cbada234cdc05f17cb09aebade897a5
Instruction ID: a8900d9fa8d7d7e32f2f801e5830e3db12106511594fc8e929056427879ad994
Opcode Fuzzy Hash: 4e366ab625fe2227e8f56ac358aab6d24cbada234cdc05f17cb09aebade897a5
Instruction Fuzzy Hash: 8A01C671E005289ACB24B774AD969BD7364EF94744B50043FE811F22D2E67C8908D69C

Function 00402682 Relevance: 5.3, Strings: 4, Instructions: 287COMMON

Download Yara Rule

Strings

n, xrefs: 004027E6
8, xrefs: 004027C8
x, xrefs: 004027F0
n, xrefs: 004027DC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: 746d9dbff825a11e5d2fd0b20203336b79e02ee28d8751de777115ee141e0c10
Instruction ID: 21a550dcec8553acabf3a8883d983f30dac81b34ad3e10e028777a423c811b86
Opcode Fuzzy Hash: 746d9dbff825a11e5d2fd0b20203336b79e02ee28d8751de777115ee141e0c10
Instruction Fuzzy Hash: C3B116B2D002145FF728CB24DD99AEABBB8EB91308F0481FFE4096A1C5D7795B85CE41

Function 004026E3 Relevance: 5.3, Strings: 4, Instructions: 264COMMON

Download Yara Rule

Strings

n, xrefs: 004027E6
8, xrefs: 004027C8
x, xrefs: 004027F0
n, xrefs: 004027DC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: 79f31982a9b9237349f68f421025788475a8ba66ec951ccd8b76a1cab808e826
Instruction ID: 8ee75d24b1d4be626e4064a8d2bcb432974b3c9d83f1186e2f339f1e650b54a4
Opcode Fuzzy Hash: 79f31982a9b9237349f68f421025788475a8ba66ec951ccd8b76a1cab808e826
Instruction Fuzzy Hash: B8A106B2D002145FF728CB24DD8AAEABBB8EB91304F0481BFD50D6A5C4D7795B85CE52

Function 004026F5 Relevance: 5.3, Strings: 4, Instructions: 253COMMON

Download Yara Rule

Strings

n, xrefs: 004027E6
8, xrefs: 004027C8
x, xrefs: 004027F0
n, xrefs: 004027DC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: fe479619bb1af686994b37f14847de827903b543741180e65b0f53adab180d79
Instruction ID: 266dd622a38f191541ac6066ca6c2db1129c5295186e642fbe12cf81771b7d13
Opcode Fuzzy Hash: fe479619bb1af686994b37f14847de827903b543741180e65b0f53adab180d79
Instruction Fuzzy Hash: 3FA1F5B2D002145FF728CB24DD8AAEA7BB8EB91304F0481BBE50D6A5C4D7795BC5CE52

Function 004027A7 Relevance: 5.2, Strings: 4, Instructions: 214COMMON

Download Yara Rule

Strings

n, xrefs: 004027E6
8, xrefs: 004027C8
x, xrefs: 004027F0
n, xrefs: 004027DC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: 2de7fa072dbd810fa38812fafe5093c1f9780981969f7f294da05fe97c1083f9
Instruction ID: 0ad58c51173c0877d48187013a22ddad1033469e6e54103a693afe3b08919a03
Opcode Fuzzy Hash: 2de7fa072dbd810fa38812fafe5093c1f9780981969f7f294da05fe97c1083f9
Instruction Fuzzy Hash: BF81F4F2C102145FF728CA24DD9AAEB7BB8EB91304F0441BBE509AA5C0D7795BC58E52

Function 004027B2 Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

n, xrefs: 004027E6
8, xrefs: 004027C8
x, xrefs: 004027F0
n, xrefs: 004027DC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: 8$n$n$x
API String ID: 0-2129689772
Opcode ID: 1dd2fe3cc11f459a79cc97656bda8c95d9d12b10453e62b72c9d4e57314c521d
Instruction ID: 09ca6d8955a060d9c45855972af567bd705c2f233ca62d94242d71613854e32f
Opcode Fuzzy Hash: 1dd2fe3cc11f459a79cc97656bda8c95d9d12b10453e62b72c9d4e57314c521d
Instruction Fuzzy Hash: A381E5F2C102145BF728CA24DD9ABEA7BB8EB91304F0481BBE509AA5C0D77D5BC58E51

Function 00404A72 Relevance: 2.7, Strings: 2, Instructions: 196COMMON

Download Yara Rule

Strings

6=MO, xrefs: 00404CBD
XV, xrefs: 00404CCE

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: 6=MO$XV
API String ID: 0-3990888518
Opcode ID: 00656aa9eb16ea7f478f3914064f9b03e46ff580fd18f928522f4821289ccf66
Instruction ID: bebdaa049dd4e748ba55f348bcbeb728d2499e9a55cbfe047a0be19723ecf387
Opcode Fuzzy Hash: 00656aa9eb16ea7f478f3914064f9b03e46ff580fd18f928522f4821289ccf66
Instruction Fuzzy Hash: 306179F2D042105BF7148A38CD559EB3778EBC1310F0442BEE54E666C0D63DAAC6CA52

Function 0040497C Relevance: 2.6, Strings: 2, Instructions: 129COMMON

Download Yara Rule

Strings

6=MO, xrefs: 00404CBD
XV, xrefs: 00404CCE

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: 6=MO$XV
API String ID: 0-3990888518
Opcode ID: d24318f06188caa4ce9fac3ef99bbfa2be97f5c7e7f7d3794f0dda8d95860e51
Instruction ID: 6ff6c7a7ac506dcb9d113e67ca12e2ac47666b53d571eb419fc479b484d23850
Opcode Fuzzy Hash: d24318f06188caa4ce9fac3ef99bbfa2be97f5c7e7f7d3794f0dda8d95860e51
Instruction Fuzzy Hash: 38419BF3C091506BF3085638DC56AF73B5CDB81310F15427FEA0AA65C0E93DAA868667

Function 00401F52 Relevance: 1.5, Strings: 1, Instructions: 294COMMON

Download Yara Rule

Strings

PM3J, xrefs: 004020BD

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: PM3J
API String ID: 0-4033414035
Opcode ID: fd636bade443b83f105f17fc277a3d01b83cafc2252889daf4f183046d2918a5
Instruction ID: 9893684d2429a16808f605e32cae4b6f36a5a41854b132645977fa9bfec2ef8b
Opcode Fuzzy Hash: fd636bade443b83f105f17fc277a3d01b83cafc2252889daf4f183046d2918a5
Instruction Fuzzy Hash: 3DC1D4B2D002299FE728CB14DD89AEAB779EB84304F0581FBE80D66684D7785F81CE41

Function 0040EBC7 Relevance: 1.5, Strings: 1, Instructions: 271COMMON

Download Yara Rule

Strings

LoadLibraryW, xrefs: 0040EE51, 0040EEB3, 0040ED75, 0040EDCC, 0040EDF0, 0040ED85, 0040EE0A, 0040EF26

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: LoadLibraryW
API String ID: 0-3407153372
Opcode ID: d47aba9f6ae27676dedd815327530f93f0054a661a8b1f11d792eb88f34de794
Instruction ID: 2813a047259dbdf11d853a833ab762e7a14acc24ad4bc55ec3b50161b1065a1b
Opcode Fuzzy Hash: d47aba9f6ae27676dedd815327530f93f0054a661a8b1f11d792eb88f34de794
Instruction Fuzzy Hash: 6AC18D70D052688BDB28CB15CC90BEABBB5FF49310F1445FAD90D66681C678AFD18F82

Function 004028CD Relevance: 1.4, Strings: 1, Instructions: 147COMMON

Download Yara Rule

Strings

P5E<, xrefs: 004028CD

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID: P5E<
API String ID: 0-1787310082
Opcode ID: 7fba36094e0375ad79a4794b1bfe06e0c16b13e44bf578b585e93861a25358ab
Instruction ID: 13dc0d9d2e2f38bca1e104833fe3c1d0f3b6d9c3a8a8e0fe9648826bd524e615
Opcode Fuzzy Hash: 7fba36094e0375ad79a4794b1bfe06e0c16b13e44bf578b585e93861a25358ab
Instruction Fuzzy Hash: 845118F3D102246EF718CA28DD9AADB7B78EB91314F0441BBE40D66584D6785BC1CE91

Function 00402DAB Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 292c7f5c607a7d724ec6a49b79769f51f8faf69fd1726b2417aac0d4a615cb4e
Instruction ID: acd6f7cabc42ae82d4b10b927852d72dbb90ae2969e18dfdc22d3d375f032539
Opcode Fuzzy Hash: 292c7f5c607a7d724ec6a49b79769f51f8faf69fd1726b2417aac0d4a615cb4e
Instruction Fuzzy Hash: 3691C4B2D051159BE728CB28CD5AAEEBBB9EB84314F1481BBD40DA76C0D7785B81CE41

Function 004020C4 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5538dab93b3494c38674988704fb225a1fdc146eaf53874596b4965923a7c41d
Instruction ID: e86bd9378ef356e4a829cccb27c036346b6cb2b3e4564b7abd1d883ef8f1daa9
Opcode Fuzzy Hash: 5538dab93b3494c38674988704fb225a1fdc146eaf53874596b4965923a7c41d
Instruction Fuzzy Hash: B37197B2D002155FF768CA25DD8AAEBBB7AEBC0314F0481FBD40D66684D7785E82CE51

Function 004020D3 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56fd6427f354e985fa865f0438a7798f5e903f3b77eb7be04027c5d97195961e
Instruction ID: 606c6a7b1daff71553582ec09db883219df78950ee1091c39285468b16d32d08
Opcode Fuzzy Hash: 56fd6427f354e985fa865f0438a7798f5e903f3b77eb7be04027c5d97195961e
Instruction Fuzzy Hash: 8171B7B2D002155FFB28CA25DD89AEBBB7AEBC0304F0481FBD80D66594D7785E82CE51

Function 004020F9 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ae12e4b68cc26181c430402bebfca5f193652ce73b294d2104c898188c9235
Instruction ID: 62b41759915655d26ae6c2a2eca3559bfd642b6edaea59b1f7c81828d0c9e77d
Opcode Fuzzy Hash: 59ae12e4b68cc26181c430402bebfca5f193652ce73b294d2104c898188c9235
Instruction Fuzzy Hash: 0B61A6B2D002155FFB28CA15DD8AAEABB7AEBC0304F0481FBD40D66684D7785F82CE51

Function 0040287C Relevance: .2, Instructions: 169COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 704d7b6767167744004c1cd16bc3e8258a02f3df9e307b2a14251db3713cc125
Instruction ID: 2e83eb8c2a4e195a6c6dacac4e508dc71c7b1351ce26eca48c63f470e8cffdeb
Opcode Fuzzy Hash: 704d7b6767167744004c1cd16bc3e8258a02f3df9e307b2a14251db3713cc125
Instruction Fuzzy Hash: 0B5126F3D102146EF718CA28DD8AAEB7BB8DB91314F0481BBE40D665C4D6785BC5CE92

Function 0040288F Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16771d0ee049121cb1caec84dccd747ebf9f4ee4244a13f98c581f20310f2485
Instruction ID: 20803221447d76c4d65d7e8f346f3a5c2d0a3988df2a93970d511917dfc43808
Opcode Fuzzy Hash: 16771d0ee049121cb1caec84dccd747ebf9f4ee4244a13f98c581f20310f2485
Instruction Fuzzy Hash: AF5106F3D102146EF718CA28DC9AADB7BB8DB91314F0441BBE40D66584D6785BC5CE92

Function 0051D18E Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dc1bd58b7dab40d83678cabd1a07b3e1058d0b3c85fb744e33264e7b79d08869
Instruction ID: f245b25bdae4cc4b167eaa8bc1561994d1b35e5f55760df450f46206c5ba0294
Opcode Fuzzy Hash: dc1bd58b7dab40d83678cabd1a07b3e1058d0b3c85fb744e33264e7b79d08869
Instruction Fuzzy Hash: 0351D0B6D005249EEB208B54DC88AEABBB5FF85310F1140FAD84E57240E7745EC1CF65

Function 0041E6EC Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0859e2d192a1b0105e070f713a3aa28c2d0676c4297887766b6aac3d85a2badd
Instruction ID: bc14f4cf837f8ad89f302fc3b0025e0f701d41267faee28eae4623e21d8b1f07
Opcode Fuzzy Hash: 0859e2d192a1b0105e070f713a3aa28c2d0676c4297887766b6aac3d85a2badd
Instruction Fuzzy Hash: 0051B1B5D002268AEB349F26CC846FEB775EF85304F1080FAD84D97690E6389EC5DB16

Function 004028C2 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e822d7c01fe5ab94eca8ce434b7d33fef6d38620c49e1e2879f15d5dbf202a5
Instruction ID: 69f4e91c6137b03560912e453298dba681c1a9931afff28023214ac1bb35ad50
Opcode Fuzzy Hash: 2e822d7c01fe5ab94eca8ce434b7d33fef6d38620c49e1e2879f15d5dbf202a5
Instruction Fuzzy Hash: 2A5108F3D102246EF718CA28DD9AADB7B78EB91314F0441BBE40D65584D6785BC1CE92

Function 0040F165 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d792af20e65c1581f81eacdc9475c8822eb3be5f75dddd6d093862d45e17daec
Instruction ID: 83d4c67c8e09584e90521794c6afb4427750bf3a24c46f7f54dc0fcdf56bca39
Opcode Fuzzy Hash: d792af20e65c1581f81eacdc9475c8822eb3be5f75dddd6d093862d45e17daec
Instruction Fuzzy Hash: 0951CEB1D141248BEB748B65DC946EEB675EF44310F2082FBD80DA7680E7395EC5CE15

Function 0040827E Relevance: 94.7, APIs: 2, Strings: 52, Instructions: 208windowCOMMON

Download Yara Rule

APIs

CheckMenuItem.USER32(?,0000807B,00000008), ref: 00420394
wsprintfW.USER32 ref: 00420491

Part of subcall function 0042B437: __EH_prolog.LIBCMT ref: 0042B43C

Strings

u, xrefs: 00420413
W, xrefs: 00408327
e, xrefs: 00420443
f, xrefs: 0042044B
t, xrefs: 0042042F
k, xrefs: 0042041F
i, xrefs: 004203EF
t, xrefs: 004203F3
n, xrefs: 004082FD
x, xrefs: 0042042B
l, xrefs: 0040830B
%s%s%d, xrefs: 0042048B
\, xrefs: 004203DF
t, xrefs: 004082BE
a, xrefs: 00420403
u, xrefs: 004082DA
T, xrefs: 00420423
i, xrefs: 00420417
4AD, xrefs: 004203C5
?, xrefs: 004203E3
&, xrefs: 00420447
a, xrefs: 004082F6
o, xrefs: 004082CC
e, xrefs: 004082E8
=, xrefs: 00420457
e, xrefs: 004082B7
M, xrefs: 004082C5
t, xrefs: 0042043F
c, xrefs: 0042041B
q, xrefs: 00420453
e, xrefs: 004203EB
open, xrefs: 004204A2
e, xrefs: 00420427
a, xrefs: 00420437
s, xrefs: 004203E7
a, xrefs: 0042044F
e, xrefs: 004203F7
E, xrefs: 00408319
x, xrefs: 00408320
d, xrefs: 00408304
d, xrefs: 004082D3
P, xrefs: 00420433
Q, xrefs: 0042040F
l, xrefs: 004082E1
s, xrefs: 0042043B
H, xrefs: 004082EF
-, xrefs: 0042040B
G, xrefs: 004082B0
e, xrefs: 00408312
=, xrefs: 004203FB
q, xrefs: 00420407
f, xrefs: 004203FF

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CheckH_prologItemMenuwsprintf
String ID: %s%s%d$&$-$4AD$=$=$?$E$G$H$M$P$Q$T$W$\$a$a$a$a$c$d$d$e$e$e$e$e$e$e$f$f$i$i$k$l$l$n$o$open$q$q$s$s$t$t$t$t$u$u$x$x
API String ID: 3555884098-3532295214
Opcode ID: 537394cd438cdf32110be765a217814a5c4bec02f00cc9273f1e5b19de0ffbe7
Instruction ID: ccf789408ba8d9d01bb46e161f2468a1dedd15672211cb991c20f0d1cf94b3ce
Opcode Fuzzy Hash: 537394cd438cdf32110be765a217814a5c4bec02f00cc9273f1e5b19de0ffbe7
Instruction Fuzzy Hash: DC91C8309086D8E9EB12D7A4DC49BDEBFB55F16308F04409EE548662C3CBBE1958CB76

Function 004205F1 Relevance: 65.0, APIs: 43, Instructions: 488windowCOMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 00420603
GetWindowRect.USER32(?,00480388), ref: 0042061B
GetSystemMetrics.USER32(00000032), ref: 00420636
SendMessageW.USER32(?,00000005,00000000,00000000), ref: 0042065A
GetSystemMetrics.USER32(00000031), ref: 00420662
SendMessageW.USER32(?,00000404,00000004,?), ref: 004206D7
SetWindowPos.USER32(?,00000000,00000004,00000004,00000000,?,00000000), ref: 004206FB
GetWindowRect.USER32(?,?), ref: 0042070B
GetDlgItem.USER32(?,00000BD7), ref: 0042071D
GetDlgItem.USER32(?,00000FBE), ref: 0042072E
GetWindowRect.USER32(?,?), ref: 0042075D
ScreenToClient.USER32(?,?), ref: 0042077A
ScreenToClient.USER32(?,?), ref: 00420785
CopyRect.USER32(?,?), ref: 00420792
SetWindowPos.USER32(?,00000000,?,?,?,?,00000000), ref: 004207BC
ShowWindow.USER32(?,00000000), ref: 004207C6
SetWindowPos.USER32(?,00000000,?,?,?,00000005,00000040), ref: 004207E8
CopyRect.USER32(?,?), ref: 004207F6
SetWindowPos.USER32(00000000,0000000E,?,0000000E,?,00000000), ref: 0042086D
SetWindowPos.USER32(?,00000000,0000000E,?,0000000E,?,00000200), ref: 004208A8
GetSystemMetrics.USER32(00000032), ref: 004208C3
GetDlgItem.USER32(?,00000414), ref: 004208EE
SetWindowPos.USER32(00000000,00000000,0000000E,?,0000000E,?,00000000), ref: 00420912
GetDlgItem.USER32(?,000003EC), ref: 0042091C
SetWindowPos.USER32(?,00000000,0000000E,?,0000000E,?,00000000), ref: 00420956
GetSystemMetrics.USER32(00000032), ref: 0042095A
GetSystemMetrics.USER32(00000032), ref: 00420979
GetDlgItem.USER32(?,00000419), ref: 004209B4
ShowWindow.USER32(00000000,00000000), ref: 004209BC
SetWindowPos.USER32(?,00000000,0000000E,?,0000000E,?,00000040), ref: 004209DD
GetDlgItem.USER32(?,00000410), ref: 004209E7
ShowWindow.USER32(00000000,00000000), ref: 00420A1A
SetWindowPos.USER32(00000000,00000000,0000000E,?,0000000E,?,00000040), ref: 00420A39
GetDlgItem.USER32(?,0000041A), ref: 00420A5B
SetWindowPos.USER32(00000000,00000000,-000000EA,?,00000000,?,00000000), ref: 00420A88
GetDlgItem.USER32(?,00000412), ref: 00420AA6
SetWindowPos.USER32(?,00000000,00000000,?,0000000E,?,00000000), ref: 00420AEA
GetDlgItem.USER32(?,0000041E), ref: 00420AF4
SetWindowPos.USER32(?,00000000,0000000E,?,0000000E,?,00000000), ref: 00420B30
GetDlgItem.USER32(?,00000411), ref: 00420B3A
SetWindowPos.USER32(?,00000000,00000000,?,0000000E,?,00000000), ref: 00420B70
GetSystemMetrics.USER32(00000032), ref: 00420B76
SetWindowPos.USER32(00000000,00000000,?,?,00000000), ref: 00420BA5

Part of subcall function 004362C5: GetWindowLongW.USER32(00000000,000000FC), ref: 004362F0
Part of subcall function 004362C5: SetWindowLongW.USER32(?,000000FC,0043622C), ref: 00436305
Part of subcall function 004362C5: GetClientRect.USER32(?,00000000), ref: 0043631D
Part of subcall function 004362C5: SendMessageW.USER32(?,00000418,00000000,00000000), ref: 0043634A
Part of subcall function 004362C5: SendMessageW.USER32(?,0000041D,-00000001,?), ref: 0043635A
Part of subcall function 004362C5: SetWindowPos.USER32(?,00000000,00420BC1,?,00420BC1,?,00000040,?,?,?,00420BC1,00000000,00000000), ref: 00436379

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Window$Item$Rect$MetricsSystem$ClientMessageSend$Show$CopyLongScreen
String ID:
API String ID: 1244584264-0
Opcode ID: 6f05e2dde071d3fcd63e3bbacb5e932178fae21c99f71a767f67f7f002c632da
Instruction ID: 923e96935bc56571748812aacab09e6193dce8e74519d4da1ece88cee5b03f58
Opcode Fuzzy Hash: 6f05e2dde071d3fcd63e3bbacb5e932178fae21c99f71a767f67f7f002c632da
Instruction Fuzzy Hash: B912F472D01208EFDF01DFA5EE89AEEBBB9FF48300F259025F904BA165D7715A108B64

Function 004218E6 Relevance: 49.3, APIs: 11, Strings: 17, Instructions: 265stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004218EB
wsprintfW.USER32 ref: 0042192C

Part of subcall function 00425052: wsprintfW.USER32 ref: 00425084

lstrcatW.KERNEL32(?,L-Win), ref: 004219C6
lstrcatW.KERNEL32(?,004550D4), ref: 00421A01
lstrcatW.KERNEL32(?,?), ref: 00421A0E
lstrcatW.KERNEL32(?,004454A8), ref: 00421A1C
lstrcatW.KERNEL32(?,?), ref: 00421A26
lstrcatW.KERNEL32(?,<E<N<D|), ref: 00421A3F
lstrcmpW.KERNEL32(?,?), ref: 00421A70
lstrcmpW.KERNEL32(?,?), ref: 00421AD4
wsprintfW.USER32 ref: 00421B0D

Strings

R-Mouse, xrefs: 004219B3
<E<N<D|, xrefs: 00421A39
list_label, xrefs: 00421AEC
Alt-Gr, xrefs: 0042196B
4AD, xrefs: 004219CC
L-Mouse, xrefs: 0042199B
|PE, xrefs: 00421B12
list_order, xrefs: 00421AB5
L-Win, xrefs: 004219BA
Ctrl, xrefs: 00421977
R-Win, xrefs: 00421953
text_%03d, xrefs: 00421926, 00421B07
list_text, xrefs: 00421A84
M-Mouse, xrefs: 004219A7
Ctrl-Alt, xrefs: 0042195F
R-Ctrl, xrefs: 0042198F
Alt, xrefs: 00421983

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: lstrcat$wsprintf$lstrcmp$H_prolog
String ID: 4AD$<E<N<D|$Alt$Alt-Gr$Ctrl$Ctrl-Alt$L-Mouse$L-Win$M-Mouse$R-Ctrl$R-Mouse$R-Win$list_label$list_order$list_text$text_%03d$|PE
API String ID: 2331027252-727685743
Opcode ID: 6e974ebdc80453f8bf89e391fe1004543c90190103f33660c1cb9eed32af2527
Instruction ID: 305e11b582ee5674688aba6902b22d4fce04e225f30b5c17fe9feb6b59f3fa5b
Opcode Fuzzy Hash: 6e974ebdc80453f8bf89e391fe1004543c90190103f33660c1cb9eed32af2527
Instruction Fuzzy Hash: BAA1E971900658BACB10EB90DD95FEE776CAF24304F5480ABF905A3191DB7C9B48CB69

Function 00427502 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 324stringwindowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00427507
InterlockedIncrement.KERNEL32(-000000F4), ref: 00427532
wsprintfW.USER32 ref: 004275DA
lstrlenW.KERNEL32(00000000,000000FF,?,?,?,00000010), ref: 00427676
lstrlenW.KERNEL32(?,?,?,?,?,00000010), ref: 004276A1
lstrlenW.KERNEL32(00000000,?,?,?,?,?,?,?,00000010), ref: 004276CB

Part of subcall function 00421ECF: __EH_prolog.LIBCMT ref: 00421ED4
Part of subcall function 00421ECF: lstrlenW.KERNEL32(00000000,00001000,?,76E1E0B0,?,00000000,?,?,0042787E,00000000,?,?,00000000,?,?,00000000), ref: 00421F07

lstrlenW.KERNEL32(?,?,00000000,00000000,?,?,?,00000010), ref: 004276F7
MessageBoxW.USER32(0000000A,?,?,00000003), ref: 004277D0

Strings

list_order, xrefs: 0042765E
text_%03d, xrefs: 004275D4
0hE, xrefs: 00427742
list_text, xrefs: 0042762E
list_label, xrefs: 00427610
%s: %d, xrefs: 0042777F
4AD, xrefs: 0042753A, 0042763B, 00427761
0hE, xrefs: 0042754F
list, xrefs: 004275F3

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: lstrlen$H_prolog$IncrementInterlockedMessagewsprintf
String ID: %s: %d$0hE$0hE$4AD$list$list_label$list_order$list_text$text_%03d
API String ID: 101203759-2156759317
Opcode ID: 89ed76bf90950f2ae37a537d31068173e5987552b81e97b9d3f3b8fdd7fdc37e
Instruction ID: dff87e9b3940e85c95b9824c9d0008bd55deb00be2d41abe113388fb65a849ab
Opcode Fuzzy Hash: 89ed76bf90950f2ae37a537d31068173e5987552b81e97b9d3f3b8fdd7fdc37e
Instruction Fuzzy Hash: 24C16171D0424DAADF04EBE5C999EEEBBBCAF19308F10016EE115B31C1DB785A44CB69

Function 00425052 Relevance: 29.8, APIs: 2, Strings: 15, Instructions: 93COMMON

Download Yara Rule

APIs

wsprintfW.USER32 ref: 00425084
wsprintfW.USER32 ref: 004250A1

Strings

NUM_*, xrefs: 004250BF
Del, xrefs: 0042511F
NUM_., xrefs: 004250EF
NUM_/, xrefs: 004250FB
Right, xrefs: 0042515B
NUM_,, xrefs: 004250D7
NUM_%d, xrefs: 0042507C
TAB, xrefs: 004250B3
NUM_+, xrefs: 004250CB
ESC3, xrefs: 00425107
NUM_-, xrefs: 004250E3
F%d, xrefs: 00425067
Left, xrefs: 0042514C
Down, xrefs: 0042513D
Space, xrefs: 00425113

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: wsprintf
String ID: Del$Down$ESC3$F%d$Left$NUM_%d$NUM_*$NUM_+$NUM_,$NUM_-$NUM_.$NUM_/$Right$Space$TAB
API String ID: 2111968516-1788754765
Opcode ID: f66a46fd12f69995153c1cae6e64894327a738403d8d8ec6a87eacb9d8e3ef1b
Instruction ID: fb27a073f83e29f15c1bda8b5e65fb32c354b5abc1bede79b60cea97612c775e
Opcode Fuzzy Hash: f66a46fd12f69995153c1cae6e64894327a738403d8d8ec6a87eacb9d8e3ef1b
Instruction Fuzzy Hash: E8218311B48F34B64E300524BE92B3E62525626F66BF08513F902D86EAD1FD8CD691CF

Function 00435209 Relevance: 28.6, APIs: 19, Instructions: 150windowCOMMON

Download Yara Rule

APIs

GetIconInfo.USER32(?,?), ref: 0043521B
GetDC.USER32(00000000), ref: 0043522A
CreateCompatibleDC.GDI32(00000000), ref: 0043523C
CreateCompatibleDC.GDI32(00000000), ref: 00435242
GetObjectW.GDI32(?,00000018,?), ref: 00435269
CreateBitmap.GDI32(?,?,?,?,00000000), ref: 0043529A
SelectObject.GDI32(?,?), ref: 004352B7
SelectObject.GDI32(?,?), ref: 004352C2
GetPixel.GDI32(00000000,00000000,?), ref: 004352E6
SetPixel.GDI32(?,00000000,?,?), ref: 0043534A
SelectObject.GDI32(?,?), ref: 00435370
SelectObject.GDI32(?,?), ref: 00435378
CreateIconIndirect.USER32(00000001), ref: 0043538B
DeleteObject.GDI32(?), ref: 00435396
DeleteObject.GDI32(?), ref: 0043539B
DeleteObject.GDI32(?), ref: 004353A0
DeleteDC.GDI32(?), ref: 004353AB
DeleteDC.GDI32(?), ref: 004353B0
ReleaseDC.USER32(00000000,?), ref: 004353B7

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Object$Delete$CreateSelect$CompatibleIconPixel$BitmapIndirectInfoRelease
String ID:
API String ID: 4176011905-0
Opcode ID: eaea4ba6c47036ab21d483449654682ba20451ed1df99df75e39fb9125468f94
Instruction ID: 049c9c6863bca4da748134b191693f4b8ac029bc71d22b5e3f0e0cc1fe1b6ce3
Opcode Fuzzy Hash: eaea4ba6c47036ab21d483449654682ba20451ed1df99df75e39fb9125468f94
Instruction Fuzzy Hash: 70510271D00218EFDF109FA1DC849AEBFB5FF48351F10902AE911B2260DB759A50EFA4

Function 004355CC Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 129windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(00000000,ToolbarWindow32,00000000,5600994C,00000000,00000000,000000B4,?,?,00000000,00000000), ref: 00435601
GetStockObject.GDI32(00000011), ref: 00435615
GetObjectW.GDI32(00000000,0000005C,?), ref: 00435633
SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 0043565C
CreateFontIndirectW.GDI32(?), ref: 0043567A
SendMessageW.USER32(?,00000030,?,00000000), ref: 00435692
SendMessageW.USER32(?,0000041E,00000014,00000000), ref: 0043569F
SendMessageW.USER32(?,00000420,00000000,00100001), ref: 004356AF
GetClientRect.USER32(?,?), ref: 004356C3
SetWindowPos.USER32(?,00000000,00000000,?,?,00000000,00000040), ref: 004356E9
GetWindowLongW.USER32(?,000000FC), ref: 00435700
SetWindowLongW.USER32(?,000000FC,00435849), ref: 00435717
GetWindowLongW.USER32(?,000000FC), ref: 0043571E
SetWindowLongW.USER32(?,000000FC,0043580B), ref: 0043572F

Strings

ToolbarWindow32, xrefs: 004355FB

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Window$Long$MessageSend$CreateObject$ClientFontIndirectInfoParametersRectStockSystem
String ID: ToolbarWindow32
API String ID: 2936060913-4104838417
Opcode ID: 3f51542d2a0b2004c8526f9ef05dbcaebad891402990623c3b930f2bb6b1b828
Instruction ID: f76f25e1fa694d056b7f7f73ac2d24a184e6b0527aa05ac2f277c84c8476ae4a
Opcode Fuzzy Hash: 3f51542d2a0b2004c8526f9ef05dbcaebad891402990623c3b930f2bb6b1b828
Instruction Fuzzy Hash: 5D418172900224BFDB509FA5EC89EEB7F78EF48760F115125FA08E61A1D7709904CF94

Function 004360E5 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 122windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(76AB2370,ToolbarWindow32,00000000,00000000,00000000,00000000,000000B4,00000014,00000000,00000000,00000000,00000000), ref: 00436113
GetStockObject.GDI32(00000011), ref: 00436127
GetObjectW.GDI32(00000000,0000005C,?), ref: 00436145
SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 0043616E
CreateFontIndirectW.GDI32(?), ref: 0043618A
SendMessageW.USER32(00000000,00000030,?,00000000), ref: 004361A2
SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 004361AF
SendMessageW.USER32(00000000,00000420,00000000,00100000), ref: 004361BF
GetDlgItem.USER32(00000000,?), ref: 004361CC
ShowWindow.USER32(00000000,00000000), ref: 004361E1
GetWindowRect.USER32(00000000,00000000), ref: 004361EC
ScreenToClient.USER32(00000000,00000000), ref: 004361FF
ScreenToClient.USER32(00000000,76AB2370), ref: 00436208
SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000018,00000000), ref: 0043621E

Strings

ToolbarWindow32, xrefs: 0043610B

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Window$MessageSend$ClientCreateObjectScreen$FontIndirectInfoItemParametersRectShowStockSystem
String ID: ToolbarWindow32
API String ID: 171734827-4104838417
Opcode ID: 872a04bb76daadf6eeb8962ea1ced062aef14eece72818880b888df5f63a513b
Instruction ID: 92c2e2c1fc3dde78d9c0d2bc275dc0a06e604331f58c1d2c7f24981343337753
Opcode Fuzzy Hash: 872a04bb76daadf6eeb8962ea1ced062aef14eece72818880b888df5f63a513b
Instruction Fuzzy Hash: D541097690021DBFEF119FA4DC84EEE7B7DEB08344F008426FA14A61A0D771AE149F64

Function 00432160 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 105windowCOMMON

Download Yara Rule

APIs

CreateWindowExW.USER32(?,ToolbarWindow32,00000000,?,00000000,00000000,000000B4,00000014,?,00000000,00000000), ref: 0043218B
GetStockObject.GDI32(00000011), ref: 0043219E
GetObjectW.GDI32(00000000,0000005C,?), ref: 004321BC
CreateFontIndirectW.GDI32(?), ref: 004321D1
SendMessageW.USER32(00000000,00000030,?,00000000), ref: 004321E7
SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 004321F2
SendMessageW.USER32(00000000,00000420,00000000,00100000), ref: 00432200
GetDlgItem.USER32(?,?), ref: 0043220D
ShowWindow.USER32(?,00000000), ref: 00432225
GetWindowRect.USER32(?,?), ref: 00432232
ScreenToClient.USER32(?,?), ref: 00432245
ScreenToClient.USER32(?,?), ref: 0043224E
SetWindowPos.USER32(00000000,00000000,?,?,?,00000018,00000000), ref: 00432262

Strings

ToolbarWindow32, xrefs: 00432183

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Window$MessageSend$ClientCreateObjectScreen$FontIndirectItemRectShowStock
String ID: ToolbarWindow32
API String ID: 1801995013-4104838417
Opcode ID: 75dccdb2353e919780bed2b11c83ca037eab2203106cc7818d96142dd42cfe0a
Instruction ID: cc59631b687ed46b3897f8ef20cc18819bfc4e5e2055f90e08ac7289b8131753
Opcode Fuzzy Hash: 75dccdb2353e919780bed2b11c83ca037eab2203106cc7818d96142dd42cfe0a
Instruction Fuzzy Hash: E83129B690025DBFEB019FA4EC85EEF7BBDFB48749F004025FA00A61A1D3719D149BA5

Function 00421ECF Relevance: 21.2, APIs: 2, Strings: 10, Instructions: 190stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00421ED4
lstrlenW.KERNEL32(00000000,00001000,?,76E1E0B0,?,00000000,?,?,0042787E,00000000,?,?,00000000,?,?,00000000), ref: 00421F07

Strings

R-Mouse, xrefs: 00422018
L-Win, xrefs: 0042202D
Ctrl, xrefs: 00421FA0
R-Win, xrefs: 00421F52
M-Mouse, xrefs: 00422003
Alt-Gr, xrefs: 00421F84
Ctrl-Alt, xrefs: 00421F6B
R-Ctrl, xrefs: 00421FD5
L-Mouse, xrefs: 00421FEA
Alt, xrefs: 00421FBC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: H_prologlstrlen
String ID: Alt$Alt-Gr$Ctrl$Ctrl-Alt$L-Mouse$L-Win$M-Mouse$R-Ctrl$R-Mouse$R-Win
API String ID: 2133942097-684211483
Opcode ID: f3bd2888a5d8743ae5920ba6bac0428a4c442ee898a2ef51e22436192443f3a1
Instruction ID: e34d6a5a56890267d0a77cb0a0af09d494010216408d4ade35e7860ad381712d
Opcode Fuzzy Hash: f3bd2888a5d8743ae5920ba6bac0428a4c442ee898a2ef51e22436192443f3a1
Instruction Fuzzy Hash: 6F512522B44A30B5CB31A750F941FBF6364AF2176AF60802FF511E61D2EBEC5A45C29D

Function 0042A30D Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 53stringCOMMON

Download Yara Rule

APIs

lstrcatW.KERNEL32(?,R-Mouse), ref: 0042A381
lstrcatW.KERNEL32(?,L-Win), ref: 0042A395

Strings

R-Mouse, xrefs: 0042A379
L-Win, xrefs: 0042A38D
Ctrl, xrefs: 0042A33D
R-Win, xrefs: 0042A319
M-Mouse, xrefs: 0042A36D
Alt-Gr, xrefs: 0042A331
Ctrl-Alt, xrefs: 0042A325
R-Ctrl, xrefs: 0042A355
L-Mouse, xrefs: 0042A361
Alt, xrefs: 0042A349

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: lstrcat
String ID: Alt$Alt-Gr$Ctrl$Ctrl-Alt$L-Mouse$L-Win$M-Mouse$R-Ctrl$R-Mouse$R-Win
API String ID: 4038537762-684211483
Opcode ID: 0196e6e6f9712b71f51dbd6c5d103967daff606a101654226cc2a381356c9e14
Instruction ID: a020f727c1a1fbe9591c624d4daefe5a6311d8d08f741b389f1f89b872b333bc
Opcode Fuzzy Hash: 0196e6e6f9712b71f51dbd6c5d103967daff606a101654226cc2a381356c9e14
Instruction Fuzzy Hash: 2101D432FC4A30F74E30A4487C51BBA6A401326B22BF14163FD5ABA5A6419D0CB5598F

Function 00430481 Relevance: 19.6, APIs: 13, Instructions: 112COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00430486
OffsetRect.USER32(?,?,?), ref: 004304D0
OffsetRect.USER32(00000001,00000001,00000001), ref: 004304EB
GetSysColor.USER32(00000014), ref: 004304F9
GetSysColor.USER32(00000010), ref: 00430521
CreatePen.GDI32(00000000,00000000,00000000), ref: 00430526
DeleteObject.GDI32(00000000), ref: 00430548
DeleteObject.GDI32(?), ref: 00430552
CreatePen.GDI32(00000000,00000000,00000000), ref: 00430506

Part of subcall function 00431AAD: SelectObject.GDI32(0043058E,76AAA5C0), ref: 00431ABA
Part of subcall function 00431AAD: MoveToEx.GDI32(0043058E,0043058E,1015FF56,00000000), ref: 00431AD6
Part of subcall function 00431AAD: LineTo.GDI32(0043058E,8B0043C1,5E5FF44D), ref: 00431AE5
Part of subcall function 00431AAD: MoveToEx.GDI32(0043058E,00000001,1015FF56,00000000), ref: 00431AF1
Part of subcall function 00431AAD: LineTo.GDI32(0043058E,8B0043C2,5E5FF44D), ref: 00431AFC
Part of subcall function 00431AAD: MoveToEx.GDI32(0043058E,0043058E,5E5FF44C,00000000), ref: 00431B08
Part of subcall function 00431AAD: LineTo.GDI32(0043058E,8B0043C1,1015FF55), ref: 00431B13
Part of subcall function 00431AAD: MoveToEx.GDI32(0043058E,5E5FF44D,5E5FF44C,00000000), ref: 00431B21
Part of subcall function 00431AAD: LineTo.GDI32(0043058E,8B0043C2,1015FF55), ref: 00431B2E
Part of subcall function 00431AAD: SelectObject.GDI32(0043058E,76AAA5C0), ref: 00431B35

OffsetRect.USER32(00000006,00000001,00000001), ref: 00430562
GetSysColor.USER32(00000012), ref: 0043056A
CreatePen.GDI32(00000000,00000000,00000000), ref: 00430575
DeleteObject.GDI32(00000000), ref: 00430593

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Object$LineMove$ColorCreateDeleteOffsetRect$Select$H_prolog
String ID:
API String ID: 132611724-0
Opcode ID: 138b57e503952e2e3ef7f0f16d7fd84a21ad59701c9fec39699694140e1e4f3a
Instruction ID: 46e6b0f7213544dc18f5c4da83762ef9c03a1ef126acf789cfd90c33d762b217
Opcode Fuzzy Hash: 138b57e503952e2e3ef7f0f16d7fd84a21ad59701c9fec39699694140e1e4f3a
Instruction Fuzzy Hash: 80411AB1D00218AFDB11DFA5CC85BEEBBB9EF48314F00951AF915B7250C7B59A048FA5

Function 00436F70 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(?,00000000,?,?,?,?,?,00436B7E,?,?), ref: 00436F89
lstrlenW.KERNEL32(?,?,?,?,?,00436B7E,?,?), ref: 00436FA6
SetTextColor.GDI32(0000FFFF,~kC), ref: 00436FB7
OutputDebugStringW.KERNEL32(NULL,?,?,?,?,00436B7E,?,?), ref: 00436FC8
GetCurrentObject.GDI32(0000FFFF,00000006), ref: 00436FD3
GetObjectW.GDI32(00000000,0000005C,?), ref: 00436FE4
CreateFontIndirectW.GDI32(?), ref: 00436FEB
DrawTextW.USER32(0000FFFF,?,0000FFFF,00000000,?), ref: 0043701F
DrawTextW.USER32(0000FFFF,?,000000FF,00000000,?), ref: 0043704F

Strings

NULL, xrefs: 00436FC3
~kC, xrefs: 00436FB1

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Text$DrawObjectlstrlen$ColorCreateCurrentDebugFontIndirectOutputString
String ID: NULL$~kC
API String ID: 2332924160-1157440343
Opcode ID: 4ae050228ae3f762b57b8d527a585c44ffd6c7374dfb5799d373051af9ff40f5
Instruction ID: 32513ef4225b7dbf12b6419026106d66b39d41e6418e96635585d9dc61f34225
Opcode Fuzzy Hash: 4ae050228ae3f762b57b8d527a585c44ffd6c7374dfb5799d373051af9ff40f5
Instruction Fuzzy Hash: 64318D7150020AFFCB149FA8DC85AAA7BB9EF08314F119129F916E22A0C735D9519B18

Function 00435BFC Relevance: 18.2, APIs: 12, Instructions: 175windowCOMMON

Download Yara Rule

APIs

ScreenToClient.USER32(?,?), ref: 00435C44

Part of subcall function 00435BAB: SendMessageW.USER32(?,00000445,00000000,?), ref: 00435BB9

ScreenToClient.USER32(?,?), ref: 00435C91

Part of subcall function 00435DFE: GetMessagePos.USER32 ref: 00435DFE

PostMessageW.USER32(?,0000084D,00000000,00000000), ref: 00435D01
SendMessageW.USER32(?,0000011F,?,?), ref: 00435D1A
PostMessageW.USER32(?,0000001F,00000000,00000000), ref: 00435D65
PostMessageW.USER32(?,0000084D,00000000,00000000), ref: 00435D71
PostMessageW.USER32(?,00000100,00000028,00000000), ref: 00435D7E

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Message$Post$ClientScreenSend
String ID:
API String ID: 438416525-0
Opcode ID: 60a7e8d324673432992717aaadcd6ff05456399c72d3870ab3bd338f88e9b8a5
Instruction ID: 2a1818dc928b07f8f12ddde4aa5868b3ec20cef3fe632689e787451c26aeece7
Opcode Fuzzy Hash: 60a7e8d324673432992717aaadcd6ff05456399c72d3870ab3bd338f88e9b8a5
Instruction Fuzzy Hash: 8051B231500B04AFCB319F16CC88E9BBBF9EF8CB04F10952EF58696661C774A941DB18

Function 0042D4F4 Relevance: 18.1, APIs: 12, Instructions: 87COMMON

Download Yara Rule

APIs

GetClientRect.USER32(00000000,00000000), ref: 0042D511
DrawEdge.USER32(?,00000000,00000006,0000200B), ref: 0042D53A
FillRect.USER32(?,00000000,00000010), ref: 0042D549
DrawEdge.USER32(?,00000000,00000006,00002007), ref: 0042D56D
FillRect.USER32(?,00000000,00000010), ref: 0042D57A
GetSysColor.USER32(00000008), ref: 0042D582
SetTextColor.GDI32(?,00000000), ref: 0042D58A
SetBkMode.GDI32(?,00000001), ref: 0042D593
GetStockObject.GDI32(00000011), ref: 0042D59B
SelectObject.GDI32(?,00000000), ref: 0042D5A9
DrawTextW.USER32(?,?,000000FF,00000004,00008024), ref: 0042D5D0
SelectObject.GDI32(?,00000004), ref: 0042D5DA

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: DrawObjectRect$ColorEdgeFillSelectText$ClientModeStock
String ID:
API String ID: 303100802-0
Opcode ID: be91fde70604ba309ba84b06fb5e41ceb87a93f3c22d6c4ac74820cc584e0c58
Instruction ID: d2e2adb73274232bb2aef0161fc503774a35fff9785f72c0be1fa87e41e1273c
Opcode Fuzzy Hash: be91fde70604ba309ba84b06fb5e41ceb87a93f3c22d6c4ac74820cc584e0c58
Instruction Fuzzy Hash: F2316B32900218BFEB018FA4DC88EFFBBB8FB08714F004529FA16E6190C771A945CB65

Function 0043680E Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 358COMMON

Download Yara Rule

APIs

Part of subcall function 0043672E: GetSysColor.USER32(?), ref: 0043673B

CopyRect.USER32(?,?), ref: 00436943

Strings

, xrefs: 00436863

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ColorCopyRect
String ID:
API String ID: 3794717969-1776720792
Opcode ID: 5c9772dec5d805dd6dfde49b813ff185bcd6ae061b483e24b21aff21b6c50cda
Instruction ID: bab850502f826ae16235fee4ad5b7b1deb26fd9a43b8bc222d4fcaf7f1f5b6e4
Opcode Fuzzy Hash: 5c9772dec5d805dd6dfde49b813ff185bcd6ae061b483e24b21aff21b6c50cda
Instruction Fuzzy Hash: DCD16C71E00209EFCF14DFA8C885BEEBBB6AF48304F15806AE905BB291D775A945CF54

Function 00434F5D Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 106windowCOMMON

Download Yara Rule

APIs

FindWindowExW.USER32(00000000,00000000,Shell_TrayWnd,00000000), ref: 00434F77
FindWindowExW.USER32(00000000,00000000,TrayNotifyWnd,00000000), ref: 00434F85
GetWindowRect.USER32(00000000,?), ref: 00434F8F
SHAppBarMessage.SHELL32(00000005,?), ref: 00434FA7
FindWindowExW.USER32(00000000,00000000,Shell_TrayWnd,00000000), ref: 00435004
GetWindowRect.USER32(00000000,?), ref: 0043500F

Strings

Shell_TrayWnd, xrefs: 00434F6E, 00434F74, 00435001
$, xrefs: 00434F9D
TrayNotifyWnd, xrefs: 00434F7E

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Window$Find$Rect$Message
String ID: $$Shell_TrayWnd$TrayNotifyWnd
API String ID: 805496052-1160186678
Opcode ID: aca470a4a86d356b83a37e2c4104057e75468c51ea3e762e57e9c2cb622da7ca
Instruction ID: 2c9f2e3420141922909e519893d12b107e4d3a1898551895d3851cf8cf98412b
Opcode Fuzzy Hash: aca470a4a86d356b83a37e2c4104057e75468c51ea3e762e57e9c2cb622da7ca
Instruction Fuzzy Hash: 8231A170900605AFC728CF69C888DABBBF8EF89714F14855EF85AD7390D635AC40CB68

Function 00435F35 Relevance: 15.1, APIs: 10, Instructions: 111windowthreadCOMMON

Download Yara Rule

APIs

Part of subcall function 00435E57: GetSysColor.USER32(00000004), ref: 00435E70
Part of subcall function 00435E57: CreateSolidBrush.GDI32(00202020), ref: 00435E79

IsWindowVisible.USER32(?), ref: 00435F4B
GetActiveWindow.USER32 ref: 00435F59
GetSubMenu.USER32(?,?), ref: 00435F6E

Part of subcall function 00435BC2: SendMessageW.USER32(?,00000403,?,?), ref: 00435BDA

Part of subcall function 00435B92: SendMessageW.USER32(?,0000041D,?,?), ref: 00435BA2

MapWindowPoints.USER32(?,00000000,?,00000001), ref: 00435FC8
MapWindowPoints.USER32(?,00000000,?,00000002), ref: 00435FD4
GetCurrentThreadId.KERNEL32 ref: 00435FF6
SetWindowsHookExW.USER32(000000FF,0043607A,00000000,00000000), ref: 00436007
TrackPopupMenuEx.USER32(?,00000140,?,?,?,00000014), ref: 0043602D
SendMessageW.USER32(?,00000111,00000000,AFFE0000), ref: 00436045
UnhookWindowsHookEx.USER32(?), ref: 00436060

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Window$MessageSend$HookMenuPointsWindows$ActiveBrushColorCreateCurrentPopupSolidThreadTrackUnhookVisible
String ID:
API String ID: 3555522823-0
Opcode ID: d5e96c71b40245e8c850c57e5173b7712c3bfd98b42217a16c0dcc6eb81ae308
Instruction ID: af8b7d620b30591a07dcb7c5db87775e86cc94bb11aca02fd2cfae0a4338fb78
Opcode Fuzzy Hash: d5e96c71b40245e8c850c57e5173b7712c3bfd98b42217a16c0dcc6eb81ae308
Instruction Fuzzy Hash: 6541BCB2900214BFDF519FA5DC858AFBFB9FF48310B10956AF915E6265C370A900CF94

Function 004365CD Relevance: 15.1, APIs: 10, Instructions: 104COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000000F), ref: 004365F3
GetDC.USER32(00000000), ref: 0043660F
CreateFontIndirectW.GDI32(?), ref: 00436637
SelectObject.GDI32(?,00000000), ref: 00436643
DrawTextW.USER32(?,?,000000FF,?,00000424), ref: 0043667D
SelectObject.GDI32(?,?), ref: 0043668F
DeleteObject.GDI32(?), ref: 0043669A
GetSystemMetrics.USER32(00000047), ref: 004366D8
ReleaseDC.USER32(00000000,?), ref: 004366E9

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Object$MetricsSelectSystem$CreateDeleteDrawFontIndirectReleaseText
String ID:
API String ID: 2845678740-0
Opcode ID: 0dd1cdc975fa90c191e1b3f6d902dcce56dbf230f0a94245f5353f29224a4e99
Instruction ID: eefc56dc4ba074cc05ed8a12dcb2865e0cc639ee1b886fa549392c0575cec96a
Opcode Fuzzy Hash: 0dd1cdc975fa90c191e1b3f6d902dcce56dbf230f0a94245f5353f29224a4e99
Instruction Fuzzy Hash: FE419F31900629EFCF11CFA8C889AEEBBB5FF48740F15816AE915B7251C774A901DF98

Function 00428264 Relevance: 15.1, APIs: 10, Instructions: 92COMMON

Download Yara Rule

APIs

GetWindowPlacement.USER32(?,?), ref: 00428275
GetSystemMetrics.USER32(0000004F), ref: 004282AE
GetSystemMetrics.USER32(0000004D), ref: 004282B4
GetSystemMetrics.USER32(0000004E), ref: 004282BB
GetSystemMetrics.USER32(0000004C), ref: 004282C1
GetSystemMetrics.USER32(0000004D), ref: 004282C8
GetSystemMetrics.USER32(0000004C), ref: 004282CD
SetRect.USER32(?,00000000), ref: 004282D4
GetWindowRect.USER32(?,?), ref: 004282E1
MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00428336

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MetricsSystem$Window$Rect$MovePlacement
String ID:
API String ID: 3067230557-0
Opcode ID: 870f133595a486a6bf26aa3be2a5cb3c4c7eade40f216451adebc92329adc0dc
Instruction ID: 8bd225a0a0a47aa8a0b0c8ad36270c41b07badd969337c926225b95b87dd0b4f
Opcode Fuzzy Hash: 870f133595a486a6bf26aa3be2a5cb3c4c7eade40f216451adebc92329adc0dc
Instruction Fuzzy Hash: 4731EC71F00229AFDF04DBA8DD85AEEBBF9EF48710F10412AE605A7250DB75AD41CB94

Function 00425CDF Relevance: 15.1, APIs: 10, Instructions: 92windowtimeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00425CE4
SendMessageW.USER32(00001042,00000000,00000000,00000000), ref: 00425D02

Part of subcall function 00425C5D: SendMessageW.USER32(?,00000401,0000807B), ref: 00425C86
Part of subcall function 00425C5D: SendMessageW.USER32(?,00000401,0000807D), ref: 00425C90
Part of subcall function 00425C5D: SendMessageW.USER32(?,00000401,00008019), ref: 00425C9B
Part of subcall function 00425C5D: SendMessageW.USER32(?,00000401,0000807B,00000000), ref: 00425CB7
Part of subcall function 00425C5D: SendMessageW.USER32(?,00000401,0000807D,00000000), ref: 00425CC2
Part of subcall function 00425C5D: SendMessageW.USER32(?,00000401,00008019,00000000), ref: 00425CD6

SetWindowTextW.USER32(?,004547B4), ref: 00425D53
SetWindowTextW.USER32(?,?), ref: 00425D62
KillTimer.USER32(000007E8), ref: 00425D70
SetTimer.USER32(000007E8,000000C8,00000000), ref: 00425D84
SetDlgItemTextW.USER32(00000000,000003EC,00002010), ref: 00425D99
SetWindowTextW.USER32(?,00002010), ref: 00425DAA
SendMessageW.USER32(?,0000014D,00000000,?), ref: 00425DF3
SendMessageW.USER32(?,0000014E,?,00000000), ref: 00425E05

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend$Text$Window$Timer$H_prologItemKill
String ID:
API String ID: 82283145-0
Opcode ID: 135239a675c50c610d3c88f7011432b9c2c3cc4dc5ede83cda2dd2598131bad9
Instruction ID: 5f8deb670cbed0adec7b50a07d3aa2b4b88e6be29a6496bd3395f5a303cc45d5
Opcode Fuzzy Hash: 135239a675c50c610d3c88f7011432b9c2c3cc4dc5ede83cda2dd2598131bad9
Instruction Fuzzy Hash: 2C31AD71640208FBDB11AB60ECC9EEEB7B9FB08744F00442DF515A21E1DB74AD54CB18

Function 00431AAD Relevance: 15.1, APIs: 10, Instructions: 72COMMON

Download Yara Rule

APIs

SelectObject.GDI32(0043058E,76AAA5C0), ref: 00431ABA
MoveToEx.GDI32(0043058E,0043058E,1015FF56,00000000), ref: 00431AD6
LineTo.GDI32(0043058E,8B0043C1,5E5FF44D), ref: 00431AE5
MoveToEx.GDI32(0043058E,00000001,1015FF56,00000000), ref: 00431AF1
LineTo.GDI32(0043058E,8B0043C2,5E5FF44D), ref: 00431AFC
MoveToEx.GDI32(0043058E,0043058E,5E5FF44C,00000000), ref: 00431B08
LineTo.GDI32(0043058E,8B0043C1,1015FF55), ref: 00431B13
MoveToEx.GDI32(0043058E,5E5FF44D,5E5FF44C,00000000), ref: 00431B21
LineTo.GDI32(0043058E,8B0043C2,1015FF55), ref: 00431B2E
SelectObject.GDI32(0043058E,76AAA5C0), ref: 00431B35

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: LineMove$ObjectSelect
String ID:
API String ID: 796595582-0
Opcode ID: 6aed04852779ff3942b37f3775a677f39a3531c3661310badc0ad0f59d01eb94
Instruction ID: 43eb38f613f85a163b313d79e2c63de9559be0ea8cdf3e02458cd8719bfd43f5
Opcode Fuzzy Hash: 6aed04852779ff3942b37f3775a677f39a3531c3661310badc0ad0f59d01eb94
Instruction Fuzzy Hash: 70117A75200604BFE6129B55DCC0E7BF7F9EF89B10F108819F9A9D2510C725E852AB25

Function 00437058 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 122windowstringCOMMON

Download Yara Rule

APIs

GetMenuItemCount.USER32(?), ref: 004370A1
GetMenuItemInfoW.USER32(00000064,?,00000001,?), ref: 004370ED
lstrlenW.KERNEL32(?), ref: 00437179
lstrcpyW.KERNEL32(00000000,?), ref: 00437199
SetMenuItemInfoW.USER32(00000064,?,00000001,?), ref: 004371AE
GetMenuItemCount.USER32(00000064), ref: 004371BA

Strings

1, xrefs: 004370FE
d, xrefs: 004370DC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ItemMenu$CountInfo$lstrcpylstrlen
String ID: 1$d
API String ID: 1621444650-1642009170
Opcode ID: ae4c2c2dfed70d91c995b68a4d3dcd87616bf17e0b87870d315791c588e9eb51
Instruction ID: ab7f1e7837498ced5c99314300850d25f9edd8aff39392c0aee1037423d7d266
Opcode Fuzzy Hash: ae4c2c2dfed70d91c995b68a4d3dcd87616bf17e0b87870d315791c588e9eb51
Instruction Fuzzy Hash: 5E419DB290420AEFDF30DF94D985AAEBBB4FB08354F10952AE845A7350D7349944CF64

Function 00435886 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 100windowCOMMON

Download Yara Rule

APIs

DestroyMenu.USER32(?), ref: 004358A9
SendMessageW.USER32(?,0000000B,00000000,00000000), ref: 004358C3
SendMessageW.USER32(?,00000418,00000000,00000000), ref: 004358CF
SendMessageW.USER32(?,00000416,00000000,00000000), ref: 004358E2
GetMenuItemCount.USER32(?), ref: 00435903
GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 0043594A
SendMessageW.USER32(?,0000000B,00000001,00000000), ref: 0043597F

Strings

d, xrefs: 00435925

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend$Menu$Item$CountDestroyInfo
String ID: d
API String ID: 4101362009-2564639436
Opcode ID: 34ee46e3f99a2cd70cd31549637652a982901960939b6ab3df41581c115caaa0
Instruction ID: 67dbf8287af0168786e3cb0bfa77e2e4c122d9a401f88475f16c37208581ae31
Opcode Fuzzy Hash: 34ee46e3f99a2cd70cd31549637652a982901960939b6ab3df41581c115caaa0
Instruction Fuzzy Hash: E1317CB1900208BFDB219F65DC81E9FBBB8EF08354F10542AF645E6690D374AD858F64

Function 004215AA Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 81windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 004215AF
GetDlgItem.USER32(?,?), ref: 004215EB
CreateWindowExW.USER32(00000000,tooltips_class32,00000000,80000001,80000000,80000000,80000000,80000000,?,00000000,00000000), ref: 00421614
SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 0042165D
SendMessageA.USER32(?,00000418,00000000,00000190), ref: 00421670

Strings

,, xrefs: 00421635
tooltips_class32, xrefs: 0042160E
Test, xrefs: 004215D8

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend$CreateH_prologItemWindow
String ID: ,$Test$tooltips_class32
API String ID: 4127292747-3622912971
Opcode ID: f8674888962ce4a140350cb7c02e21500a5a8d2e049f66933eb3e064291a758e
Instruction ID: 4a65af810be17d5466e0fa3a19395ecaa88b91b0f0ad7673a24ad41d318fb192
Opcode Fuzzy Hash: f8674888962ce4a140350cb7c02e21500a5a8d2e049f66933eb3e064291a758e
Instruction Fuzzy Hash: 7F216072A00218FFDB10CF64DC84AEEBBB9FB18750F11813AF905A6290C7754D44CB68

Function 00435A19 Relevance: 13.6, APIs: 9, Instructions: 143windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,0000045A,?,00000000), ref: 00435A62
GetClientRect.USER32(?,00000000), ref: 00435A88
PostMessageW.USER32(?,0000084D,00000000,00000000), ref: 00435ADE
PostMessageW.USER32(?,00000100,00000028,00000000), ref: 00435AEB
SendMessageW.USER32(?,0000045A,?,?), ref: 00435B0A
GetClientRect.USER32(?,00000000), ref: 00435B2C
SendMessageW.USER32(?,0000130A,00000000,00000000), ref: 00435B4D
SendMessageW.USER32(?,00000417,00000000,00000000), ref: 00435B6B
PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00435B7C

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Message$Send$Post$ClientRect
String ID:
API String ID: 2800339571-0
Opcode ID: 02e0a1ac313f76683fc824ef5578c044bd7c86950fdc723cdfe1c487a2cdf429
Instruction ID: 8b76a7bbb7dd5651a2b8aff8d266f85c98f0d81b6d8569f3e9fc264057a03356
Opcode Fuzzy Hash: 02e0a1ac313f76683fc824ef5578c044bd7c86950fdc723cdfe1c487a2cdf429
Instruction Fuzzy Hash: B7414C72900A08BFEB119FA8DD85BEEF7F9EB4C311F105425F601E61A0D7B4AD049B65

Function 00436419 Relevance: 13.6, APIs: 9, Instructions: 81COMMON

Download Yara Rule

APIs

GetStockObject.GDI32(00000011), ref: 0043642D
GetObjectW.GDI32(00000000,0000005C,?), ref: 0043643A
SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 00436464
CreateFontIndirectW.GDI32(?), ref: 00436491
CreateFontIndirectW.GDI32(?), ref: 004364A9
GetSystemMetrics.USER32(00000032), ref: 004364B9
GetSystemMetrics.USER32(00000031), ref: 004364C5
GetSystemMetrics.USER32(00000031), ref: 004364D2
GetSystemMetrics.USER32(00000032), ref: 004364DC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: System$Metrics$CreateFontIndirectObject$InfoParametersStock
String ID:
API String ID: 4204584070-0
Opcode ID: ab5df36e46a9c33517faad016574ca79f5ca83dd5ec28b48bc76654b598bc8f7
Instruction ID: 8b5ddb9cb34b4abd4672a7546851bcf7586be4e33035710cce3a73d3990b9d3d
Opcode Fuzzy Hash: ab5df36e46a9c33517faad016574ca79f5ca83dd5ec28b48bc76654b598bc8f7
Instruction Fuzzy Hash: 86312B72D443149FEF548FA48C89BDA7BB8FB04304F0400AAEA08AF186E7B46505CF65

Function 0043754D Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 92registrystringCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 0043755B

Part of subcall function 00437536: GetModuleFileNameW.KERNEL32(?,?,?,00437425,?,?,00000208), ref: 00437542

RegOpenKeyW.ADVAPI32(-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 004375F7
RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?), ref: 00437620
lstrlenW.KERNEL32(?), ref: 0043764A
RegSetValueExW.ADVAPI32(?,?,00000000,00000001,?,00000000), ref: 00437662

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 004375F1
" -bg, xrefs: 004375B7

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ModuleValue$FileHandleNameOpenQuerylstrlen
String ID: " -bg$SOFTWARE\Microsoft\Windows\CurrentVersion\Run
API String ID: 3684264954-3110968143
Opcode ID: 2c7aa63c6aa06c627f16ba4a35f02f722e6f55bb6732a97aef29a4acba008ab9
Instruction ID: c29cf95cee922bc5516625886b548d78ba82a48099b151cd577d435e0fbe8af1
Opcode Fuzzy Hash: 2c7aa63c6aa06c627f16ba4a35f02f722e6f55bb6732a97aef29a4acba008ab9
Instruction Fuzzy Hash: AA3164B294011CABDF20DBA5DD89EDFB7BCEF48310F0045A6B509E2151DA749B85CF64

Function 00425931 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 79stringwindowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00001042,00000000,00000000), ref: 0042595E
lstrcpyW.KERNEL32(?,MenuBreak:,00000000,00000000,00000000), ref: 004259DD
lstrcpyW.KERNEL32(?,MenuBreak:), ref: 004259E7

Strings

2,, xrefs: 00425979
E54453, xrefs: 00425992
E54455, xrefs: 004259A3
MenuBreak:, xrefs: 004259D0, 004259DB, 004259E5

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: lstrcpy$MessageSend
String ID: E54453$E54455$MenuBreak:$2,
API String ID: 749160242-2763812799
Opcode ID: 01384d17c44535a4775a5fae233c72a668d02f8f0220eba0a0897de32b0c3c72
Instruction ID: ae8bf0fb2b8ac56c75039195bb49617105d3e424e9a1fa973d64a3bfbcaa12ab
Opcode Fuzzy Hash: 01384d17c44535a4775a5fae233c72a668d02f8f0220eba0a0897de32b0c3c72
Instruction Fuzzy Hash: D9210B71B11218B7CF14A7A59C56AEE77AD9BC8320F10406FF901F7381DAB85E418798

Function 00428E73 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 79windowCOMMON

Download Yara Rule

APIs

InitCommonControlsEx.COMCTL32(?), ref: 00428E8F
CreateWindowExW.USER32(00000000,tooltips_class32,00456168,?,80000000,80000000,80000000,80000000,00000000,00000000,?,00000000), ref: 00428ECA
SendMessageW.USER32(00000004,00000432,00000000,0000002C), ref: 00428F31
SendMessageW.USER32(00000004,00000421,00000001,?), ref: 00428F46

Strings

No Text associated, xrefs: 00428EFE
,, xrefs: 00428ED9
tooltips_class32, xrefs: 00428EC4

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend$CommonControlsCreateInitWindow
String ID: ,$No Text associated$tooltips_class32
API String ID: 3342334947-1383969392
Opcode ID: c1e45a4e3f247445cfc8ed18c1330415fc3ecb413c95c108c4e7451c0e230ecf
Instruction ID: 8e3712aa7acb00232c6ec16f81002e9e2d711b15805aa15c19c7bcd2e4cca355
Opcode Fuzzy Hash: c1e45a4e3f247445cfc8ed18c1330415fc3ecb413c95c108c4e7451c0e230ecf
Instruction Fuzzy Hash: E42171B1A01309AFDB10CF95DD85AAFBBF9FB48314F50402EF615E3290C7B499048B64

Function 00428006 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042800B
GetWindowRect.USER32(?,?), ref: 00428025
GetWindowPlacement.USER32(?,?), ref: 00428056
CopyRect.USER32(?,?), ref: 00428068
GetWindowRect.USER32(00000000,?), ref: 0042807B

Strings

4AD, xrefs: 00428027
%d;%d;%d;%d;%d;x,y,w,h,SW, xrefs: 00428099

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: RectWindow$CopyH_prologPlacement
String ID: %d;%d;%d;%d;%d;x,y,w,h,SW$4AD
API String ID: 2334692988-2850367280
Opcode ID: 862b562614c300bc7ab5342033d1ae2c2d71864fbfc8642c50e39b91a232349b
Instruction ID: fe6b21715060f9ee3ad9911a439f44bc9ffd1e215c6b3483b9d16e6980fe2404
Opcode Fuzzy Hash: 862b562614c300bc7ab5342033d1ae2c2d71864fbfc8642c50e39b91a232349b
Instruction Fuzzy Hash: F321E572D00119AACF11DFD4DC85EEEBBB9FF48305F00442AE901B6151D779AA19CB64

Function 00427C1A Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 55registryCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00427C1F
RegSetValueExW.ADVAPI32(0000006F,_________ADMIN_TEST_SoftwareOK_DOK,00000000,00000004,00000000,00000004,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion,00020006,?,?,?,?,004211E5,?), ref: 00427C75
RegCloseKey.ADVAPI32(0000006F,?,?,?,004211E5,?,?,00000000,?), ref: 00427C8D
RegDeleteValueW.ADVAPI32(0000006F,_________ADMIN_TEST_SoftwareOK_DOK,?,?,?,004211E5,?,?,00000000,?), ref: 00427C9B
RegCloseKey.ADVAPI32(0000006F,?,?,?,004211E5,?,?,00000000,?), ref: 00427CB2

Strings

_________ADMIN_TEST_SoftwareOK_DOK, xrefs: 00427C6B, 00427C71, 00427C97
SOFTWARE\Microsoft\Windows\CurrentVersion, xrefs: 00427C46

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CloseValue$DeleteH_prolog
String ID: SOFTWARE\Microsoft\Windows\CurrentVersion$_________ADMIN_TEST_SoftwareOK_DOK
API String ID: 2485495262-3000701925
Opcode ID: 9bd88f4235432e50c426d5700a8792d4f1201c1e48b424f363935baa0b819853
Instruction ID: b68bf3dc38133edbe771ec151f4e5719081e62b5f70673435e2283974a714e34
Opcode Fuzzy Hash: 9bd88f4235432e50c426d5700a8792d4f1201c1e48b424f363935baa0b819853
Instruction Fuzzy Hash: 511194B0A00225EBCB219FA6EC45BAFBBB9FB84701F00062BF111B51A1C7784940DB68

Function 00436D29 Relevance: 10.6, APIs: 7, Instructions: 140COMMON

Download Yara Rule

APIs

SetBkColor.GDI32(?,00000000), ref: 00436DB1
ExtTextOutW.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 00436DD3
SetBkColor.GDI32(?,00000000), ref: 00436DDF
SetPixel.GDI32(?,?,00000000,00000000), ref: 00436E0C
SetPixel.GDI32(?,00000000,00000000,00000000), ref: 00436E1D
SetPixel.GDI32(?,?,00000000,00000000), ref: 00436E55
SetPixel.GDI32(?,00000000,00000000,00000000), ref: 00436E66

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Pixel$Color$Text
String ID:
API String ID: 98714010-0
Opcode ID: 823f748bbc1fa12dc0c71d92b990de8f11a86ca1ce6d5b11bbc1689569002d4a
Instruction ID: d099eac011f95741b9d61141177dafcc1c442d3a7173c642c8adaa2b6a63c7a4
Opcode Fuzzy Hash: 823f748bbc1fa12dc0c71d92b990de8f11a86ca1ce6d5b11bbc1689569002d4a
Instruction Fuzzy Hash: DF510572A0011EAFCF01CFA8CD859EE7BB5FF08348F02812AFD54A6250C3759D259B94

Function 00424930 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 110stringwindowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00424935
SendMessageW.USER32(?,00001073,?,?), ref: 004249B2
lstrlenW.KERNEL32(00000000), ref: 004249C1
lstrcpynW.KERNEL32(?,?,?,?,No-Edit,?,?,00000001), ref: 00424A5B

Strings

No-Edit, xrefs: 00424943
4AD, xrefs: 00424970

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: H_prologMessageSendlstrcpynlstrlen
String ID: 4AD$No-Edit
API String ID: 1355327639-2827627885
Opcode ID: ca2140508e88d2823e51b227dfb65c55b94b4dd3de4d7bb3ec7bc2a5443e0de2
Instruction ID: 525aca3b652f3ad0fd2ff23f3a39ad9f164bad48392fc2ea544207c4399d0d49
Opcode Fuzzy Hash: ca2140508e88d2823e51b227dfb65c55b94b4dd3de4d7bb3ec7bc2a5443e0de2
Instruction Fuzzy Hash: 3941C4B2A10219DFDB10DFA4D885AEF77B4EF54314F10452FE401A72C0DB785A44CBA8

Function 0042BE3E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

Part of subcall function 0042C5A9: CreateWindowExW.USER32(00000000,ToolbarWindow32,00000000,?,?,00000000,?,00000000,?,00000000,00000000,5600094E), ref: 0042C5ED

SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 0042BE92
SendMessageW.USER32(?,00000444,00000001,?), ref: 0042BEBC
SendMessageW.USER32(?,00000420,00000000,000B000D), ref: 0042BECD
SendMessageW.USER32(?,0000041F,00000000,00120014), ref: 0042BEDC
SetWindowPos.USER32(?,00000000,00000000,00000000,00000014,00000012,00000016,?,00000000,5600094E,00000000,00000000,?,00000000,?), ref: 0042BF04

Strings

R, xrefs: 0042BEAF

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend$Window$Create
String ID: R
API String ID: 363225742-880014062
Opcode ID: 44d74488b458383f830a37710df3e5c9157c40167d0e38d6889842612e2d3058
Instruction ID: 4f984f6de87d68ed15a3930f1a19e0a1d8b0ccabfa63d346ffacca1ab36ff6cb
Opcode Fuzzy Hash: 44d74488b458383f830a37710df3e5c9157c40167d0e38d6889842612e2d3058
Instruction Fuzzy Hash: 4421A431740268BAEB205B5ADC46FDB7FB9EBC9B04F40005AB700FA1E6C6F05904DAE5

Function 00424156 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 71filetimeCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042415B

Part of subcall function 00424245: lstrcpyW.KERNEL32(?), ref: 0042425B
Part of subcall function 00424245: lstrcatW.KERNEL32(?,00000000,\Backup), ref: 0042428F
Part of subcall function 00424245: CreateDirectoryW.KERNEL32(?,00000000), ref: 004242A6
Part of subcall function 00424245: lstrlenW.KERNEL32(?), ref: 004242BD

GetLocalTime.KERNEL32(?), ref: 0042416C

Part of subcall function 00407444: VirtualProtect.KERNELBASE(?,?,00000040,?,?,0040747C,0040747C,004069C8,?,?,?,?,?,?,?,?), ref: 00407A89

CopyFileW.KERNEL32(?,00000000,?,00000000,?,?,0048039C,00000000,00445508), ref: 00424207

Strings

%02d-%02d-%02d_%02d-%02d-%02d_%s.ini, xrefs: 004241BC
last_backup, xrefs: 0042417C
4AD, xrefs: 00424186

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CopyCreateDirectoryFileH_prologLocalProtectTimeVirtuallstrcatlstrcpylstrlen
String ID: %02d-%02d-%02d_%02d-%02d-%02d_%s.ini$4AD$last_backup
API String ID: 1991952598-3850644810
Opcode ID: 0b6ea9ea858fb0d9771e00a0bf0901a3b96955d2430ac15d4086b361ea50361a
Instruction ID: 8c1af6343298e20960110cf1ab86fd2bd36cdd14f9dc99471fedbc98cf0c5e88
Opcode Fuzzy Hash: 0b6ea9ea858fb0d9771e00a0bf0901a3b96955d2430ac15d4086b361ea50361a
Instruction Fuzzy Hash: 74214BB1C00249AADB00EBE5C946BFEBBB8AF08705F10406AF551B31C2D77C9A44D779

Function 00423C17 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 71stringwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00424245: lstrcpyW.KERNEL32(?), ref: 0042425B
Part of subcall function 00424245: lstrcatW.KERNEL32(?,00000000,\Backup), ref: 0042428F
Part of subcall function 00424245: CreateDirectoryW.KERNEL32(?,00000000), ref: 004242A6
Part of subcall function 00424245: lstrlenW.KERNEL32(?), ref: 004242BD

MessageBoxW.USER32(?,00000000,00000000,00000000), ref: 00423C42
lstrcpyW.KERNEL32(?), ref: 00423C62

Strings

use_backup_d, xrefs: 00423CB5
open, xrefs: 00423CDB
Error 321, xrefs: 00423C2C
use_backup_h, xrefs: 00423C91

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: lstrcpy$CreateDirectoryMessagelstrcatlstrlen
String ID: Error 321$open$use_backup_d$use_backup_h
API String ID: 2723441971-4221616228
Opcode ID: 4c4bb09373d20a6c2803dccd173523e41e1d200dbffac5f50e3391eb70922121
Instruction ID: 5a414714267ca566798a7933c35b8ce7628397c0567d460f9e152fcddd83709a
Opcode Fuzzy Hash: 4c4bb09373d20a6c2803dccd173523e41e1d200dbffac5f50e3391eb70922121
Instruction Fuzzy Hash: B811E772620220AEDB246F31FC0AA7E3768EB00306F50487FF901F2191F97D9A55975D

Function 0043622C Relevance: 10.6, APIs: 7, Instructions: 61windowCOMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,00000014,?,?), ref: 0043624A
GetParent.USER32(?), ref: 0043625E
GetParent.USER32(00000000), ref: 00436261
MapWindowPoints.USER32(?,00000000,?,00000001), ref: 0043627D
OffsetWindowOrgEx.GDI32(?,?,?,?), ref: 00436296
SendMessageW.USER32(00000000,00000014,?,00000000), ref: 0043629F
OffsetWindowOrgEx.GDI32(?,?,?,?), ref: 004362BA

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Window$OffsetParent$CallMessagePointsProcSend
String ID:
API String ID: 593092700-0
Opcode ID: 626aed2c86cc15b35851dd1dd7cd3fbf682c3f01cfdcc080fc99eecc66589346
Instruction ID: 1b369d1bca0969bd8b2634237acd7de0d378513594854ca44be8d192bcae6432
Opcode Fuzzy Hash: 626aed2c86cc15b35851dd1dd7cd3fbf682c3f01cfdcc080fc99eecc66589346
Instruction Fuzzy Hash: 6D11A77690025DBFDF119F95DC84CEEBFBEFB48350F018466FA15A2160C6719A10AF64

Function 00424245 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47stringCOMMON

Download Yara Rule

APIs

lstrcpyW.KERNEL32(?), ref: 0042425B
lstrcatW.KERNEL32(?,00000000,\Backup), ref: 0042428F
CreateDirectoryW.KERNEL32(?,00000000), ref: 004242A6
lstrlenW.KERNEL32(?), ref: 004242BD

Strings

\Backup, xrefs: 00424279
hAB, xrefs: 0042427E, 00424295

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CreateDirectorylstrcatlstrcpylstrlen
String ID: \Backup$hAB
API String ID: 291623610-2780332934
Opcode ID: df9651015e083aa5677f6518775e4b3ace0f5f424d346ddda6fe4bd26c0da0b8
Instruction ID: 5d9425836112100eaf2b6b8e5aeeddb2b8b346ef44fab14ca78b7b7aa9d58edc
Opcode Fuzzy Hash: df9651015e083aa5677f6518775e4b3ace0f5f424d346ddda6fe4bd26c0da0b8
Instruction Fuzzy Hash: 180156F59101099BDF10EBA1DD59F9A777CAB44304F0004E5A705F20D2DB749A458F5C

Function 0042D41B Relevance: 9.1, APIs: 6, Instructions: 100COMMON

Download Yara Rule

APIs

SetRect.USER32(0042BD45,00000000,00000000,00000000,?), ref: 0042D44B
SetWindowPos.USER32(?,00000000,00000002,00000003,00000000,00000000,00000015,?,?,0042BD45,?,00000000), ref: 0042D468
SetWindowPos.USER32(?,00000000,00000000,?,00000000,?,00000004,?,?,0042BD45,?,00000000), ref: 0042D483
SetRect.USER32(0042BD45,00000000,00000000,00000000,00000000), ref: 0042D49B
SetWindowPos.USER32(?,00000000,-000000E9,00000003,00000000,00000000,00000015,?,?,0042BD45,?,00000000), ref: 0042D4BD
InvalidateRect.USER32(00000000,0042BD45,00000001,?,?,0042BD45,?,00000000), ref: 0042D4E7

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: RectWindow$Invalidate
String ID:
API String ID: 1056487977-0
Opcode ID: 5afb842bdec1a3cce351e7e9e9114239a5e0f35c927c0db12be784a85ca540a9
Instruction ID: 9a7c52b52044f0b9150fede3bba70a30080b0dbe8a6437ef3e0f636978d02bb5
Opcode Fuzzy Hash: 5afb842bdec1a3cce351e7e9e9114239a5e0f35c927c0db12be784a85ca540a9
Instruction Fuzzy Hash: 1F3143B2600618BFEB119FA4DCC4EBBB7ADEB48754F408529FA46E7650C670FD018B64

Function 004362C5 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON

Download Yara Rule

APIs

GetWindowLongW.USER32(00000000,000000FC), ref: 004362F0
SetWindowLongW.USER32(?,000000FC,0043622C), ref: 00436305
GetClientRect.USER32(?,00000000), ref: 0043631D
SendMessageW.USER32(?,00000418,00000000,00000000), ref: 0043634A
SendMessageW.USER32(?,0000041D,-00000001,?), ref: 0043635A
SetWindowPos.USER32(?,00000000,00420BC1,?,00420BC1,?,00000040,?,?,?,00420BC1,00000000,00000000), ref: 00436379

Part of subcall function 004360E5: CreateWindowExW.USER32(76AB2370,ToolbarWindow32,00000000,00000000,00000000,00000000,000000B4,00000014,00000000,00000000,00000000,00000000), ref: 00436113
Part of subcall function 004360E5: GetStockObject.GDI32(00000011), ref: 00436127
Part of subcall function 004360E5: GetObjectW.GDI32(00000000,0000005C,?), ref: 00436145
Part of subcall function 004360E5: SystemParametersInfoW.USER32(00000029,000001F4,?,00000000), ref: 0043616E
Part of subcall function 004360E5: CreateFontIndirectW.GDI32(?), ref: 0043618A
Part of subcall function 004360E5: SendMessageW.USER32(00000000,00000030,?,00000000), ref: 004361A2
Part of subcall function 004360E5: SendMessageW.USER32(00000000,0000041E,00000014,00000000), ref: 004361AF
Part of subcall function 004360E5: SendMessageW.USER32(00000000,00000420,00000000,00100000), ref: 004361BF
Part of subcall function 004360E5: GetDlgItem.USER32(00000000,?), ref: 004361CC
Part of subcall function 004360E5: ShowWindow.USER32(00000000,00000000), ref: 004361E1
Part of subcall function 004360E5: GetWindowRect.USER32(00000000,00000000), ref: 004361EC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Window$MessageSend$CreateLongObjectRect$ClientFontIndirectInfoItemParametersShowStockSystem
String ID:
API String ID: 3062793459-0
Opcode ID: cdd7510cf0f21a5f206af28a3c6f98eba230aeda3fa79f76c1b1993af790ee0a
Instruction ID: 6fa5585dfdfa755437bdcf99a996e14e6fb65e5566723ec97538393471b35915
Opcode Fuzzy Hash: cdd7510cf0f21a5f206af28a3c6f98eba230aeda3fa79f76c1b1993af790ee0a
Instruction Fuzzy Hash: 882162B2900619BFEB11AFA4DC85CBFBBB9FB08754F004529F612A11A0C772AD10CB54

Function 00430273 Relevance: 9.1, APIs: 6, Instructions: 66windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00430278
GetWindowDC.USER32(?,?,?,?,00000001), ref: 004302B5

Part of subcall function 004318E0: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 00431915
Part of subcall function 004318E0: CreatePatternBrush.GDI32(00000000), ref: 00431922
Part of subcall function 004318E0: DeleteObject.GDI32(00000000), ref: 0043192B

SelectObject.GDI32(?,?), ref: 004302DA
PatBlt.GDI32(?,?,?,?,?,005A0049), ref: 004302FA
SelectObject.GDI32(?,00000000), ref: 00430304
DeleteObject.GDI32(?), ref: 00430307

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Object$CreateDeleteSelect$BitmapBrushH_prologPatternWindow
String ID:
API String ID: 3230913206-0
Opcode ID: f6250e884e8d8b66865a145d47d1cc8868aca51843dab574d2639dc39cc198a2
Instruction ID: c11674e792ad895603e7ae83b2f7238172a1f69c4ea2e823c6e8fab6d9ad6268
Opcode Fuzzy Hash: f6250e884e8d8b66865a145d47d1cc8868aca51843dab574d2639dc39cc198a2
Instruction Fuzzy Hash: 5F21E572D00219AFCB00EFE9CD869EEBBB9FB08350F04516AE515B3291D7399941CBA4

Function 00425C5D Relevance: 9.1, APIs: 6, Instructions: 55windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000401,0000807B), ref: 00425C86
SendMessageW.USER32(?,00000401,0000807D), ref: 00425C90
SendMessageW.USER32(?,00000401,00008019), ref: 00425C9B
SendMessageW.USER32(?,00000401,0000807B,00000000), ref: 00425CB7
SendMessageW.USER32(?,00000401,0000807D,00000000), ref: 00425CC2
SendMessageW.USER32(?,00000401,00008019,00000000), ref: 00425CD6

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 76cfa821a99e5cd8c24453d739d7a6786c4f021e617c5beb8bf8cb98bf5a9bfa
Instruction ID: ca941d673646c457d2aca30d321aa660bec5691bca5c67db969b8d8c9d1bec7e
Opcode Fuzzy Hash: 76cfa821a99e5cd8c24453d739d7a6786c4f021e617c5beb8bf8cb98bf5a9bfa
Instruction Fuzzy Hash: 0701D171B4432876D23096379C88F277EACEBC2F61F15442AB644E60C1CA79A804C774

Function 00433D4C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00433D51
SHGetDesktopFolder.SHELL32(?), ref: 00433D76
ILCombine.SHELL32(?,?), ref: 00433DEB
ILFree.SHELL32(?), ref: 00433EB8

Strings

4AD, xrefs: 00433DD6

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CombineDesktopFolderFreeH_prolog
String ID: 4AD
API String ID: 2472301591-1156607891
Opcode ID: e1c6b5c3396b9a74d4f7803e7b67e7efc60ef74d1efc0caebdd765398830d3df
Instruction ID: c43f26274bbcab29b743a3eba8f8bc5ae05b5634fbb95af1ae08d608ebfbef1e
Opcode Fuzzy Hash: e1c6b5c3396b9a74d4f7803e7b67e7efc60ef74d1efc0caebdd765398830d3df
Instruction Fuzzy Hash: 10516071904259EFDF10DFA4C989ADEBBB8EF48314F1040AAF505B7281C778AE04CBA5

Function 0042A4E4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 113stringCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042A4E9
lstrlenW.KERNEL32(?,?,0046FFE0), ref: 0042A570
lstrlenW.KERNEL32(?,?,?,00445D30,?,?,?,0046FFE0), ref: 0042A5DD

Strings

4AD, xrefs: 0042A4FA
m_disables_keys, xrefs: 0042A649

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: lstrlen$H_prolog
String ID: 4AD$m_disables_keys
API String ID: 3834905643-3718384811
Opcode ID: 0dfa868d52948fbc8b2c1228345894ddb1caae4a3c39d20becbd74c91e7cdc32
Instruction ID: 203e1165c2efaf393f61b6ac4cb0d9602c11fb244ee757658ad2b0e580db4f88
Opcode Fuzzy Hash: 0dfa868d52948fbc8b2c1228345894ddb1caae4a3c39d20becbd74c91e7cdc32
Instruction Fuzzy Hash: 64413D3590011AAFCB14DBD5E999DEEB7B8BF08304F5440AEE405B3291EB78AE44CF19

Function 0043748C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 004374AB
lstrlenW.KERNEL32(?,?,?,00437486,?,?,?,?," -bg,?,?,?,00454984), ref: 004374BA
RegSetValueExW.ADVAPI32(00000000,00000208,00000000,00000001,?,00000000,?,?,00437486,?,?,?,?," -bg,?,?), ref: 004374CF
RegCloseKey.ADVAPI32(00000000,?,?,00437486,?,?,?,?," -bg,?,?,?,00454984), ref: 004374DA

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 00437499

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CloseOpenValuelstrlen
String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
API String ID: 2964171075-3913687870
Opcode ID: 30a21f67d9d09dc05d4b23aefdb543e1f9a85324633e6cdcfef0dd8a64dfa347
Instruction ID: 2ceedae9dc0c1995bab63891bbcd1d91b5384f924f370bdbf12778e3a071c21b
Opcode Fuzzy Hash: 30a21f67d9d09dc05d4b23aefdb543e1f9a85324633e6cdcfef0dd8a64dfa347
Instruction Fuzzy Hash: 94F09A3781036AEBDF210FA0DC4ABEB3B69FF043A1F018620FC28A5160D775C9609B94

Function 0042BBBE Relevance: 7.6, APIs: 5, Instructions: 105COMMON

Download Yara Rule

APIs

InvalidateRect.USER32(76AA4920,?,00000001,?,76AA4920,?,00000001), ref: 0042BC10
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004,?,?,?,76AA4920,?,00000001), ref: 0042BC4F
InvalidateRect.USER32(76AA4920,?,00000001,?,?,?,76AA4920,?,00000001), ref: 0042BC60
SetWindowPos.USER32(?,00000000,?,?,?,?,00000004,?,?,76AA4920,?,00000001), ref: 0042BCA7
InvalidateRect.USER32(76AA4920,?,00000001,?,?,76AA4920,?,00000001), ref: 0042BCB8

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: InvalidateRect$Window
String ID:
API String ID: 2579585970-0
Opcode ID: d25773a06468afcf545132c1d8922e7dc084e531c35e1c88104e25638d9c6b93
Instruction ID: 19135094c6df45e34b20abd5c0d7e70cbf642a7af8c4ebe2beb88d05cbd2d263
Opcode Fuzzy Hash: d25773a06468afcf545132c1d8922e7dc084e531c35e1c88104e25638d9c6b93
Instruction Fuzzy Hash: F6311BB2A0011AEFCF10DF99D9869FFBB79EB44314F50016AE611A3290CB356941DB95

Function 004264D2 Relevance: 7.6, APIs: 5, Instructions: 86stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00000000), ref: 004264F0
GetEnvironmentVariableW.KERNEL32(?,?,00000208), ref: 00426567
lstrcatW.KERNEL32(?,?), ref: 00426595
lstrlenW.KERNEL32(?), ref: 004265B0
lstrcpyW.KERNEL32(00000000,?), ref: 004265E5

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: lstrlen$EnvironmentVariablelstrcatlstrcpy
String ID:
API String ID: 4067718196-0
Opcode ID: 86be6e8e676a898886ac47cfaa553324e04788df2af4b040843772a523e0cc2c
Instruction ID: a93edea7da4d4899329c06e4eb84b9fb86500c73c2a2d66807996ec3ed989cbd
Opcode Fuzzy Hash: 86be6e8e676a898886ac47cfaa553324e04788df2af4b040843772a523e0cc2c
Instruction Fuzzy Hash: 8431B072910228ABCF21DF48EC846DEB3F4FF18300F5045A6D945E3220E7749AD58BD8

Function 00430328 Relevance: 7.6, APIs: 5, Instructions: 58COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(?), ref: 0043033D
GetWindowLongW.USER32(?,000000EC), ref: 0043035C
GetSystemMetrics.USER32(?), ref: 00430372
GetSystemMetrics.USER32(?), ref: 0043038E
SystemParametersInfoW.USER32(00000026,00000000,?,00000000), ref: 0043039F

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: System$Metrics$InfoLongParametersWindow
String ID:
API String ID: 72108969-0
Opcode ID: 1cc4a1359398968863d07bd687d5fdc9b902957087c532c0d436a0cca70025cd
Instruction ID: e0a1c76b84bf8acbd95bf98adef0aa024b93c271ea1de0d9e930c4df4dd8b195
Opcode Fuzzy Hash: 1cc4a1359398968863d07bd687d5fdc9b902957087c532c0d436a0cca70025cd
Instruction Fuzzy Hash: FC11AC722507109FE7209F39CD4AB6AB3E4EBA8710F001B2EE482C76D0D778E845CB48

Function 0041F600 Relevance: 7.5, APIs: 5, Instructions: 47COMMON

Download Yara Rule

APIs

GetClientRect.USER32(?,?), ref: 0041F60F
GetDlgItem.USER32(?,000003F7), ref: 0041F642
SetWindowPos.USER32(00000000), ref: 0041F64B
GetDlgItem.USER32(?,0000041D), ref: 0041F655
SetWindowPos.USER32(00000000,00000000,?,?,?,00000014,00000000), ref: 0041F66F

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: ItemWindow$ClientRect
String ID:
API String ID: 3857652467-0
Opcode ID: 2ec0658b5d4e4b8b45ed11b5361e37e669d432922f7a65f0b14cab60ca4adec7
Instruction ID: 39b0bc59052787c31fa0be47496c43408b3b1618e3587cfc5ac7796f203d5fa7
Opcode Fuzzy Hash: 2ec0658b5d4e4b8b45ed11b5361e37e669d432922f7a65f0b14cab60ca4adec7
Instruction Fuzzy Hash: 1B010476A00219BBDF00EBE8DC55FBE7B7DEB88700F040158F611B61A2C671AA10DBA4

Function 00426DE8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55stringCOMMON

Download Yara Rule

APIs

lstrcatW.KERNEL32(?,00456168), ref: 00426E3B
GetModuleHandleW.KERNEL32(00000000), ref: 00426E4E
GetOpenFileNameW.COMDLG32(0000004C), ref: 00426E7C

Part of subcall function 00427502: __EH_prolog.LIBCMT ref: 00427507
Part of subcall function 00427502: InterlockedIncrement.KERNEL32(-000000F4), ref: 00427532
Part of subcall function 00427502: wsprintfW.USER32 ref: 004275DA

Strings

L, xrefs: 00426E47

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: FileH_prologHandleIncrementInterlockedModuleNameOpenlstrcatwsprintf
String ID: L
API String ID: 998826993-2909332022
Opcode ID: 56594663d0703831b2f3f0b6afeaadba6e808f07715dbfa4f927eebb35addb0f
Instruction ID: 5d8469f7ef1b97ed5ccfa38109bf4958b2e7bba871ead841c3b78ac34a2f7ac0
Opcode Fuzzy Hash: 56594663d0703831b2f3f0b6afeaadba6e808f07715dbfa4f927eebb35addb0f
Instruction Fuzzy Hash: 76116A71E003589BDF54CF94CC457DEB7B9BF48302F00406AD105B7280DBB95A898F59

Function 0043598B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 54windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,00000444,00000001,?), ref: 004359F6
SendMessageW.USER32(00000000,00000440,?,00000020), ref: 00435A0E

Strings

, xrefs: 004359C3
:cC, xrefs: 004359B2

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend
String ID: $:cC
API String ID: 3850602802-2689247352
Opcode ID: b6be724ffc89ea9c68968f2ea9316348c7c60fb0f0a11f3cf0fab30b33a0f5c2
Instruction ID: c420a73713401dbab9f0e02ccf6eaa8cd534b2db7598aba9dc244a5b4b478a92
Opcode Fuzzy Hash: b6be724ffc89ea9c68968f2ea9316348c7c60fb0f0a11f3cf0fab30b33a0f5c2
Instruction Fuzzy Hash: 03113071A0028CEFDF00CFD9D844BDEBBB4EF44314F048016E914AA295D3B59515DF65

Function 0042169F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,?), ref: 004216B1
SendMessageW.USER32(?,00000433,00000000,?), ref: 004216EC
SendMessageW.USER32(?,00000432,00000000,0000002C), ref: 00421717

Strings

,, xrefs: 004216F1

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend$Item
String ID: ,
API String ID: 3888421826-3772416878
Opcode ID: 54e00455506e2c76601c277b6ec646d38a313d747a679faeb7b5c55891d413a2
Instruction ID: e5665baada64295f7c02611f98c27c35f43ebbc44d05b6f3011a9d3297f79af1
Opcode Fuzzy Hash: 54e00455506e2c76601c277b6ec646d38a313d747a679faeb7b5c55891d413a2
Instruction Fuzzy Hash: BE11AF76E00218AFDB00DFA9DC55ADDBBB4FF4C710F109026EA14BB290D6B59A45CF68

Function 004374EA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28registryCOMMON

Download Yara Rule

APIs

RegOpenKeyW.ADVAPI32(-80000001,SOFTWARE\Microsoft\Windows\CurrentVersion\Run,?), ref: 00437509
RegDeleteValueW.ADVAPI32(?,?), ref: 0043751B
RegCloseKey.ADVAPI32(?), ref: 00437526

Strings

SOFTWARE\Microsoft\Windows\CurrentVersion\Run, xrefs: 004374F7

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Run
API String ID: 849931509-3913687870
Opcode ID: 0220bb65a57990b1609bbb8ec334c0a7c02d6554820eec917214b62211459a15
Instruction ID: 59c5435105357cda73140981fc49627d41e5a9f77ffab6543ae7563a6603dc63
Opcode Fuzzy Hash: 0220bb65a57990b1609bbb8ec334c0a7c02d6554820eec917214b62211459a15
Instruction Fuzzy Hash: 5DE03037810229EBCF251FB0DC4969A7BA5EB08371F01C125FD18AA210D739C9409F94

Function 0043551A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(USER32.DLL,00435EA8,?,?,?,?), ref: 00435528
GetProcAddress.KERNEL32(?,SetMenuInfo), ref: 00435546

Strings

SetMenuInfo, xrefs: 00435540
USER32.DLL, xrefs: 00435523

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: AddressLibraryLoadProc
String ID: SetMenuInfo$USER32.DLL
API String ID: 2574300362-3329878150
Opcode ID: 98adff75472883bb36f32fb166f88d904f831f7eadf3cd23d295b96331bbcdeb
Instruction ID: 5916e2fc36fe8bba6e0fc43ecc7b0183c6b496dbd579211a3983e5e27e86c943
Opcode Fuzzy Hash: 98adff75472883bb36f32fb166f88d904f831f7eadf3cd23d295b96331bbcdeb
Instruction Fuzzy Hash: FAE0C271620600AFDF619F24EC0971A3AA5F728742F00683AB40A922A4D778A448EF4C

Function 00436C21 Relevance: 6.1, APIs: 4, Instructions: 72COMMON

Download Yara Rule

APIs

SetPixel.GDI32(?,?,00000000,?), ref: 00436C99
SetPixel.GDI32(?,?,00000000,?), ref: 00436CA7
SetPixel.GDI32(?,?,00000000,?), ref: 00436CB5
SetPixel.GDI32(?,?,00000000,?), ref: 00436CC3

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Pixel
String ID:
API String ID: 3195210534-0
Opcode ID: f5ac0db82702d0b4e9d5f0b973c34283a37342df7875bbe1c37e92ff6137fece
Instruction ID: db52c432db6c09696b0e690863e35eee4e14e024e0a01d6cddf26fbad3f81550
Opcode Fuzzy Hash: f5ac0db82702d0b4e9d5f0b973c34283a37342df7875bbe1c37e92ff6137fece
Instruction Fuzzy Hash: 0421F33290011EEFCF019FA9DD458DEBFB2FF48350F158166EA14A2260C7359A61EB90

Function 00429B7C Relevance: 6.1, APIs: 4, Instructions: 63fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00429B97
WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000), ref: 00429BCF
WriteFile.KERNEL32(?,00000000,?,?,00000000), ref: 00429BE3
CloseHandle.KERNEL32(?), ref: 00429BEC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: File$ByteCharCloseCreateHandleMultiWideWrite
String ID:
API String ID: 1078690013-0
Opcode ID: fcd345e099a6bf93a850157cf3f6ac57d52df9ba181830237b478ca082b12d32
Instruction ID: 82ed86162d68cebab0e1acd3225a60407c9899cbbfb5fde9063b479654f97b37
Opcode Fuzzy Hash: fcd345e099a6bf93a850157cf3f6ac57d52df9ba181830237b478ca082b12d32
Instruction Fuzzy Hash: 1E113A71100008BFEB209F55DC89EAABBBDEB89754F10416AF511E71E0DB70AE41DB64

Function 0042D279 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,00000005,?), ref: 0042D29E
GetMessagePos.USER32 ref: 0042D2B0
ScreenToClient.USER32(?,?), ref: 0042D2CC
PtInRect.USER32(?,?,?), ref: 0042D2EE

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CallClientMessageProcRectScreenWindow
String ID:
API String ID: 2980354656-0
Opcode ID: 7a72edbe208eb9f7f80a718336dc999f757fa1644bf2837c0e2e88546a471468
Instruction ID: 2b02a2273540d2a3acd45090b37fce7c15d31cc95de6c475789917453dd6b7b5
Opcode Fuzzy Hash: 7a72edbe208eb9f7f80a718336dc999f757fa1644bf2837c0e2e88546a471468
Instruction Fuzzy Hash: 0D11A372E00229AF8F219F94DC898AFBFB9FB04315B504166EC45E2210D7359911D794

Function 004254DA Relevance: 6.0, APIs: 4, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,00000419,?,00000000), ref: 004254F9
SendMessageW.USER32(?,0000041D,00000000,?), ref: 00425506
ClientToScreen.USER32(?), ref: 00425527
SendMessageW.USER32(?,00000403,?,00000001), ref: 00425538

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageSend$ClientScreen
String ID:
API String ID: 1264711397-0
Opcode ID: 21e99f49a25e7fbfcdc5034213d00d10bced2840db0a81dce533fe62294a2d52
Instruction ID: 10029316b969c1ebf7fa3ffa1d4ece043839d52826b7b2918982b16436b64cd7
Opcode Fuzzy Hash: 21e99f49a25e7fbfcdc5034213d00d10bced2840db0a81dce533fe62294a2d52
Instruction Fuzzy Hash: BA01EDB6600308BFD714DF59DC85E9ABBE8EF48710F00841DFA5AA7291D6B0A940CF64

Function 0042D5E3 Relevance: 6.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

GetClientRect.USER32(00000000,00000000), ref: 0042D600
GetWindowLongW.USER32(00000000,000000EC), ref: 0042D622
DrawEdge.USER32(?,0000200F,0000000A,0000200F), ref: 0042D63D
FillRect.USER32(?,?,0000000D), ref: 0042D64C

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: Rect$ClientDrawEdgeFillLongWindow
String ID:
API String ID: 3481374107-0
Opcode ID: e8cfec484e0ef5a0949931e2ad442549fda3965c659d69b96471c2229f3c6ed5
Instruction ID: 96f4ce3220ef17525b354dea075bca18e00ecb8dabc2a2a3ce0780306437d17c
Opcode Fuzzy Hash: e8cfec484e0ef5a0949931e2ad442549fda3965c659d69b96471c2229f3c6ed5
Instruction Fuzzy Hash: 05012132900219BFDB109F64DC49FAABBB8FB54750F004926F955F2160D770A9058B95

Function 004380A0 Relevance: 6.0, APIs: 4, Instructions: 43COMMON

Download Yara Rule

APIs

InterlockedExchange.KERNEL32(004808E8,00000001), ref: 004380C8
InitializeCriticalSection.KERNEL32(004808D0,?,?,?,00422D81), ref: 004380D3
EnterCriticalSection.KERNEL32(004808D0,?,?,?,0042CB90,?,?,00470638,?,?,?,00422D81), ref: 00438112

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: CriticalSection$EnterExchangeInitializeInterlocked
String ID:
API String ID: 3643093385-0
Opcode ID: d66494a0eb13fe10eba1f62d4e9df0684cb66f902e58c6fc4cb43092a07d42e0
Instruction ID: c9d80109e13dfd4b469843542c2470c3f20b05a7db7b7469771456da1fb489db
Opcode Fuzzy Hash: d66494a0eb13fe10eba1f62d4e9df0684cb66f902e58c6fc4cb43092a07d42e0
Instruction Fuzzy Hash: 7CF04930B80300D7D9A0B7546C85A1F73A4EB48351F20243FF504E0102CD6848C9679D

Function 00435EB1 Relevance: 6.0, APIs: 4, Instructions: 43threadwindowCOMMON

Download Yara Rule

APIs

Part of subcall function 00435E57: GetSysColor.USER32(00000004), ref: 00435E70
Part of subcall function 00435E57: CreateSolidBrush.GDI32(00202020), ref: 00435E79

GetCurrentThreadId.KERNEL32 ref: 00435EC8
SetWindowsHookExW.USER32(000000FF,0043607A,00000000,00000000), ref: 00435ED9
TrackPopupMenuEx.USER32(00000001,?,?,?,?,00000000), ref: 00435EFB

Part of subcall function 00435BC2: SendMessageW.USER32(?,00000403,?,?), ref: 00435BDA

UnhookWindowsHookEx.USER32(?), ref: 00435F17

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: HookWindows$BrushColorCreateCurrentMenuMessagePopupSendSolidThreadTrackUnhook
String ID:
API String ID: 848778860-0
Opcode ID: 1d873a512fcda4e245097d57ed7911f59a8c40b2c60a321dac30504288063662
Instruction ID: cf64ac5a47d6376922e15437f2d7f2f83126d17ed40067883966b7e05527ed14
Opcode Fuzzy Hash: 1d873a512fcda4e245097d57ed7911f59a8c40b2c60a321dac30504288063662
Instruction Fuzzy Hash: 81015672100204BFEBA25F56EC8985ABFF9EFA8720B10552EF41992270C7B568909F58

Function 00421728 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51windowCOMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 0042172D
SendMessageW.USER32(?,00000440,?,00000000), ref: 00421798

Strings

4AD, xrefs: 00421739

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: H_prologMessageSend
String ID: 4AD
API String ID: 2337391251-1156607891
Opcode ID: 7c7efd9a41c4564eb31d483a36773584485011917f6f380ef5ccd48d1d8448ba
Instruction ID: 733a4daa048f09d878c84373d9e27e6e514a652ddd9bfd7e8f13655adea388da
Opcode Fuzzy Hash: 7c7efd9a41c4564eb31d483a36773584485011917f6f380ef5ccd48d1d8448ba
Instruction Fuzzy Hash: 06116A72D14248EBDB10DFA9D845BDEFBB8BF54318F10816AE251B71D0C7B85648CBA8

Function 004353F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON

Download Yara Rule

APIs

SHGetFileInfoW.SHELL32(C:\,00000000,00004001,000002B4,00004001), ref: 00435438
SHGetFileInfoW.SHELL32(C:\,00000000,?,000002B4,00004000), ref: 0043544B

Strings

C:\, xrefs: 00435431, 00435437, 0043544A

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: FileInfo
String ID: C:\
API String ID: 4041567068-3404278061
Opcode ID: 01dc84b88e69e622cc95e543275c728969252cc4be772f7a86a4fbfaad203ff7
Instruction ID: 1c494cc5095be1daaf244086f18a01e1dbc19f33f732a340317776a5c34a2c14
Opcode Fuzzy Hash: 01dc84b88e69e622cc95e543275c728969252cc4be772f7a86a4fbfaad203ff7
Instruction Fuzzy Hash: 99F012B25007046FF324DA15FD80B67B7DCEBC5704F41883AB650A7291D7B569088B6A

Function 00424FEE Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00425052: wsprintfW.USER32 ref: 00425084

Part of subcall function 00424F77: lstrcatW.KERNEL32(?,00000000,?,00425030,?,?,?,?,?,76AA5540), ref: 00424FE3

lstrcatW.KERNEL32(?, + ,?,?,?,76AA5540), ref: 0042503F
lstrcatW.KERNEL32(?,?,?,?,?,76AA5540), ref: 00425049

Strings

+ , xrefs: 00425039

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: lstrcat$wsprintf
String ID: +
API String ID: 3128662910-2316452435
Opcode ID: 9d691adb5465460d9d67230d8dad96486cfee40a2408d7953968010c8d6e6f81
Instruction ID: 31f09c5765a734f01087b9e08a0d40a2a40db7a6571c408345fa732e7d9f4246
Opcode Fuzzy Hash: 9d691adb5465460d9d67230d8dad96486cfee40a2408d7953968010c8d6e6f81
Instruction Fuzzy Hash: 72F090339002196BEB10AB55EC85FAA3BB9FB84710F0040A6F918A6152E375AA55CF95

Function 00435E57 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35COMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000004), ref: 00435E70
CreateSolidBrush.GDI32(00202020), ref: 00435E79

Strings

, xrefs: 00435E5E

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: BrushColorCreateSolid
String ID:
API String ID: 2798526982-1776720792
Opcode ID: aaca61e81d3d844478bb37b696ac1b44aa490725bc7ce6fe2d2d7237d7cd6fc2
Instruction ID: 3dd9d888673b6d09164eca94f326f92a682deda0ecca37f3c94d09e4dc8b9edb
Opcode Fuzzy Hash: aaca61e81d3d844478bb37b696ac1b44aa490725bc7ce6fe2d2d7237d7cd6fc2
Instruction Fuzzy Hash: C8F08973904205AFEF04AFA4E846BEF7BB9DB54314F10402AEE00F7286D67555054BE9

Function 0041F7D3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 33windowCOMMON

Download Yara Rule

APIs

MessageBoxW.USER32(?,00000000,00000000,00000040), ref: 0041F80C
ShowWindow.USER32(?,00000000,?,?,0041F968,C4835751), ref: 0041F817

Strings

hide_info, xrefs: 0041F7D5, 0041F7DE, 0041F7EC

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: MessageShowWindow
String ID: hide_info
API String ID: 1109058218-3109604556
Opcode ID: b9230161a3779dda53718df8cb150e70b502c5954e8802a94d92c968c098faf2
Instruction ID: 670fa4bd13f936933ccb9705c5f427323db3bd5e0f271bb626fa3a6f08ccd94f
Opcode Fuzzy Hash: b9230161a3779dda53718df8cb150e70b502c5954e8802a94d92c968c098faf2
Instruction Fuzzy Hash: BAE0E5312002103AFA213226BC67F6B25599BD0B64F00803FF6047A1D2CFA99846811C

Function 00427FB8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

__EH_prolog.LIBCMT ref: 00427FBD

Part of subcall function 00428006: __EH_prolog.LIBCMT ref: 0042800B
Part of subcall function 00428006: GetWindowRect.USER32(?,?), ref: 00428025
Part of subcall function 00428006: GetWindowPlacement.USER32(?,?), ref: 00428056
Part of subcall function 00428006: CopyRect.USER32(?,?), ref: 00428068
Part of subcall function 00428006: GetWindowRect.USER32(00000000,?), ref: 0042807B

Strings

4AD, xrefs: 00427FC3
WinRC, xrefs: 00427FE6

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: RectWindow$H_prolog$CopyPlacement
String ID: 4AD$WinRC
API String ID: 384457727-3046519757
Opcode ID: d584f39abd0066c7d0c7e6084122aa754c3476f513a26c518f2ddf577feac939
Instruction ID: 9e81357f82514438959cc7da28018d79f5230014129dd3606e7822f21274c685
Opcode Fuzzy Hash: d584f39abd0066c7d0c7e6084122aa754c3476f513a26c518f2ddf577feac939
Instruction Fuzzy Hash: 1FE03971914219AADB14EB90E802BEDB7B8FB44308F10446EA422A21C2DB789A488A18

Function 004354E9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(shell32,004212C7,0000000E), ref: 004354F7
LoadIconW.USER32(?,0000000E), ref: 0043550D

Strings

shell32, xrefs: 004354F2

Memory Dump Source

Source File: 00000000.00000002.2540264393.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2540235598.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540424753.000000000043C000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540453302.0000000000444000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000481000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540493998.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540536213.000000000049E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540577383.00000000004F9000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540598914.00000000004FC000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540618644.0000000000505000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540641028.0000000000508000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540722707.0000000000510000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540747051.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540768855.000000000051B000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540822828.0000000000520000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540856505.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2540919752.0000000000551000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_QuickTextPaste (2).jbxd

Similarity

API ID: HandleIconLoadModule
String ID: shell32
API String ID: 3495291681-4179111565
Opcode ID: 03b9c54a1b8e5c80b5bd845499610cc0e2a2e66cb0a35801c504cfa6e16a83cf
Instruction ID: e6696932341dcb94caecbd5586413caec97c01d6295ff654805490fc0b1eae49
Opcode Fuzzy Hash: 03b9c54a1b8e5c80b5bd845499610cc0e2a2e66cb0a35801c504cfa6e16a83cf
Instruction Fuzzy Hash: 49D05B702205006A67D05F209C4862736D89A04701B10343EB005C2154E734E944FF1C

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically may require being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, Container: Container Creation, File: File Creation, File: File Modification, Process: Process Creation, Scheduled Job: Scheduled Job Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report QuickTextPaste (2).exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\Pictures\DesktopInfo\Bin\DesktopInfo.exe

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

Statistics

CPU Usage

Windows Analysis Report
QuickTextPaste (2).exe

Function 00416231 Relevance: 26.6, APIs: 1, Strings: 14, Instructions: 345
nativeCOMMON

Function 0041E397 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 188
COMMON

Function 00406EBE Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 404
memoryCOMMON

Function 00407639 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 266
memoryCOMMON

Function 0040745E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 238
COMMON

Function 0041616C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 235
nativeCOMMON

Function 00407801 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 206
memoryCOMMON

Function 004072C9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 204
memoryCOMMON

Function 004074DD Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 194
memoryCOMMON

Function 0040759C Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 224
COMMON

Function 004074AA Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 213
COMMON

Function 0041F108 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 158
COMMON

Function 00407613 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 140
memoryCOMMON

Function 00407444 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 133
memoryCOMMON

Function 0040769B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 131
memoryCOMMON